试试这个解决方案，我用问题中的示例输入进行了测试，效果很好：

import re
from collections import defaultdict
pattern = re.compile(r'(\w{3}\s+\d{1,2}).+Failed password for .+? from (\S+)')

def attack_dict(myfile):
    attacks = defaultdict(lambda: defaultdict(int))
    for line in myfile:
        found = pattern.match(line)
        if found:
            date, ip = found.groups()
            attacks[date][ip] += 1
    return attacks

def report(myfile):
    for date, ips in attack_dict(myfile).iteritems():
        print '{0} has {1} attacks'.format(date, sum(ips.itervalues()))
        for ip, n in ips.iteritems():
            print '\t{0} has {1} attacks'.format(ip, n)

这样运行：

Waning:未测试的代码。在

attacks = {}

# count the attacks
for line in file:
    if 'Failed password for' in line:
        date = re.match(line, '^(\w{3}\b\d{1,2})\b').group(1)
        attacks_date = attacks.get(date, {})
        ip = re.match(line, '\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b').group(1)
        attacks_date[ip] = 1 + attacks_date.get(ip, 0)
        attacks[date] = attacks_date

# output results
for item in attacks.items():
    date, attacks_date = item
    print date, 'has', attacks_date.values().sum(), 'attacks'
    for attack_item in attacks_date.items():
        ip, n = attack_item
        print ip, 'has', n, 'attacks'

我看到两个问题。1） 您按天、按IP和按端口对攻击进行计数，所有这些都是分开的；来自给定IP的攻击与攻击日期之间没有关联。2） 迭代字典中的项，如您在中所做的那样

resulting = dict(desc_date.items() + desc_ip.items())
for result in resulting:
    print result,' has', resulting[result] , ' attacks'

将以基本上随机的顺序给出攻击的累积数量，按日期自由混合攻击和IP攻击。你看到的事实

…然后

218.241.173.35 has 15 attacks
72.153.93.203 has 14 attacks
213.251.192.26 has 13 attacks
66.30.90.148 has 14 attacks

……并不意味着IP攻击发生在2月8日。在

来自218.241.173.35的15次攻击表示在日志文件所涵盖的整个时间段内来自该IP的攻击总数。这是偶然的，218.241.173.35的线出现在2月8日之后，而不是在其他日期之前或之后。在