Authentication Log Analyzer 🔐

A defensive cybersecurity tool written in Python that analyzes Linux authentication logs to identify suspicious failed login attempts.

This project demonstrates foundational blue-team skills such as log analysis, pattern detection, and security awareness in Linux environments.

---

📌 Overview

Authentication logs contain critical information about login activity on a system. Repeated failed login attempts may indicate brute-force attacks or unauthorized access attempts.

This tool:

• Parses system authentication logs
• Detects repeated failed login attempts
• Aggregates results by source IP
• Works on both Ubuntu/Debian and Kali Linux systems

---

🚀 Features

• ✅ Read-only log analysis (safe & non-intrusive)
• ✅ Automatically detects available log sources
• ✅ Supports /var/log/auth.log and journalctl
• ✅ Highlights suspicious IP addresses
• ✅ Simple CLI execution

---

🛠️ Technologies Used

• Python 3
• Linux authentication logs
• Regular expressions
• journalctl (systemd)

---

📂 How It Works

1. Attempts to read /var/log/auth.log
2. If unavailable, falls back to journalctl
3. Scans logs for failed SSH login attempts
4. Counts occurrences per IP
5. Displays suspicious activity

---

▶️ Usage

Make executable:

chmod +x log_analyzer.py