# Tasca 7 : Transformació Registre Log amb Regular expressions



In [3]:
import re
import pandas as pd
import csv
import ipinfo #llibreria per geolocalitzar IPs (https://ipinfo.io/)

## Nivell 1

### Exercici 1

Normalitza, identifica i enumera cada un dels atributs / variables de l'estructura de l'arxiu "Web_access_log-akumenius.com" que trobaràs al repositori de GitHub "Data-sources".



Els atributs que componen el registre "Web_access_log-akumenius.com" son:

^(HOSTNAME) (IP.ADRESS) - - [(DATETIME)] "(REQUEST URL PROTOCOL)" (RESPONSE) (RESP_CODE) "-" "(BROWSER)" VLOG=-$

Nivell 2

### Exercici 2

Neteja, preprocesa, estructura i transforma (dataframe) les dades del registre d'Accés a la web.



In [4]:
# Generem un diccionari amb els camps definits a l'apartat anterior
columns = { "HOSTNAME":[],
        "IPADRESS":[],
        "DATETIME":[],
        "REQUEST":[],
        "RESPONSE":[],
        "RESP_CODE":[],
        "RESP_FILE":[],
        "BROWSER":[]}
regex_exp = r'^(.*) (.*) (?:-|.) (?:-|.*) \[(.*)\] "(.*)" (\d+) (\d*|-) "(.*)" "(.*)" VLOG=-$'

In [5]:
# Obrim el fitxer txt amb els registres
with open("./db/Web_access_log-akumenius.com.txt", "r", encoding='utf-8') as log:
    #Iterem sobre els registres per afegir els camps al diccionari
    # n=0
    for register in log: 
        result = re.search(regex_exp,register)
        # print(n, result) 
        # n += 1 # esta variable cuenta las lineas para ver donde me saltaba el error del codigo REGEX y poder testearlo
        columns["HOSTNAME"].append(result[1])
        columns["IPADRESS"].append(result[2])
        columns["DATETIME"].append(result[3])
        columns["REQUEST"].append(result[4])
        columns["RESPONSE"].append(result[5])
        columns["RESP_CODE"].append(result[6])
        columns["RESP_FILE"].append(result[7])
        columns["BROWSER"].append(result[8])


In [6]:
#Generem el data frame a partir del diccionari creat
log_df = pd.DataFrame.from_dict(columns)
log_df

Unnamed: 0,HOSTNAME,IPADRESS,DATETIME,REQUEST,RESPONSE,RESP_CODE,RESP_FILE,BROWSER
0,localhost,127.0.0.1,23/Feb/2014:03:10:31 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
1,localhost,127.0.0.1,23/Feb/2014:03:10:31 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
2,localhost,127.0.0.1,23/Feb/2014:03:10:31 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
3,localhost,127.0.0.1,23/Feb/2014:03:10:31 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
4,localhost,127.0.0.1,23/Feb/2014:03:10:31 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
...,...,...,...,...,...,...,...,...
261868,www.akumenius.com,5.255.253.53,02/Mar/2014:03:05:39 +0100,GET / HTTP/1.1,200,7528,-,Mozilla/5.0 (compatible; YandexBot/3.0; +http:...
261869,www.akumenius.com,74.86.158.107,02/Mar/2014:03:09:52 +0100,HEAD / HTTP/1.1,200,-,-,Mozilla/5.0+(compatible; UptimeRobot/2.0; http...
261870,localhost,127.0.0.1,02/Mar/2014:03:10:18 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)
261871,localhost,127.0.0.1,02/Mar/2014:03:10:18 +0100,OPTIONS * HTTP/1.0,200,-,-,Apache (internal dummy connection)


In [7]:
log_df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 261873 entries, 0 to 261872
Data columns (total 8 columns):
 #   Column     Non-Null Count   Dtype 
---  ------     --------------   ----- 
 0   HOSTNAME   261873 non-null  object
 1   IPADRESS   261873 non-null  object
 2   DATETIME   261873 non-null  object
 3   REQUEST    261873 non-null  object
 4   RESPONSE   261873 non-null  object
 5   RESP_CODE  261873 non-null  object
 6   RESP_FILE  261873 non-null  object
 7   BROWSER    261873 non-null  object
dtypes: object(8)
memory usage: 16.0+ MB


In [9]:
 #Eliminem les lineas que s'han executat desde el localhost
log_df_f = log_df[log_df.HOSTNAME != "localhost"]
log_df_f.head(5)


Unnamed: 0,HOSTNAME,IPADRESS,DATETIME,REQUEST,RESPONSE,RESP_CODE,RESP_FILE,BROWSER
22,www.akumenius.com,66.249.76.216,23/Feb/2014:03:10:31 +0100,GET /hoteles-baratos/ofertas-hotel-Club-&-Hote...,404,3100,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...
23,www.akumenius.com,66.249.76.216,23/Feb/2014:03:10:33 +0100,GET /hoteles-baratos/ofertas-hotel-Metropolis-...,404,3100,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...
24,www.akumenius.com,66.249.76.216,23/Feb/2014:03:10:35 +0100,GET /hoteles-baratos/ofertas-hotel-Faena-Hotel...,404,3100,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...
25,www.akumenius.com,66.249.76.216,23/Feb/2014:03:10:38 +0100,GET /hoteles-baratos/ofertas-hotel-Kensington-...,404,3100,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...
26,www.akumenius.com,66.249.76.216,23/Feb/2014:03:10:39 +0100,GET /destinos-baratos/destinosEstrelles/hotele...,200,8811,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...


