0917_SAD

说是要做，也不知道是什么，照着需求分析写了一版，先扔上来吧，最近忙成傻子了。

'需求分析:'登陆9.181.2.111  用户名：caof 密码：Gs1l2hab'cd 到 /var/GSNIlogs/ir-syslog01/logs'然后more var:log:messages.2015-8-28-4:0 | egrep "710003|710005|710006|1060[0-9][0-9]|109006|109008|109013|109023|109024|109025|304002|308001|605004|611102"'再多加一个过滤,只要抓主机名里有H7U和SNITKO的就可以了'样例:'Aug 27 04:14:10 146.89.224.11 Aug 27 2015 05:19:41 SNIHKTKOPFa : %ASA-3-710005: TCP request discarded from 122.10.102.48/36810 to ipsec_tun:118.140.225.156/22 'Aug 27 04:14:15 158.98.118.157 Aug 27 2015 04:35:57: %ASA-6-106021: Deny UDP reverse path check from 158.98.118.131 to 158.98.118.159 on interface SR '打包成Alert对象Class AlertPublic infoPublic ipPublic countEnd Class'预处理dim alerts(1000)dim alertcalertc = 0num = "710003|710005|710006|109006|109008|109013|109023|109024|109025|304002|308001|605004|611102"numSplit = Split(num, "|")username = inputbox("Please input your username:", "Username")password = inputbox("Please input your password:", "Password")host = inputbox("Please input your Host IP:", "Host IP")Sub Main'连接操作'SSH登录crt.Session.connectInTab("/SSH2 /L " & username & " /PASSWORD " & password & " " & host)'发送指令crt.screen.send "more var:log:messages.2015-8-28-4:0 | egrep " & Chr(34) & "710003|710005|710006|1060[0-9][0-9]|109006|109008|109013|109023|109024|109025|304002|308001|605004|611102" & Chr(34)'more处理do while true'读取满屏内容screenrow = crt.screen.CurrentRow - 1For counter = 1 To screenrowreadline = crt.get(counter, 1, counter, 80)if Instr(readline, "H7U") or Instr(readline, "SNITKO") thenreadlineSplit = Split(readline, " ")'对单行readline串进行字符串操作'==================================================='判断是否和任何num相同，分为两部分'1flag = falseFor i = 0 To UBound(numSplit)-LBound(numSplit)numSet = Instr(readline, numSplit(i))if numSet > 0 thenreadlineNum = len(readline)readlineInfo = mid(readline, numSet, readlineNum)'比较已有信息中是否包括readinfofor j = 0 to alertc-1if alerts(j).info = readlineInfo thenif alerts(j).ip = readlineSplit(3) thenalerts(j).count = alerts(j).count + 1flag = trueend ifend ifnextif flag = true thenexit forend ifend ifnext'2if flag = false thenFor i = 10600 To 10699numSet = Instr(readline, i)if numSet > 0 thenreadlineNum = len(readline)readlineInfo = mid(readline, numSet, readlineNum)'比较已有信息中是否包括readinfofor j = 0 to alertc-1if alerts(j).info = readlineInfo thenif alerts(j).ip = readlineSplit(3) thenalerts(j).count = alerts(j).count + 1flag = trueexit forend ifend ifnextif flag = true thenexit forend ifend ifnextend if'如果都没有找到，那么新建一个if flag = false thenalerts(alertc) = new Alertalerts(alertc).count = 1alerts(alertc).info = readlineInfoalerts(alertc).ip = readlineSplit(3)alertc = alertc + 1end if'===================================================end ifnext'moreif crt.screen.WaitForString ("More", 5) thencrt.screen.send chr(13)elseexit do'退出循环end ifloopSet fso = CreateObject("Scripting.FileSystemObject") Set finalResult = fso.OpenTextFile("result.csv", 2)for i = 0 to alertc-1 finalResult.writeline alerts(i).ip & " " & alerts(i).info & " " & alerts(i).countnext'断开连接crt.session.disconnect'crt.quitEnd Sub