Web Server Log Security Analyzer This project is a powerful and modern desktop application designed to help SOC (Security Operations Center) teams and system administrators analyze web server logs for potential security threats. It provides a user-friendly graphical interface to parse logs, identify suspicious activity, check against threat intelligence databases, and generate a clear, AI-powered summary of findings.
✨ Features Multi-Format Log Parsing: Automatically parses logs in common formats (e.g., Apache, Nginx) to extract key information like IP addresses, status codes, and user agents.
IP Analysis: Provides detailed statistics for each unique IP, including total requests, error counts, and HTTP methods used.
Suspicious User-Agent Detection: Flags requests originating from known scanning and attack tools like sqlmap, nmap, and hydra.
Threat Intelligence Integration: Automatically checks suspicious IP addresses against leading threat intelligence sources like AbuseIPDB and VirusTotal to assess their reputation.
AI-Powered Threat Analysis: Uses the Groq API to generate a comprehensive, human-readable summary of the identified threats, explaining the potential risks and context.
Modern GUI: A clean, intuitive, and responsive user interface built with tkinter and styled using the sv-ttk library.
Customizable Themes: Switch between different visual themes (Light, Dark, Blue) to suit your preference.
Exportable Reports: Generate detailed reports in both plain text (.txt) and formatted HTML (.html) for easy sharing and archival.
⚙️ Installation To set up and run the log analyzer, you need to install the required Python libraries.
Create a virtual environment (recommended):
python -m venv venv
.\venv\Scripts\activate
source venv/bin/activate
Install dependencies:
Install each of the required libraries using the following commands:
pip install requests pip install sv-ttk pip install python-dotenv pip install groq python
About Other Libraries You may notice that some libraries used in the code, such as re, threading, and groq, are not included in the installation steps.
re and threading are standard built-in Python libraries, so they are available without a separate installation.
The Groq API is used via the requests library, which is already listed above. You do not need to install a separate groq library.
🔑 Configuration The application requires API keys for its threat intelligence and AI features. You need to create a file named .env in the project's root directory with your keys.
Create the .env file:
touch .env
Add your API keys to the file. You can find these keys by creating accounts on the respective platforms.
ABUSEIPDB_API_KEY="your_abuseipdb_api_key_here" VIRUSTOTAL_API_KEY="your_virustotal_api_key_here" GROQ_API_KEY="your_groq_api_key_here"
🚀 Usage Once configured, run the application from your terminal:
python Main.py
The GUI will open, allowing you to browse for a log file, initiate the analysis, and view the results in real time.