In [2]:
import csv
from collections import defaultdict

def process_log_file(filename, threshold=10):
    # Dictionaries to store request counts and failed login attempts
    ip_request_count = defaultdict(int)
    endpoint_count = defaultdict(int)
    failed_logins = defaultdict(int)

    # Read the log file
    with open(filename, 'r') as file:
        for line in file:
            # Split log line by spaces
            parts = line.split()
            ip = parts[0]
            request = parts[5][1:] 
            status_code = parts[8]
            ip_request_count[ip] += 1
            endpoint_count[request] += 1
            # Detect failed login attempts
            if status_code == '401' or "Invalid credentials" in line:
                failed_logins[ip] += 1

    # Sorting results
    sorted_ip_requests = sorted(ip_request_count.items(), key=lambda x: x[1], reverse=True)
    most_accessed_endpoint = max(endpoint_count.items(), key=lambda x: x[1])
    
    # Find suspicious activity
    suspicious_ips = {ip: count for ip, count in failed_logins.items() if count > threshold}

    # Print the results
    print("IP Address           Request Count")
    for ip, count in sorted_ip_requests:
        print(f"{ip:<20} {count}")
    
    print(f"\nMost Frequently Accessed Endpoint:\n{most_accessed_endpoint[0]} (Accessed {most_accessed_endpoint[1]} times)")
    
    if suspicious_ips:
        print("\nSuspicious Activity Detected:")
        print("IP Address           Failed Login Attempts")
        for ip, count in suspicious_ips.items():
            print(f"{ip:<20} {count}")
    
    with open("log_analysis_results.csv", mode='w', newline='') as file:
        writer = csv.writer(file)
        
        writer.writerow(["IP Address", "Request Count"])
        for ip, count in sorted_ip_requests:
            writer.writerow([ip, count])
        
        writer.writerow(["Most Accessed Endpoint", "Access Count"])
        writer.writerow([most_accessed_endpoint[0], most_accessed_endpoint[1]])
        
        writer.writerow(["IP Address", "Failed Login Count"])
        for ip, count in suspicious_ips.items():
            writer.writerow([ip, count])
            
process_log_file(r"C:\Users\DELL\Desktop\sample.log")


IP Address           Request Count
203.0.113.5          8
198.51.100.23        8
192.168.1.1          7
10.0.0.2             6
192.168.1.100        5

Most Frequently Accessed Endpoint:
GET (Accessed 17 times)
