In [4]:
import csv
from collections import defaultdict

def analyze_log(log_file, threshold=10):
    ip_requests = defaultdict(int)
    endpoints = defaultdict(int)
    failed_logins = defaultdict(int)
    
    with open(log_file, 'r') as file:
        for line in file:
            parts = line.split()
            
            ip = parts[0]
            
            endpoint = parts[6]
            
            status_code = parts[8]
            
            ip_requests[ip] += 1
            
            endpoints[endpoint] += 1
            
            if status_code == '401' or 'Invalid credentials' in line:
                failed_logins[ip] += 1
    
    sorted_ip_requests = sorted(ip_requests.items(), key=lambda x: x[1], reverse=True)
    most_accessed_endpoint = max(endpoints.items(), key=lambda x: x[1])
    
    suspicious_activity = {ip: count for ip, count in failed_logins.items() if count > threshold}
    
    # Output to terminal
    print("IP Address           Request Count")
    for ip, count in sorted_ip_requests:
        print(f"{ip:<20} {count}")
    
    print("\nMost Frequently Accessed Endpoint:")
    print(f"{most_accessed_endpoint[0]} (Accessed {most_accessed_endpoint[1]} times)")
    
    print("\nSuspicious Activity Detected:")
    print("IP Address           Failed Login Attempts")
    for ip, count in suspicious_activity.items():
        print(f"{ip:<20} {count}")
    
    # Save to CSV file
    with open('log_analysis_results.csv', 'w', newline='') as csvfile:
        writer = csv.writer(csvfile)
        
        # Write Requests per IP
        writer.writerow(['IP Address', 'Request Count'])
        for ip, count in sorted_ip_requests:
            writer.writerow([ip, count])
        
        # Write Most Accessed Endpoint
        writer.writerow([])
        writer.writerow(['Endpoint', 'Access Count'])
        writer.writerow([most_accessed_endpoint[0], most_accessed_endpoint[1]])
        
        # Write Suspicious Activity
        writer.writerow([])
        writer.writerow(['IP Address', 'Failed Login Count'])
        for ip, count in suspicious_activity.items():
            writer.writerow([ip, count])

# Main function to run the script
if __name__ == "__main__":
    log_file = "C:/Users/Omkar/Downloads/log.csv"  # Path to the log file
    analyze_log(log_file)


IP Address           Request Count
"203.0.113.5         8
"198.51.100.23       8
"192.168.1.1         7
"10.0.0.2            6
"192.168.1.100       5

Most Frequently Accessed Endpoint:
/login (Accessed 13 times)

Suspicious Activity Detected:
IP Address           Failed Login Attempts
