In [5]:
# Function for reading log file and storing in dictionary
def parseLog(logs):
    logsDict = {}
    for log in logs:
        components = log.split()
        date = components[0]
        time = components[1]
        activity = components[2]
        server = components[3]
        user = components[4]

        if user in logsDict:
            if date in logsDict[user]:
                logsDict[user][date].append((time, activity, server))
            else:
                logsDict[user][date] = [(time, activity, server)]
        else:
            logsDict[user] = {date: [(time, activity, server)]}
        logsDict[user][date].sort()
    return logsDict

In [6]:
# Function for writing report
def writeReport(title, fileName, suspiciousActs, suspiciousCount, logsDict):
    new_file = open(fileName, "x")
    new_file.write("==============================\n")
    new_file.write(f"=== {title} ({str(suspiciousCount)} cases) ===\n")
    new_file.write("==============================\n")

    for user in suspiciousActs:
        actCount = len(suspiciousActs[user])
        new_file.write(f"{user}\t\t{str(actCount)}\n")

        for date in suspiciousActs[user]:
            new_file.write(f"\tDATE: [{date}] ---\n")

            for activity in logsDict[user][date]:
                new_file.write(f"\t\t{activity[0]}\t{activity[1]}\t{activity[2]}\n")

    new_file.close()

In [7]:
# Read userlog.log
userlog = open("userlog.log")
logs = userlog.readlines()
logsDict = parseLog(logs)

In [8]:
# Problem 1 Suspicious Activities
suspiciousActs = {}
suspiciousCount = 0
for user in logsDict:
    for date in logsDict[user]:
        loginCount = sum(1 for i in logsDict[user][date] if i[1] == 'login')
        hasLateLogin = any(i[1] == 'login' and int(i[0].split(':')[0]) < 5 for i in logsDict[user][date])
        
        if loginCount > 5 or hasLateLogin:
            suspiciousCount += 1
            if user in suspiciousActs:
                suspiciousActs[user].append(date)
            else:
                suspiciousActs[user] = [date]
            suspiciousActs[user].sort()

writeReport("Suspicious activities", "suspicious_report.txt", suspiciousActs, suspiciousCount, logsDict)

In [10]:
# Problem 2 Irresponsible behavior
irresponsibleActs = {}
irresponsibleCount = 0
for user in logsDict:
    for date in logsDict[user]:
        loginCount = sum(1 for i in logsDict[user][date] if i[1] == 'login')
        logoutCount = sum(1 for i in logsDict[user][date] if i[1] == 'logout')
        
        if loginCount > logoutCount:
            irresponsibleCount += 1
            if user in irresponsibleActs:
                irresponsibleActs[user].append(date)
            else:
                irresponsibleActs[user] = [date]
            irresponsibleActs[user].sort()
writeReport("Irresponsible behavior", "irresponsible_report.txt", irresponsibleActs, irresponsibleCount, logsDict)

In [11]:
# Problem 3 System glitch
systemGlitches = {}
glitchCount = 0
for user in logsDict:
    for date in logsDict[user]:
        loginCount = sum(1 for i in logsDict[user][date] if i[1] == 'login')
        logoutCount = sum(1 for i in logsDict[user][date] if i[1] == 'logout')
        
        if loginCount < logoutCount:
            irresponsibleCount += 1
            if user in systemGlitches:
                systemGlitches[user].append(date)
            else:
                systemGlitches[user] = [date]
            systemGlitches[user].sort()
writeReport("System glitch", "glitch_report.txt", systemGlitches, glitchCount, logsDict)

In [17]:
# Problem 4 Domain count
emailList = logsDict.keys()
domainsDict = {}
for email in emailList:
    emailParts = email.split('@')
    domain = emailParts[1]
    if domain in domainsDict:
        domainsDict[domain] += 1
    else:
        domainsDict[domain] = 1

new_file = open("domain_report.txt", "x")
new_file.write("==============================\n")
new_file.write(f"=== Domain Count ({str(len(domainsDict))} Domains) ===\n")
new_file.write("==============================\n")

for domain in domainsDict:
    new_file.write(f"{domain}\t\t{domainsDict[domain]}\n")

new_file.close()