In [10]:
log_df_f.describe()

Unnamed: 0,HOSTNAME,IPADRESS,DATETIME,REQUEST,RESPONSE,RESP_CODE,RESP_FILE,BROWSER
count,247746,247746,247746,247746,247746,247746,247746,247746
unique,4,2858,108465,66713,11,15545,2506,723
top,www.akumenius.com,66.249.76.216,28/Feb/2014:04:16:25 +0100,POST /destinos-get HTTP/1.1,200,-,-,Mozilla/5.0 (compatible; Googlebot/2.1; +http:...
freq,232300,46382,83,8056,212490,28382,85426,50908


In [21]:
# Guardem el dataframe filtrat com a CSV per eviar fer els passos anteriors quan obrim de nou el notebook
log_df_f.to_csv('./db/Web_acces_log_filtered.csv')

### Exercici 3

Geolocalitza les IP's. Aquí tens una pàgina d'interès :IP2Location: https://blog.ip2location.com/knowledge-base/how-to-add-a-sub-account-in-ip2location/

In [11]:
# Obrim el fitxer csv amb la base de dades
log_df_fdb = pd.read_csv('./db/Web_acces_log_filtered.csv', index_col=0)

In [12]:
# Generem un llistat amb totes les IPS que hi han al dataframe
unique_ips = pd.unique(log_df_fdb['IPADRESS'])
#print(unique_ips)
print(len(unique_ips))

2858


In [13]:
# Configurem les variables necessaries per conectarnos a la API de ipinfo
access_token = 'xxxxxxxxx'
handler = ipinfo.getHandler(access_token)

In [10]:
# fem una proba per veure la resposta que retorna
details = handler.getDetails('157.55.35.112')
details.all

{'ip': '157.55.35.112',
 'city': 'Redmond',
 'region': 'Washington',
 'country': 'US',
 'loc': '47.6740,-122.1215',
 'org': 'AS8075 Microsoft Corporation',
 'postal': '98052',
 'timezone': 'America/Los_Angeles',
 'country_name': 'United States',
 'latitude': '47.6740',
 'longitude': '-122.1215'}

In [None]:
#NO FER CORRER AQUESTA CEL·LA. EL DATAFRAME JA S'HA GENERAT I EL TOKEN S'HA ELIMINAT
# Iterem per obtenir les dades de geolocalització de cada IP i generem un fitxer csv amb els camps del Response.
with open ('./db/ip_df.csv', 'w', newline='') as ip_df:
    fieldnames = ['ip', 
                'city',
                'region',
                'country',
                'loc',
                'org',
                'postal',
                'timezone',
                'country_name',
                'latitude',
                'longitude',
                'hostname']
    writer = csv.DictWriter(ip_df, fieldnames=fieldnames)
    writer.writeheader()
    for item in unique_ips: 
        response = handler.getDetails(item)
        writer.writerow(response.all)

In [33]:
# Generem el dataframe amb les dades de geolocalització de les IPs
fieldnames = ['ip', 'city', 'region', 'country', 'loc', 'org', 'postal', 'timezone', 'country_name', 'latitude', 'longitude', 'hostname']
ips_df = pd.read_csv('./db/ip_df.csv', names=fieldnames)
ips_df

Unnamed: 0,ip,city,region,country,loc,org,postal,timezone,country_name,latitude,longitude,hostname
0,66.249.76.216,London,England,GB,"51.5085,-0.1257",AS15169 Google LLC,EC1A,Europe/London,United Kingdom,51.5085,-0.1257,crawl-66-249-76-216.googlebot.com
1,5.255.253.53,Moscow,Moscow,RU,"55.7522,37.6156",AS13238 YANDEX LLC,101000,Europe/Moscow,Russia,55.7522,37.6156,5-255-253-53.spider.yandex.com
2,157.55.35.112,Redmond,Washington,US,"47.6740,-122.1215",AS8075 Microsoft Corporation,98052,America/Los_Angeles,United States,47.6740,-122.1215,
3,193.111.141.116,,,,"0.0000,0.0000",,,,,0.0000,0.0000,
4,5.10.83.71,London,England,GB,"51.5085,-0.1257",AS36351 SoftLayer Technologies Inc.,EC1A,Europe/London,United Kingdom,51.5085,-0.1257,47.53.0a05.ip4.static.sl-reverse.com
...,...,...,...,...,...,...,...,...,...,...,...,...
2853,83.63.131.193,Vilanova i la Geltrú,Catalonia,ES,"41.2239,1.7251",AS3352 TELEFONICA DE ESPANA,08800,Europe/Madrid,Spain,41.2239,1.7251,193.red-83-63-131.staticip.rima-tde.net
2854,46.222.83.180,Madrid,Madrid,ES,"40.4165,-3.7026",AS15704 XTRA TELECOM S.A.,28001,Europe/Madrid,Spain,40.4165,-3.7026,
2855,79.155.78.117,La Laguna,Canary Islands,ES,"28.4853,-16.3201",AS3352 TELEFONICA DE ESPANA,38108,Atlantic/Canary,Spain,28.4853,-16.3201,117.red-79-155-78.dynamicip.rima-tde.net
2856,188.135.173.80,Cagliari,Sardinia,IT,"39.2305,9.1192",,09123,Europe/Rome,Italy,39.2305,9.1192,


## Nivell 3

### Exercici 3

Mostra'm la teva creativitat, Sorprèn-me fes un pas més enllà amb l'anàlisi anterior.

