Simple Log Analyzer (Python)
A concise, real-time Python script designed to read a local log file (logs.txt) and identify critical security anomalies, including brute-force attacks and system failures.
Key Features
Brute-Force Detection: Automatically flags any IP address that records 3 or more authentication failures (AUTH_FAIL) within a 60-second window.
Anomaly Grouping: Reports all critical events (AUTH_FAIL, SYSTEM_ERROR, etc.), grouped by the source IP address for quick security investigation.
Clear Reporting: Provides a summary of total anomalies and a detailed, sorted report of suspicious IP activity.
Self-Contained: Uses only standard Python libraries (collections, datetime, sys).
Prerequisites
Python 3.x
How to Run
Save Files: Place log_analyzer.py and your log data file, named logs.txt, in the same directory.
Execute: Open your terminal or command prompt in that directory and run the script:
python log_analyzer.py
Log Format
The script is designed to parse log entries that follow this space-separated structure, one per line:
[YYYY-MM-DD] [HH:MM:SS] [IP_ADDRESS] [EVENT_TYPE] [EVENT_STATUS] [MESSAGE]
Example Entry:
2025-10-23 14:00:15 192.168.1.10 AUTH_FAIL User not found for "admin"
Example Output
The output will clearly tag potential threats:
--- Analysis Summary --- Total Valid Entries Processed: 12 Total Anomalies Found (FAIL/ERROR/Denied): 6
--- IP Threat Report (Anomalies Grouped) ---
-> 2025-10-23 14:22:01 | Event: AUTH_FAIL | Message: Password attempt 1 failed for "target" -> 2025-10-23 14:22:45 | Event: AUTH_FAIL | Message: Password attempt 2 failed for "target" -> 2025-10-23 14:23:00 | Event: AUTH_FAIL | Message: Password attempt 3 failed for "target"
-> 2025-10-23 14:00:15 | Event: AUTH_FAIL | Message: User not found for "admin" -> 2025-10-23 14:12:05 | Event: AUTH_FAIL | Message: Invalid security token -> 2025-10-23 14:18:10 | Event: AUTH_DENIED | Message: Access denied by firewall rule 401
-> 2025-10-23 14:15:30 | Event: SYSTEM_ERROR | Message: Disk Full