# 6월 17일

In [23]:
# 로그파일 -> (비정형 데이터) -> 정형데이터 형식

import re
import csv 
# 로그파일 경로
log_file_path = 'sample_logs.txt'
output_csv_path = 'parsed_logs.csv'

In [25]:
# 정규 표현식 패턴 정의
log_pattern = re.compile(
    r'(?P<ip>\d+\.\d+\.\d+\.\d+)\s' # IP 주소
    r'- - \[(?P<datetime>[^\]]+)\] ' # 날짜 및 시간
    r'"(?P<method>GET|POST|PUT|DELETE|HEAD) ' # HTTP 메서드
    r'(?P<path>[^ ]+).*?"\s' # 요청 경로
    r'(?P<status>\d{3})\s' # 상태 코드
    r'(?P<size>\d+)' # 응답 크기
)
# (?P<이름>패턴) 형태는 "이름이 있는 그룹" 으로, 추출 결과를 딕셔너리처럼groupdict()로 관리할 수 있게 해줍니다.

In [27]:
# 파싱된 결과 저장 리스트
parsed_logs = []
# 로그 파일 읽기 및 정규식 적용
with open(log_file_path, 'r') as f:
    for line in f:
        match = log_pattern.search(line)
        if match:
            parsed_logs.append(match.groupdict()) # 

In [28]:
parsed_logs

[{'ip': '172.29.117.82',
  'datetime': '14/Jun/2025:10:59:11 +0900',
  'method': 'GET',
  'path': '/home.php',
  'status': '200',
  'size': '189'},
 {'ip': '10.248.203.131',
  'datetime': '14/Jun/2025:11:21:30 +0900',
  'method': 'GET',
  'path': '/admin/login.php',
  'status': '403',
  'size': '1024'},
 {'ip': '172.25.180.188',
  'datetime': '14/Jun/2025:11:55:08 +0900',
  'method': 'GET',
  'path': '/admin/login.php',
  'status': '404',
  'size': '2048'},
 {'ip': '172.22.253.123',
  'datetime': '14/Jun/2025:11:18:27 +0900',
  'method': 'GET',
  'path': '/dashboard',
  'status': '403',
  'size': '512'},
 {'ip': '192.168.71.140',
  'datetime': '14/Jun/2025:10:38:19 +0900',
  'method': 'GET',
  'path': '/admin/login.php',
  'status': '404',
  'size': '512'},
 {'ip': '10.128.66.93',
  'datetime': '14/Jun/2025:10:35:59 +0900',
  'method': 'GET',
  'path': '/home.php',
  'status': '404',
  'size': '1024'},
 {'ip': '192.168.75.62',
  'datetime': '14/Jun/2025:10:38:37 +0900',
  'method': 'GE

In [29]:
# CSV로 저장
with open(output_csv_path, 'w', newline='') as csvfile:
    fieldnames = ['ip', 'datetime', 'method', 'path', 'status', 'size']
    writer = csv.DictWriter(csvfile, fieldnames=fieldnames)
    writer.writeheader()
    for entry in parsed_logs:
        writer.writerow(entry)
print("보안 로그가 CSV로 저장되었습니다:", output_csv_path)

보안 로그가 CSV로 저장되었습니다: parsed_logs.csv


In [None]:
2

In [30]:
# csv파일을 pandas dataframe 형태로

import pandas as pd

In [34]:
df = pd.read_csv('parsed_logs.csv') # 읽어올 파일 pd로 정리
df

Unnamed: 0,ip,datetime,method,path,status,size
0,172.29.117.82,14/Jun/2025:10:59:11 +0900,GET,/home.php,200,189
1,10.248.203.131,14/Jun/2025:11:21:30 +0900,GET,/admin/login.php,403,1024
2,172.25.180.188,14/Jun/2025:11:55:08 +0900,GET,/admin/login.php,404,2048
3,172.22.253.123,14/Jun/2025:11:18:27 +0900,GET,/dashboard,403,512
4,192.168.71.140,14/Jun/2025:10:38:19 +0900,GET,/admin/login.php,404,512
...,...,...,...,...,...,...
495,172.21.22.154,14/Jun/2025:10:59:51 +0900,GET,/index.html,404,1024
496,192.168.145.66,14/Jun/2025:11:55:58 +0900,GET,/logout,404,1024
497,192.168.188.143,14/Jun/2025:11:42:06 +0900,GET,/dashboard,200,768
498,172.27.113.162,14/Jun/2025:10:02:40 +0900,POST,/submit,403,1024


