molu8bits
Graph error
When I execute py via Pycharm terminal, I receive error with graph exporting.
Comman I use is this:
.\modsecurity-parser.py -f modsec_audit.log -g mypicture
Errors are in attached screenshot.
How to resolve that issues?
Thank you!
Make sure you use appropriate parameters for your log (e.g. json format of modsecurity version).
You can try to run on smaller subset of log. E.g. limit modsec_audit.log to first 2-5 log entries. If the error is the same with smaller log file then anonymize the log (e.g replace IP address/domain name) and send it to me. Add also information about your modsecurity version and arguments you passed to the parser.
Thank you for your reply!
I tried to limit my modsec_audit.log - did not help. I have the same errors. I use the PyCharm terminal on Windows 10. If I write: .\modsecurity-parser.py -f modsec_audit6.log --> it generates a .json file in the modsec_output folder. That is OK. If I write: .\modsecurity-parser.py -f modsec_audit6.log -g picture --> gives the same errors like in a screenshot which I sent. I want to generate a picture of modsec audit.
Mod Security version: 2.9.5-1 Log file is attached.
Thank you very much in advance!
пт, 19 авг. 2022 г. в 13:24, Lucjan M @.***>:
Make sure you use appropriate parameters for your log (e.g. json format of modsecurity version).
You can try to run on smaller subset of log. E.g. limit modsec_audit.log to first 2-5 log entries. If the error is the same with smaller log file then anonymize the log (e.g replace IP address/domain name) and send it to me. Add also information about your modsecurity version and arguments you passed to the parser.
— Reply to this email directly, view it on GitHub https://github.com/molu8bits/modsecurity-parser/issues/18#issuecomment-1220393658, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZLEW6C46TH75G3IXMCVD43VZ5ADBANCNFSM56PI5Y2A . You are receiving this because you authored the thread.Message ID: @.***>
Sorry for late reply but I haven't got any file and thought that problem was connected with the file.
I noticed that you used incorrect parameters.
Please use the following command with params:
python ./modsecurity-parser.py -f modsec_audit.log
When file is processed without errors then it should create a subfolder named "modsec_output". Inside of it there are 3 files:
- *.png with graph you look for
- *.xlsx file (second sheet also should have this graph
- *.json output
Please be noticed also that packages must be installed first with "pip install -r requirements.txt" . Please clone the latest commit as I've just updated it with the set of packages that should work with modsecurity-parser (they are quite old and were grabbed from Ubuntu18 but its possible to install them also with default python installation inside Ubuntu 20).
Hello, thanks for reply. This time I tried it on Linux Ubuntu 20.04. Same error:
python3 ./modsecurity-parser.py -f modsec_audit.log
inputFileName : modsec_audit.log
---------- modsec_audit events processed: 294 ----------
---------- modsec_audit events skipped by INCLUDED/EXCLUDED options or INVALID : 0 ----------
Traceback (most recent call last):
File "./modsecurity-parser.py", line 689, in <module>
outputWithGraphs = modsecViewGraphs(modsec_entries)
File "./modsecurity-parser.py", line 360, in modsecViewGraphs
event_times = list(map(lambda x: datetime.strptime(x.replace('--','-'), LOG_TIMESTAMP_FORMAT).replace(tzinfo=None), event_times1))
File "./modsecurity-parser.py", line 360, in <lambda>
event_times = list(map(lambda x: datetime.strptime(x.replace('--','-'), LOG_TIMESTAMP_FORMAT).replace(tzinfo=None), event_times1))
File "/usr/lib/python3.8/_strptime.py", line 568, in _strptime_datetime
tt, fraction, gmtoff_fraction = _strptime(data_string, format)
File "/usr/lib/python3.8/_strptime.py", line 349, in _strptime
raise ValueError("time data %r does not match format %r" %
ValueError: time data '13/Aug/2022:00:06:11.341644 +0000' does not match format '%d/%b/%Y:%H:%M:%S %z'
root@nginks:/home/user15/modsecurity-parser#
Hello, thanks for reply. This time I tried it on Linux Ubuntu 20.04. Same error:
python3 ./modsecurity-parser.py -f modsec_audit.log
inputFileName : modsec_audit.log
---------- modsec_audit events processed: 294 ----------
---------- modsec_audit events skipped by INCLUDED/EXCLUDED options or
INVALID : 0 ----------
Traceback (most recent call last):
File "./modsecurity-parser.py", line 689, in
пн, 5 сент. 2022 г. в 01:04, Lucjan M @.***>:
Sorry for late reply but I haven't got any file and thought that problem was connected with the file. I noticed that you used incorrect parameters. Please use the following command with params: python ./modsecurity-parser.py -f modsec_audit.log When file is processed without errors then it should create a subfolder named "modsec_output". Inside of it there are 3 files:
- *.png with graph you look for
- *.xlsx file (second sheet also should have this graph
- *.json output
Please be noticed also that packages must be installed first with "pip install -r requirements.txt" . Please clone the latest commit as I've just updated it with the set of packages that should work with modsecurity-parser (they are quite old and were grabbed from Ubuntu18 but its possible to install them also with default python installation inside Ubuntu 20).
— Reply to this email directly, view it on GitHub https://github.com/molu8bits/modsecurity-parser/issues/18#issuecomment-1236406190, or unsubscribe https://github.com/notifications/unsubscribe-auth/AZLEW6F62HAB35RZ3W4LYJTV4T6EFANCNFSM56PI5Y2A . You are receiving this because you authored the thread.Message ID: @.***>
Ahh, haven't noticed ValuError before.
Try to replace line from modsecurity_parser.py from:
LOG_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S %z'
to following one:
LOG_TIMESTAMP_FORMAT = '%d/%b/%Y:%H:%M:%S.%f %z'
Thank you very much! Issue has been resolved! After editing LOG_TIMESTAMP_FORMAT as you mentioned above, now it is working. Thank you again!