A FastAPI-powered log analyzer that detects brute force attacks from server logs.
- Reads server log files (Apache/Nginx format)
- Detects IPs with multiple failed login attempts (401/403)
- Identifies brute force attacks automatically
- Returns threat level (HIGH/LOW)
- REST API endpoint via FastAPI
- Python 3.12
- FastAPI
- Uvicorn
- Collections (Counter)
- Regex (re module)
pip install fastapi uvicorn python analyzer.py
- GET /analyze → Analyze logs and return threat report
{ "total_logs": 10, "suspicious_ips": { "192.168.1.50": 6, "192.168.1.75": 3 }, "threat_level": "HIGH" }
SOC analysts use log analysis to detect:
- Brute force attacks
- Unauthorized access attempts
- Suspicious IP addresses
Corazonpirate27