In [None]:
!pip install --quiet python-dotenv google-generativeai langchain

In [None]:
os.environ["GOOGLE_API_KEY"] = "AIzaSyDWzA4yiBc7amljOYTMnp8yxUgwB6YqGN4"
genai.configure(api_key=os.environ["GOOGLE_API_KEY"])

In [None]:
import os
from dotenv import load_dotenv
import google.generativeai as genai
from langchain.prompts import PromptTemplate

# Load API key from .env

# Text file path containing system logs
TEXT_FILE_PATH = "/content/logdata.txt"  # Upload this to Colab

# Load text logs from file
def read_text_from_file():
    with open(TEXT_FILE_PATH, 'r', encoding='utf-8') as file:
        return file.read()

# Updated prompt template
prompt_template = PromptTemplate(
    template="""
You are an AI system log analyzer. Your task is to read log entries and determine if they match known system behavior or indicate an anomaly.

Below are the known log labels:
- HTTP Status
- Critical Error
- Security Alert
- Error
- System Notification
- Resource Usage
- User Action
- Workflow Error
- Depreciation Warning

Instructions:
1. If the log clearly matches one of the above categories, return ONLY the label.
2. If the log does NOT match any known behavior and shows unusual or repeated suspicious activity (e.g., multiple failed logins, strange access patterns, or unusual errors), return "Anomaly Detected".
3. DO NOT guess a label if the pattern is unclear or novel — prefer "Anomaly Detected" in such cases.
4. Respond with only a single line output (either a label or "Anomaly Detected").

Context:
{context_text}

Log Entry to Classify:
{question}
""",
    input_variables=["context_text", "question"]
)

# Function to classify the log using Gemini
def query_gemini(context_text, question):
    model = genai.GenerativeModel(model_name="gemini-1.5-flash")
    prompt = prompt_template.format(context_text=context_text, question=question)
    response = model.generate_content([prompt])
    return response.text.strip()

# Main program
if __name__ == "__main__":
    context_text = read_text_from_file()
    print("Enter the log line to classify (or type 'exit' to quit):\n")

    while True:
        user_input = input("Log Entry: ")
        if user_input.lower() == "exit":
            break
        result = query_gemini(context_text, user_input)
        print("\nClassification:\n", result, "\n")


Enter the log line to classify (or type 'exit' to quit):

Log Entry: 2025-06-27 07:20:25 failed to login 2025-06-27 07:21:25 failed to login 2025-06-27 07:22:25 failed to login

Classification:
 Anomaly Detected 

Log Entry: "timestamp": "2025-07-19T14:26:52Z",     "server_id": "srv-107",     "metric": "network_in",     "value": 1200.5,     "threshold": 800.0,     "anomaly_type": "burst",     "severity": "high",     "detected_by": "auto-detector-v3"

Classification:
 Anomaly Detected 

Log Entry: 2025-06-27 07:20:25,ModernCRM,"nova.osapi_compute.wsgi.server [req-b9718cd8-f65e-49cc-8349-6cf7122af137 113d3a99c3da401fbd62cc2caa5b96d2 54fadb412c4e40cdbaed9335e4c35a9e - - -] 10.11.10.1 ""GET /v2/54fadb412c4e40cdbaed9335e4c35a9e/servers/detail HTTP/1.1"" status: 200 len: 1893 time: 0.2675118"

Classification:
 HTTP Status 

Log Entry: exit