In [37]:
#Agrupem les dades per tipus de IP
ip_count = log_df_fdb.groupby('IPADRESS').count().reset_index()

In [41]:
#Generem per a cada IP un dataframe amb les dades de la seva geolocalització

geo_df1 = pd.DataFrame(columns=['ip','city','region','country','loc','country_name','latitude','longitude'])
for item in ip_count['IPADRESS']:
    geo_df2 = ips_df[ips_df.ip == item][['ip','city','region','country','loc','country_name','latitude','longitude']]
    geo_df3 = geo_df1.append(geo_df2)
    geo_df = geo_df3
geo_df3

Unnamed: 0,ip,city,region,country,loc,country_name,latitude,longitude
1716,101.199.108.59,Beijing,Beijing,CN,"39.9075,116.3972",China,39.9075,116.3972
2522,101.226.167.226,Shanghai,Shanghai,CN,"31.2222,121.4581",China,31.2222,121.4581
2822,107.178.37.48,San Jose,California,US,"37.3394,-121.8950",United States,37.3394,-121.8950
2328,107.178.38.221,San Jose,California,US,"37.3394,-121.8950",United States,37.3394,-121.8950
1476,107.21.14.116,Ashburn,Virginia,US,"39.0437,-77.4875",United States,39.0437,-77.4875
...,...,...,...,...,...,...,...,...
2136,95.63.234.126,Ourense,Galicia,ES,"42.3367,-7.8641",Spain,42.3367,-7.8641
1401,95.63.60.249,Madrid,Madrid,ES,"40.4165,-3.7026",Spain,40.4165,-3.7026
2369,96.242.31.129,Bayonne,New Jersey,US,"40.6687,-74.1143",United States,40.6687,-74.1143
1204,98.137.206.41,New York City,New York,US,"40.7313,-73.9892",United States,40.7313,-73.9892


In [86]:
#Juntem els dos dataframes i filtrem les columnes inecessaries
geo_df = ip_count.merge(geo_df3, how='inner', left_on='IPADRESS', right_on='ip')
geo_df.drop(['DATETIME', 'REQUEST', 'RESPONSE', 'RESP_CODE', 'RESP_FILE','BROWSER','ip'], axis=1, inplace=True)
geo_df.rename(columns = {'HOSTNAME': 'Access_counts'}, inplace=True)
geo_df.dropna(inplace=True)
geo_df

Unnamed: 0,IPADRESS,Access_counts,city,region,country,loc,country_name,latitude,longitude
0,101.199.108.59,32,Beijing,Beijing,CN,"39.9075,116.3972",China,39.9075,116.3972
1,101.226.167.226,1,Shanghai,Shanghai,CN,"31.2222,121.4581",China,31.2222,121.4581
2,107.178.37.48,194,San Jose,California,US,"37.3394,-121.8950",United States,37.3394,-121.8950
3,107.178.38.221,176,San Jose,California,US,"37.3394,-121.8950",United States,37.3394,-121.8950
4,107.21.14.116,2,Ashburn,Virginia,US,"39.0437,-77.4875",United States,39.0437,-77.4875
...,...,...,...,...,...,...,...,...,...
2853,95.63.234.126,265,Ourense,Galicia,ES,"42.3367,-7.8641",Spain,42.3367,-7.8641
2854,95.63.60.249,154,Madrid,Madrid,ES,"40.4165,-3.7026",Spain,40.4165,-3.7026
2855,96.242.31.129,52,Bayonne,New Jersey,US,"40.6687,-74.1143",United States,40.6687,-74.1143
2856,98.137.206.41,11,New York City,New York,US,"40.7313,-73.9892",United States,40.7313,-73.9892


In [87]:
#guardem el nou dataframe en un nou fitxer
geo_df.to_csv('./db/Web_acces_log_geo.csv')

In [89]:
#Generem un plot amb la localització de les IPS
import plotly.express as px

fig = px.scatter_mapbox(geo_df, lat="latitude", lon="longitude", hover_name="city", hover_data=["country","Access_counts"],size='Access_counts',size_max=40,title='Web Access Locations',
                        color_discrete_sequence=["fuchsia"], zoom=0.5, height=400, width=700)
fig.update_layout(mapbox_style="carto-darkmatter",)
fig.update_layout(margin={"r":0,"t":0,"l":0,"b":0})

fig.show()

Screenshot del Plot

![title](./Screenshots/Plotsnapshot.png)