### Import necessary modules

In [3]:
import re
from collections import Counter
import csv

### Parsing the Log file


In [7]:
log_file = "sample.log"

with open(log_file, "r") as file:
    logs = file.readlines()

log_pattern = r'(?P<ip>\S+) - - \[.*\] "(?P<method>\S+) (?P<path>\S+) \S+" (?P<status>\d+) .*'
parsed_logs = []
for log in logs:
    match = re.match(log_pattern, log)
    if match:
        parsed_logs.append(match.groupdict())

print(parsed_logs)

[{'ip': '192.168.1.1', 'method': 'GET', 'path': '/home', 'status': '200'}, {'ip': '203.0.113.5', 'method': 'POST', 'path': '/login', 'status': '401'}, {'ip': '10.0.0.2', 'method': 'GET', 'path': '/about', 'status': '200'}, {'ip': '192.168.1.1', 'method': 'GET', 'path': '/contact', 'status': '200'}, {'ip': '198.51.100.23', 'method': 'POST', 'path': '/register', 'status': '200'}, {'ip': '203.0.113.5', 'method': 'POST', 'path': '/login', 'status': '401'}, {'ip': '192.168.1.100', 'method': 'POST', 'path': '/login', 'status': '401'}, {'ip': '10.0.0.2', 'method': 'GET', 'path': '/dashboard', 'status': '200'}, {'ip': '198.51.100.23', 'method': 'GET', 'path': '/about', 'status': '200'}, {'ip': '192.168.1.1', 'method': 'GET', 'path': '/dashboard', 'status': '200'}, {'ip': '203.0.113.5', 'method': 'POST', 'path': '/login', 'status': '401'}, {'ip': '203.0.113.5', 'method': 'POST', 'path': '/login', 'status': '401'}, {'ip': '192.168.1.100', 'method': 'POST', 'path': '/login', 'status': '401'}, {'i

### Performaing the log analysis and writing the results to the csv file

In [None]:

output_file = "log_analysis_results.csv"
threshold = 10

ip_counts = Counter(log['ip'] for log in parsed_logs)
endpoint_counts = Counter(log['path'] for log in parsed_logs)
failed_logins = [log['ip'] for log in parsed_logs if log['status'] == '401']
failed_login_counts = Counter(failed_logins)

with open(output_file, "w", newline='') as csvfile:
    writer = csv.writer(csvfile)

    writer.writerow(["Requests per IP"])
    writer.writerow(["IP Address", "Request Count"])
    writer.writerows(ip_counts.most_common())

    writer.writerow([])
    writer.writerow(["Most Accessed Endpoint"])
    writer.writerow(["Endpoint", "Access Count"])
    writer.writerow(endpoint_counts.most_common(1)[0])

    writer.writerow([])
    writer.writerow(["Suspicious Activity"])
    writer.writerow(["IP Address", "Failed Login Count"])
    writer.writerows([ip for ip in failed_login_counts.items() if ip[1] > threshold])

print("\nRequests per IP:")
print(f"{'IP Address':<20} {'Request Count'}")
for ip, count in ip_counts.most_common():
    print(f"{ip:<20} {count}")

print("\nMost Frequently Accessed Endpoint:")
most_accessed = endpoint_counts.most_common(1)[0]
print(f"{most_accessed[0]} (Accessed {most_accessed[1]} times)")

print("\nSuspicious Activity Detected:")
print(f"{'IP Address':<20} {'Failed Login Attempts'}")
for ip, count in failed_login_counts.items():
    if count > threshold:
        print(f"{ip:<20} {count}")



Requests per IP:
IP Address           Request Count
203.0.113.5          8
198.51.100.23        8
192.168.1.1          7
10.0.0.2             6
192.168.1.100        5

Most Frequently Accessed Endpoint:
/login (Accessed 13 times)

Suspicious Activity Detected:
IP Address           Failed Login Attempts
