<a href="https://colab.research.google.com/github/darshit-97/PythonRefresher/blob/main/Mini_Project_Security_Log_Analyzer_%26_Unauthorized_Access_Detector.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Security Log Analyzer & Unauthorized Access Detector

**Objective:**

Build a Python script that:
+ Reads a security log file (security_log.txt).
+ Identifies unauthorized login attempts.
+ Writes a detailed report of suspicious activity to alert_report.txt.
+ Uses functions, loops, file handling, and error handling

**Project Requirements:**
+ Read a log file (security_log.txt) containing login attempts.
+ Detect unauthorized login attempts (e.g., incorrect passwords, multiple failed attempts).
+ Log suspicious activity into a report (alert_report.txt).
+ Handle missing files (try-except for error handling).
+ Allow users to manually enter an IP to check if it appears in the log.

**Features Your Script Must Include:**
+ Open security_log.txt and read its contents.
+ Find all FAILED login attempts and extract IPs.
+ Write the suspicious IPs and corresponding failed attempts to alert_report.txt.
+ Ask the user for an IP and check if it appears in the log.
+ Use functions for better structure.
+ Handle file errors gracefully.

**Bonus (Optional):**
+ Track how many unique IPs had failed attempts.
+ Allow users to search logs for a specific username/IP.

In [12]:
from re import search
from ast import keyword
from itertools import count
def read_log(security_log_file):
  try:
    with open(security_log_file,"r") as file:
      return file.readlines()
  except FileNotFoundError:
    print(f"Error: '{security_log_file}' not found!")
    return[]

def check_failed_attempts(log_lines):
  failed_attempts={}
  for line in log_lines:
    if "FAILED" in line:
      try:
        parts=line.strip().split(" - ")
        user=parts[2].split(": ")[1]
        ip=parts[3].split(": ")[1]
        if ip not in failed_attempts:
          failed_attempts[ip]={'count':1,'users':set([user])}
        else:
          failed_attempts[ip]['count'] += 1
          failed_attempts[ip]['users'].add(user)
      except IndexError:
        print("Error: Invalid log format!")
  return failed_attempts

def write_error_report(failed_attempts,output_file):
  with open(output_file,"w") as file:
    file.write("Security Alert Report\n")
    file.write("---------------------\n\n")
    for ip,details in failed_attempts.items():
      file.write(f"Suspicious IP detected: {ip}\n")
      file.write(f"Failed attempts: {details['count']}\n")
      file.write(f"Users involved: {', '.join(details['users'])}\n")
      file.write("---------------------\n\n")
    print(f"Error report written to {output_file}")

def search_ip_or_user(log_lines):
  keyword=input(f"Enter an IP or username to search for: ").strip()
  print(f"Searching for '{keyword}'...")
  found=False
  for line in log_lines:
    if keyword in line:
      print(line.strip())
      found=True
  if not found:
    print(f"No results found for '{keyword}'")

def main():
  security_log_file="security_log.txt"
  output_file="alert_report.txt"

  log_lines=read_log(security_log_file)
  if not log_lines:
    return

  failed_attempts=check_failed_attempts(log_lines)

  write_error_report(failed_attempts,output_file)

  search_ip_or_user(log_lines)

  print(f"\nUnique Suspicious IP: {len(failed_attempts)}")

  search_ip_or_user(log_lines)

if __name__ == "__main__":
  main()

Error report written to alert_report.txt
Enter an IP or username to search for: guest
Searching for 'guest'...
2024-03-31 10:08:45 - FAILED - User: guest - IP: 10.0.0.5

Unique Suspicious IP: 2
Enter an IP or username to search for: 192.168.1.10
Searching for '192.168.1.10'...
2024-03-31 10:00:12 - SUCCESS - User: admin - IP: 192.168.1.10
2024-03-31 10:05:23 - FAILED - User: root - IP: 192.168.1.100
2024-03-31 10:15:10 - FAILED - User: admin - IP: 192.168.1.100
