In [9]:
import re
import csv
from collections import defaultdict

def count_requests_per_ip(log_file):# Function to parse the log file and count requests per IP
    ipCounts = defaultdict(int)
    with open(log_file, 'r') as file:
        for line in file:
            ip = re.search(r'\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b', line)
            if ip:
                ipCounts[ip.group()] += 1
    return sorted(ipCounts.items(), key=lambda x: x[1], reverse=True)

def most_accessed_endpoint(log_file): # Function to identify the most frequently accessed endpoint
    endpointCounts = defaultdict(int)
    with open(log_file, 'r') as file:
        for line in file:
            endpoint = re.search(r'\"(?:GET|POST) (\/[^\s]*)', line)
            if endpoint:
                endpointCounts[endpoint.group(1)] += 1
    mostAccessed = max(endpointCounts.items(), key=lambda x: x[1])
    return most_accessed

def detect_suspicious_activity(log_file, threshold=10): # Function to detect suspicious activity
    failedAttempts = defaultdict(int)
    with open(log_file, 'r') as file:
        for line in file:
            if "401" in line or "Invalid credentials" in line:
                ip = re.search(r'\b(?:[0-9]{1,3}\.){3}[0-9]{1,3}\b', line)
                if ip:
                    failedAttempts[ip.group()] += 1
    return [(ip, count) for ip, count in failedAttempts.items() if count > threshold]

def save_to_csv(ipRequests, mostAccessed, suspiciousActivities, outputFile='log_analysis_re.csv'): # Function to save results to CSV
    with open(outputFile, 'w', newline='') as csvfile:
        writer = csv.writer(csvfile)
        
        writer.writerow(["Requests per IP"])
        writer.writerow(["IP Address", "Request Count"])
        writer.writerows(ipRequests)
        
        writer.writerow([])
        writer.writerow(["Most Accessed Endpoint"])
        writer.writerow(["Endpoint", "Access Count"])
        writer.writerow(mostAccessed)
        
        writer.writerow([])
        writer.writerow(["Suspicious Activity"])
        writer.writerow(["IP Address", "Failed Login Count"])
        writer.writerows(suspiciousActivities)

# Main execution
if __name__ == '__main__':
    log_file = 'sample.log'


    
    ipAequests = count_requests_per_ip(log_file)
    mostAccessed = most_accessed_endpoint(log_file)
    suspiciousActivities = detect_suspicious_activity(log_file)
    
    save_to_csv(ipRequests, mostAccessed, suspiciousActivities)
    
    print("Results have been saved to log_analysis_results.csv.")


Results have been saved to log_analysis_results.csv.
