# Authentication Log Analyzer (CYB333 Final Project)
**Author:** Jalah Rivers

## Project Purpose
Build a Python-based Authentication Log Analyzer that:
- parses authentication logs,
- counts failed login attempts per IP address,
- flags suspicious IPs that exceed a threshold,
- outputs a report for incident response evidence.

## Why this matters for Security Automation
Manual log review is slow and error-prone. This tool automates detection of brute-force indicators by quickly summarizing failed authentication activity and identifying IPs that require investigation.


## Environment & Files Used
**Tools**
- VS Code (development + terminal execution)
- Python (script automation + report generation)
- Jupyter Notebook (documentation + evidence)

**Project Files**
- `main.py` (analyzer)
- `sample_logs.txt` / `sample_logs_2.txt` (test data)
- `suspicious_report.txt` (output report)
- `README.md` (documentation)


from pathlib import Path

def show_file(path, max_lines=60):
    path = Path(path)
    if not path.exists():
        print(f"[!] File not found: {path}")
        return
    print(f"--- Showing: {path} ---\n")
    with open(path, "r", encoding="utf-8", errors="replace") as f:
        for i, line in enumerate(f):
            if i >= max_lines:
                print("\n... (truncated)")
                break
            print(line.rstrip())


## Procedure (What I did)
1. Created project folder and files in VS Code.
2. Wrote `main.py` to parse authentication logs and count failures per IP.
3. Generated realistic sample logs with multiple failed attempts.
4. Tested the script using a threshold value (ex: `-t 3`).
5. Verified output both in terminal and in the saved report file.
6. Documented results and evidence in this notebook.


## Evidence
Example command I ran in PowerShell:

```bash
python main.py -f sample_logs_2.txt -t 3 -o suspicious_report.txt


## Results
- The analyzer successfully counted failed login attempts per IP.
- Any IP meeting or exceeding the threshold was flagged as suspicious.
- The script produced a clean report that can be attached as IR evidence.

## Reflection
This project made log analysis feel practical instead of abstract. Building the parser showed me how “small automation” can save real time in incident response. It also helped me understand how brute-force behavior can be recognized quickly through repeated failures, especially when the same IP shows consistent authentication errors.
