Log File Analysis
1. Select or Generate Log Files

In [2]:
%pip install pandas

Defaulting to user installation because normal site-packages is not writeable
Note: you may need to restart the kernel to use updated packages.


2. Read and Parse the Log Files

In [3]:
import pandas as pd

url = 'Windows_2k.log_structured.csv'
logs = pd.read_csv(url)
print(logs)

      LineId        Date      Time Level Component  \
0          1  2016-09-28  04:30:30  Info       CBS   
1          2  2016-09-28  04:30:31  Info       CSI   
2          3  2016-09-28  04:30:31  Info       CSI   
3          4  2016-09-28  04:30:31  Info       CSI   
4          5  2016-09-28  04:30:31  Info       CBS   
...      ...         ...       ...   ...       ...   
1995    1996  2016-09-29  02:04:40  Info       CBS   
1996    1997  2016-09-29  02:04:40  Info       CBS   
1997    1998  2016-09-29  02:04:40  Info       CBS   
1998    1999  2016-09-29  02:04:40  Info       CBS   
1999    2000  2016-09-29  02:04:40  Info       CBS   

                                                Content EventId  \
0     Loaded Servicing Stack v6.1.7601.23505 with Co...     E23   
1     00000001@2016/9/27:20:30:31.455 WcpInitialize ...     E13   
2     00000002@2016/9/27:20:30:31.458 WcpInitialize ...     E13   
3     00000003@2016/9/27:20:30:31.458 WcpInitialize ...     E13   
4               

3. Filter relevant data

In [None]:
sus_logs =  logs[logs['Content'].str.contains('Warning') | 
                        logs['Content'].str.contains('Fail')]

print(sus_logs)

      LineId        Date      Time Level Component  \
13        14  2016-09-28  04:30:31  Info       CBS   
25        26  2016-09-28  04:30:31  Info       CBS   
28        29  2016-09-28  04:30:31  Info       CBS   
31        32  2016-09-28  04:30:31  Info       CBS   
34        35  2016-09-28  04:30:31  Info       CBS   
...      ...         ...       ...   ...       ...   
1410    1411  2016-09-29  02:03:48  Info       CBS   
1413    1414  2016-09-29  02:03:48  Info       CBS   
1416    1417  2016-09-29  02:03:48  Info       CBS   
1419    1420  2016-09-29  02:03:48  Info       CBS   
1422    1423  2016-09-29  02:03:48  Info       CBS   

                                                Content EventId  \
...                                                 ...     ...   

                                          EventTemplate  
...                                                 ...  

[282 rows x 8 columns]


4. Generate a summary report

In [9]:
sum_report = open('summary_report.txt', 'w')
sum_report.write(f"Total suspicious logs found: {len(sus_logs)}\n")
for log in sus_logs:
    sum_report.write(log + '\n')

sum_report = open('summary_report.txt', 'r')
report = sum_report.read()
print(report)

Total suspicious logs found: 282
LineId
Date
Time
Level
Component
Content
EventId
EventTemplate



System performance monitoring
1. Install psutil library

2. Collect system metrics

In [None]:
import psutil
#get CPU usage
cpu_usage = psutil.cpu_percent(interval=1)
print(f"CPU Usage: {cpu_usage}%")

#get memory usage
memory_info = psutil.virtual_memory()
print(f"Memory Usage: {memory_info.percent}%")

3. Log the performance data

In [None]:
f = open('performance_log.txt','a')
f.write(f"CPU: {cpu_usage}%, Memory: {memory_info.percent}%\n")

4. Generate alerts for high usage

In [None]:
if cpu_usage > 90:
    print("ALERT: High CPU usage detected!")

Alert generation
1. Define the event to monitor

2. Send alerts via email

In [None]:
import smtplib
from email.message import EmailMessage

def send_alert(subject, body):
    msg = EmailMessage()
    msg.set_content(body)
    msg['Subject'] = subject
    msg['From'] = 'dfurey2@gmu.edu'
    msg['To'] = 'dillon.furey@gmail.com'
    with smtplib.SMTP_SSL('smtp.gmail.com', 465) as smtp:
    smtp.login('dfurey2@gmu.edu', 'temp_password')
    smtp.send_message(msg)

if cpu_usage > 90:
    send_alert('High CPU Usage Alert', f'CPU Usage is {cpu_usage}%')

3. Log alerts

Automate routine security checks
1. Install and use nmap for vulnerability scanning

In [None]:
import subprocess

def run_nmap(target):
    result = subprocess.run(['nmap', '-sV', target], capture_output=True, text=True)
    print(result.stdout)

run_nmap('127.0.0.1') #Scan localhost

2. Monitor network traffic with scapy

In [None]:
from scapy.all import *
def monitor_packets(pkt)
    if pkt.haslayer(TCP) and pkt.haslayer(IP):
        print(f"Source IP: {pkt[IP].src}, Destination IP: {pkt[IP].dst}")

sniff(prn=monitor_packets, count = 10) #capturing 10 packets