Parse Microsoft Dns Debug Logs

I am looking to parse Microsoft DNS debugging log responses. The idea is to parse the domains and print a list of the number each domain occurs in the debug log. Typically I would

Solution 1:

Perhaps something like this? I'm no expert at regular expressions, but this should get the job done as I understand the format you're parsing.

#!/usr/bin/env pythonimport re

ret = {}

withopen('log','r') as theFile:
    for line in theFile:
        match = re.search(r'Q \[.+\].+\(\d+\)([^\(]+)\(\d+\)([^\(]+)',line.strip())
        if match != None:
            key = ' '.join(match.groups())
            if key notin ret.keys():
                ret[key] = 1else:
                ret[key] += 1for k in ret.keys():
    print'%s %d' % (k,ret[k])

Solution 2:

How about this, a bit of a brute force:

>>>from collections import Counter>>>withopen('t.txt') as f:...    c = Counter('.'.join(re.findall(r'(\w+\(\d+\))',line.split()[-1])[-2:]) for line in f)...>>>for domain, count in c.most_common():...print domain,count... 
domain(3).com(0) 3
domain(3).net(0) 1

Solution 3:

It doesn't quite meet the output you asked for, but would this work for you?

dns = [line.strip().split()[-1] for line in file(r"path\to\file").readlines() if"PACKET"in line]
domains = {}
for d in dns:
    ifnot domains.has_key(d):
        domains[d] = 1else:
        domains[d] += 1for k, v in domains.iteritems():
    print"%s %d" % (k, v)