In [None]:
# 403 
df_1 = df[df['status'] == 403] #df[df[칼럼명] 조건]
df_1


Unnamed: 0,ip,datetime,method,path,status,size
1,10.248.203.131,14/Jun/2025:11:21:30 +0900,GET,/admin/login.php,403,1024
3,172.22.253.123,14/Jun/2025:11:18:27 +0900,GET,/dashboard,403,512
10,192.168.133.95,14/Jun/2025:10:35:49 +0900,POST,/api/data,403,189
17,10.72.245.6,14/Jun/2025:11:09:56 +0900,GET,/dashboard,403,532
18,192.168.41.48,14/Jun/2025:11:37:38 +0900,POST,/api/data,403,189
...,...,...,...,...,...,...
469,172.29.118.196,14/Jun/2025:11:36:35 +0900,POST,/api/data,403,1024
478,10.170.116.238,14/Jun/2025:11:45:43 +0900,POST,/upload.php,403,512
482,10.223.64.6,14/Jun/2025:10:46:13 +0900,GET,/home.php,403,512
490,192.168.24.241,14/Jun/2025:10:30:29 +0900,GET,/home.php,403,2048


In [38]:
acc_admin_df = df[df['path'].str.contains(r'^/admin')] #.str로 문자열 객체 .contains()는 호환여부
acc_admin_df

Unnamed: 0,ip,datetime,method,path,status,size
1,10.248.203.131,14/Jun/2025:11:21:30 +0900,GET,/admin/login.php,403,1024
2,172.25.180.188,14/Jun/2025:11:55:08 +0900,GET,/admin/login.php,404,2048
4,192.168.71.140,14/Jun/2025:10:38:19 +0900,GET,/admin/login.php,404,512
15,10.32.63.121,14/Jun/2025:11:24:03 +0900,GET,/admin/login.php,404,768
28,10.41.22.78,14/Jun/2025:10:59:14 +0900,GET,/admin/login.php,200,2048
...,...,...,...,...,...,...
452,10.63.41.199,14/Jun/2025:10:45:49 +0900,GET,/admin/login.php,404,1024
458,10.49.1.244,14/Jun/2025:10:06:23 +0900,GET,/admin/login.php,500,532
462,10.172.229.215,14/Jun/2025:10:35:40 +0900,GET,/admin/login.php,200,768
480,172.28.207.249,14/Jun/2025:10:51:43 +0900,GET,/admin/login.php,404,189


In [None]:
# top 5 
top_ips = df.groupby('ip').size().reset_index(name='count').sort_values(by='count',
ascending=False).head(5)
print(top_ips)


                  ip  count
441  192.168.234.214      2
467    192.168.53.18      1
18      10.127.95.68      1
0     10.101.163.240      1
468    192.168.55.77      1


In [48]:
#서울시에 위치한 스타벅스 데이터
import pandas as pd

In [54]:
data = pd.read_csv('fulldata.csv',encoding='cp949',low_memory = False) #csv 한글 = cp949 


In [55]:
data.tail(5)

