In [42]:
import re
import csv
from collections import Counter

File handlig

In [43]:

def read_log_file(file_path):
    """
    Reads the content of a log file line by line.
    """
    try:
        with open(file_path, 'r') as file:
            return file.readlines()
    except FileNotFoundError:
        print(f"Error: File '{file_path}' not found.")
        return []
    except Exception as e:
        print(f"Error reading file '{file_path}': {e}")
        return []



In [44]:
# Count requests per IP
def count_requests_per_ip(log_lines):
    """
    Counts the number of requests made by each IP address.
    """
    ip_pattern = r'\b(?:\d{1,3}\.){3}\d{1,3}\b'
    ip_addresses = [re.search(ip_pattern, line).group() for line in log_lines if re.search(ip_pattern, line)]
    return Counter(ip_addresses)

In [45]:
# Find most accessed endpoint
def find_most_accessed_endpoint(log_lines):
    """
    Identifies the most frequently accessed endpoint.
    """
    endpoint_pattern = r'\"(?:GET|POST|PUT|DELETE|HEAD|OPTIONS) (\S+)'
    endpoints = [re.search(endpoint_pattern, line).group(1) for line in log_lines if re.search(endpoint_pattern, line)]
    endpoint_counts = Counter(endpoints)
    return endpoint_counts.most_common(1)[0] if endpoint_counts else ("None", 0)

In [46]:
# Detect suspicious activity
def detect_suspicious_activity(log_lines, threshold):
    """
    Detects suspicious activity based on failed login attempts.
    """
    failed_login_pattern = r'(401|Invalid credentials)'
    ip_pattern = r'\b(?:\d{1,3}\.){3}\d{1,3}\b'
    failed_attempts = [
        re.search(ip_pattern, line).group()
        for line in log_lines if re.search(failed_login_pattern, line) and re.search(ip_pattern, line)
    ]
    failed_login_counts = Counter(failed_attempts)
    return {ip: count for ip, count in failed_login_counts.items() if count > threshold}

In [47]:
# Save results to CSV
def save_to_csv(ip_counts, most_accessed_endpoint, suspicious_activity, file_path):
    """
    Saves the analysis results to a CSV file.
    """
    try:
        with open(file_path, mode='w', newline='') as csvfile:
            writer = csv.writer(csvfile)

            # Write header
            writer.writerow(["Log Analysis Results"])

            # Write requests per IP
            writer.writerow([])
            writer.writerow(["Requests per IP"])
            writer.writerow(["IP Address", "Request Count"])
            for ip, count in ip_counts.items():
                writer.writerow([ip, count])

            # Write most accessed endpoint
            writer.writerow([])
            writer.writerow(["Most Accessed Endpoint"])
            writer.writerow(["Endpoint", "Access Count"])
            writer.writerow([most_accessed_endpoint[0], most_accessed_endpoint[1]])

            # Write suspicious activity
            writer.writerow([])
            writer.writerow(["Suspicious Activity"])
            writer.writerow(["IP Address", "Failed Login Count"])
            for ip, count in suspicious_activity.items():
                writer.writerow([ip, count])

        print(f"Results successfully written to '{file_path}'.")
    except Exception as e:
        print(f"Error writing to file '{file_path}': {e}")

In [48]:
# Main script
log_file = "sample.log"
failed_login_threshold = 10

In [49]:
# Step 1: Read log file
log_lines = read_log_file(log_file)

In [50]:
# Step 2: Perform analysis
ip_counts = count_requests_per_ip(log_lines)
most_accessed_endpoint = find_most_accessed_endpoint(log_lines)
suspicious_activity = detect_suspicious_activity(log_lines, failed_login_threshold)

In [51]:
# Step 3: Print sorted results in descending order
print(f"{'IP Address':<20}{'Request Count'}")

sorted_ip_counts = sorted(ip_counts.items(), key=lambda x: x[1], reverse=True)
for ip, count in sorted_ip_counts:
    print(f"{ip:<20}{count}")

# Step 4: Save results to CSV
save_to_csv(ip_counts, most_accessed_endpoint, suspicious_activity, "log_analysis_results.csv")

IP Address          Request Count
203.0.113.5         13
198.51.100.23       8
192.168.1.1         7
10.0.0.2            6
192.168.1.100       5
Results successfully written to 'log_analysis_results.csv'.
