In [None]:
import os
import csv
from collections import defaultdict


In [2]:
log_file_path = "sample.log"

if not os.path.exists(log_file_path):
    print(f"Error: The file '{log_file_path}' does not exist.")
else:
    print(f"Log file found: {log_file_path}")


Log file found: sample.log


In [3]:
def parse_log(file_path):
    data = []
    with open(file_path, "r") as file:
        for line in file:
            parts = line.split()
            ip = parts[0]
            endpoint = parts[6]
            status = parts[8]
            message = parts[9] if len(parts) > 9 else ""
            data.append((ip, endpoint, status, message))
    return data

log_data = parse_log(log_file_path)


In [4]:
def count_requests_by_ip(data):
    ip_count = defaultdict(int)
    for entry in data:
        ip_count[entry[0]] += 1
    return sorted(ip_count.items(), key=lambda x: x[1], reverse=True)

ip_requests = count_requests_by_ip(log_data)
print("Requests per IP Address:")
for ip, count in ip_requests:
    print(f"{ip}: {count}")


Requests per IP Address:
203.0.113.5: 8
198.51.100.23: 8
192.168.1.1: 7
10.0.0.2: 6
192.168.1.100: 5


In [5]:
def most_accessed_endpoint(data):
    endpoint_count = defaultdict(int)
    for entry in data:
        endpoint_count[entry[1]] += 1
    most_accessed = max(endpoint_count.items(), key=lambda x: x[1])
    return most_accessed

endpoint, count = most_accessed_endpoint(log_data)
print(f"Most Frequently Accessed Endpoint: {endpoint} (Accessed {count} times)")


Most Frequently Accessed Endpoint: /login (Accessed 13 times)


In [6]:
def detect_suspicious_activity(data, threshold=10):
    failed_attempts = defaultdict(int)
    for entry in data:
        if entry[2] == "401" and "Invalid credentials" in entry[3]:
            failed_attempts[entry[0]] += 1
    return {ip: count for ip, count in failed_attempts.items() if count > threshold}

suspicious_ips = detect_suspicious_activity(log_data)
print("Suspicious Activity Detected:")
for ip, count in suspicious_ips.items():
    print(f"{ip}: {count} failed login attempts")


Suspicious Activity Detected:


In [7]:
def save_to_csv(ip_requests, endpoint, endpoint_count, suspicious_ips, output_file="log_analysis_results.csv"):
    with open(output_file, "w", newline="") as csvfile:
        writer = csv.writer(csvfile)
        writer.writerow(["Section", "Data"])
        
        writer.writerow(["Requests per IP"])
        writer.writerow(["IP Address", "Request Count"])
        for ip, count in ip_requests:
            writer.writerow([ip, count])
        
        writer.writerow([])
        writer.writerow(["Most Accessed Endpoint"])
        writer.writerow(["Endpoint", "Access Count"])
        writer.writerow([endpoint, endpoint_count])
        
        writer.writerow([])
        writer.writerow(["Suspicious Activity"])
        writer.writerow(["IP Address", "Failed Login Count"])
        for ip, count in suspicious_ips.items():
            writer.writerow([ip, count])
    print(f"Results saved to {output_file}")

save_to_csv(ip_requests, endpoint, count, suspicious_ips)


Results saved to log_analysis_results.csv