Unnamed: 0,번호,개방서비스명,개방서비스아이디,개방자치단체코드,관리번호,인허가일자,인허가취소일자,영업상태구분코드,영업상태명,상세영업상태코드,...,공장생산직직원수,건물소유구분명,보증액,월세액,다중이용업소여부,시설총규모,전통업소지정번호,전통업소주된음식,홈페이지,Unnamed: 47
602902,602903,휴게음식점,07_24_05_P,3610000,3610000-104-2018-00018,2018-03-14,,1,영업/정상,1,...,,,,,N,3.3,,,,
602903,602904,휴게음식점,07_24_05_P,3610000,3610000-104-2018-00027,2018-04-10,,1,영업/정상,1,...,,,,,N,56.1,,,,
602904,602905,휴게음식점,07_24_05_P,3610000,3610000-104-2018-00031,2018-04-19,,1,영업/정상,1,...,,,,,N,16.0,,,,
602905,602906,휴게음식점,07_24_05_P,3610000,3610000-104-2017-00085,2017-12-18,,1,영업/정상,1,...,,,,,N,12.0,,,,
602906,602907,휴게음식점,07_24_05_P,3600000,3600000-104-2010-00022,2010-03-16,,1,영업/정상,1,...,,,,,N,8.22,,,,


In [58]:
data.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 602907 entries, 0 to 602906
Data columns (total 48 columns):
 #   Column           Non-Null Count   Dtype  
---  ------           --------------   -----  
 0   번호               602907 non-null  int64  
 1   개방서비스명           602907 non-null  object 
 2   개방서비스아이디         602907 non-null  object 
 3   개방자치단체코드         602907 non-null  int64  
 4   관리번호             602907 non-null  object 
 5   인허가일자            602888 non-null  object 
 6   인허가취소일자          0 non-null       float64
 7   영업상태구분코드         602907 non-null  int64  
 8   영업상태명            602907 non-null  object 
 9   상세영업상태코드         602907 non-null  int64  
 10  상세영업상태명          602907 non-null  object 
 11  폐업일자             402497 non-null  object 
 12  휴업시작일자           0 non-null       float64
 13  휴업종료일자           0 non-null       float64
 14  재개업일자            0 non-null       float64
 15  소재지전화            250307 non-null  object 
 16  소재지면적            553700 non-null  floa

In [59]:
data.describe()

Unnamed: 0,번호,개방자치단체코드,인허가취소일자,영업상태구분코드,상세영업상태코드,휴업시작일자,휴업종료일자,재개업일자,소재지면적,도로명우편번호,...,총직원수,본사직원수,공장사무직직원수,공장판매직직원수,공장생산직직원수,보증액,월세액,시설총규모,홈페이지,Unnamed: 47
count,602907.0,602907.0,0.0,602907.0,602907.0,0.0,0.0,0.0,553700.0,449585.0,...,260166.0,264440.0,264440.0,264440.0,264440.0,264440.0,264440.0,601019.0,0.0,0.0
mean,301454.0,4060419.0,,2.335191,1.667595,,,,51.949812,28013.466615,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,48.636721,,
std,174044.403711,882224.0,,0.942151,0.471075,,,,304.737473,18789.829211,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,292.872973,,
min,1.0,3000000.0,,1.0,1.0,,,,0.0,1000.0,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,,
25%,150727.5,3310000.0,,1.0,1.0,,,,15.0,10937.0,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,10.0,,
50%,301454.0,3820000.0,,3.0,2.0,,,,33.5,24835.0,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,31.29,,
75%,452180.5,4681000.0,,3.0,2.0,,,,62.84,44703.0,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,60.0,,
max,602907.0,6520000.0,,3.0,2.0,,,,111113.52,63644.0,...,0.0,0.0,0.0,0.0,0.0,0.0,0.0,111113.52,,


In [61]:
data.shape # 행, 열 개수 정보

(602907, 48)

In [62]:
data.columns

Index(['번호', '개방서비스명', '개방서비스아이디', '개방자치단체코드', '관리번호', '인허가일자', '인허가취소일자',
       '영업상태구분코드', '영업상태명', '상세영업상태코드', '상세영업상태명', '폐업일자', '휴업시작일자', '휴업종료일자',
       '재개업일자', '소재지전화', '소재지면적', '소재지우편번호', '소재지전체주소', '도로명전체주소', '도로명우편번호',
       '사업장명', '최종수정시점', '데이터갱신구분', '데이터갱신일자', '업태구분명', '좌표정보x(epsg5174)',
       '좌표정보y(epsg5174)', '위생업태명', '남성종사자수', '여성종사자수', '영업장주변구분명', '등급구분명',
       '급수시설구분명', '총직원수', '본사직원수', '공장사무직직원수', '공장판매직직원수', '공장생산직직원수',
       '건물소유구분명', '보증액', '월세액', '다중이용업소여부', '시설총규모', '전통업소지정번호', '전통업소주된음식',
       '홈페이지', 'Unnamed: 47'],
      dtype='object')

In [65]:
print(data.columns.tolist())
print(data.columns.values)

['번호', '개방서비스명', '개방서비스아이디', '개방자치단체코드', '관리번호', '인허가일자', '인허가취소일자', '영업상태구분코드', '영업상태명', '상세영업상태코드', '상세영업상태명', '폐업일자', '휴업시작일자', '휴업종료일자', '재개업일자', '소재지전화', '소재지면적', '소재지우편번호', '소재지전체주소', '도로명전체주소', '도로명우편번호', '사업장명', '최종수정시점', '데이터갱신구분', '데이터갱신일자', '업태구분명', '좌표정보x(epsg5174)', '좌표정보y(epsg5174)', '위생업태명', '남성종사자수', '여성종사자수', '영업장주변구분명', '등급구분명', '급수시설구분명', '총직원수', '본사직원수', '공장사무직직원수', '공장판매직직원수', '공장생산직직원수', '건물소유구분명', '보증액', '월세액', '다중이용업소여부', '시설총규모', '전통업소지정번호', '전통업소주된음식', '홈페이지', 'Unnamed: 47']
['번호' '개방서비스명' '개방서비스아이디' '개방자치단체코드' '관리번호' '인허가일자' '인허가취소일자' '영업상태구분코드'
 '영업상태명' '상세영업상태코드' '상세영업상태명' '폐업일자' '휴업시작일자' '휴업종료일자' '재개업일자' '소재지전화'
 '소재지면적' '소재지우편번호' '소재지전체주소' '도로명전체주소' '도로명우편번호' '사업장명' '최종수정시점' '데이터갱신구분'
 '데이터갱신일자' '업태구분명' '좌표정보x(epsg5174)' '좌표정보y(epsg5174)' '위생업태명' '남성종사자수'
 '여성종사자수' '영업장주변구분명' '등급구분명' '급수시설구분명' '총직원수' '본사직원수' '공장사무직직원수'
 '공장판매직직원수' '공장생산직직원수' '건물소유구분명' '보증액' '월세액' '다중이용업소여부' '시설총규모' '전통업소지정번호'
 '전통업소주된음식' '홈페이지' 'Unnamed: 47']


In [None]:
data_1 = data[['번호','영업상태명','영업상태구분코드','사업장명','소재지전체주소','도로명전체주소']]
data_1

Unnamed: 0,번호,영업상태명,영업상태구분코드,사업장명,소재지전체주소,도로명전체주소
0,1,폐업,3,팥붕슈붕,인천광역시 중구 운서동 2874 파라다이스시티 플라자 1층,"인천광역시 중구 영종해안남로321번길 186, 파라다이스시티 플라자 1층 (운서동)"
1,2,폐업,3,헤이븐(haven),서울특별시 금천구 가산동 345-2,"서울특별시 금천구 가산디지털1로 100, 1층 117호 (가산동)"
2,3,폐업,3,리은푸드,대구광역시 중구 계산동2가 0200 현대백화점 지하1층,"대구광역시 중구 달구벌대로 2077, 현대백화점 지하1층 (계산동2가)"
3,4,폐업,3,(주)파파밸리,경기도 하남시 신장동 616 스타필드 하남,"경기도 하남시 미사대로 750, 신세계백화점 스타필드 하남 지하1층 (신장동)"
4,5,폐업,3,이안만두,경기도 하남시 신장동 616 스타필드 하남,"경기도 하남시 미사대로 750, 스타필드 하남 신세계백화점 지하2층 일부호 (신장동)"
...,...,...,...,...,...,...
602902,602903,영업/정상,1,GS25HR아팰리스점,광주광역시 남구 봉선동 1095 1층 201동 102호,"광주광역시 남구 제석로 104, 201동 1층 102호 (봉선동)"
602903,602904,영업/정상,1,석류나무,광주광역시 남구 백운동 620-11번지 1층,"광주광역시 남구 독립로 30-3, 1층 (백운동)"
602904,602905,영업/정상,1,블랑PC토랑,"광주광역시 남구 진월동 294-17 광동빌딩, 2층","광주광역시 남구 서문대로 700, 광동빌딩 2층 (진월동)"
602905,602906,영업/정상,1,아틀리에pc,광주광역시 남구 월산동 901-30 1층,"광주광역시 남구 월산로151번길 10, 땡큐pc방 1층 (월산동)"


In [86]:
# 소재지 기준으로 값이 na인 행을 삭제
#data_1 = data_1.dropna()
data_1 = data_1.dropna(subset=['소재지전체주소'])

In [87]:
data_2 = data_1[data_1['소재지전체주소'].str.contains('서울특별시')]

In [88]:
data_3 = data_2[data_2['사업장명'].str.contains('스타벅스')]
data_3.head(3)

Unnamed: 0,번호,영업상태명,영업상태구분코드,사업장명,소재지전체주소,도로명전체주소
10601,10602,폐업,3,스타벅스 대치재경빌딩B1,서울특별시 강남구 대치동 599 대원빌딩,"서울특별시 강남구 남부순환로 2947, 대원빌딩 지하1층 (대치동)"
11692,11693,폐업,3,스타벅스 명동센트럴점,서울특별시 중구 명동1가 10-1 명동센트럴빌딩 1층-중2층,"서울특별시 중구 명동9길 16, 명동센트럴빌딩 1층-중2층 (명동1가)"
14356,14357,폐업,3,스타벅스커피홍대공원점,"서울특별시 마포구 서교동 362-1번지 1층일부, 2층","서울특별시 마포구 와우산로 83 (서교동, 1층일부, 2층)"


In [89]:
data_4 = data_3[data_3['영업상태명'] != '폐업']
data_4.head(4)

Unnamed: 0,번호,영업상태명,영업상태구분코드,사업장명,소재지전체주소,도로명전체주소
402499,402500,영업/정상,1,스타벅스 신촌로점,서울특별시 서대문구 창천동 29-81 신촌르메이에르타운5,"서울특별시 서대문구 신촌로 109, 신촌르메이에르타운5 1층 103-2,103-3호..."
403301,403302,영업/정상,1,스타벅스 김포공항 국제선점,서울특별시 강서구 방화동 882-1,"서울특별시 강서구 하늘길 38, 김포공항 국제선터미널 출국장 3층 (방화동)"
403590,403591,영업/정상,1,스타벅스 서대문적십자점,서울특별시 종로구 평동 164 서울적십자병원,"서울특별시 종로구 새문안로 9, 서울적십자병원 별관 1층 B호 (평동)"
403633,403634,영업/정상,1,스타벅스 암사역,서울특별시 강동구 암사동 501,"서울특별시 강동구 올림픽로 786, 1,2층 101,201호 (암사동)"


In [90]:
# str.split() => list [' ',' ',' ',..]

data_4.loc[:, '시군구'] = data_4['소재지전체주소'].str.split().str[1]



A value is trying to be set on a copy of a slice from a DataFrame.
Try using .loc[row_indexer,col_indexer] = value instead

See the caveats in the documentation: https://pandas.pydata.org/pandas-docs/stable/user_guide/indexing.html#returning-a-view-versus-a-copy
  data_4.loc[:, '시군구'] = data_4['소재지전체주소'].str.split().str[1]


In [96]:
data_5 = data_4.groupby('시군구').size().reset_index(name = '사업장수')
#size() 

In [None]:
data_5

Unnamed: 0,시군구,사업장수
0,강남구,92
1,강동구,20
2,강북구,7
3,강서구,32
4,관악구,14
5,광진구,19
6,구로구,14
7,금천구,14
8,노원구,15
9,도봉구,7


In [98]:
import matplotlib.pyplot as plt
import matplotlib.font_manager as fm
import matplotlib as mpl


In [None]:
plt.rcParams['font.family'] = 'Malgun Gothic'