Skip to content

m1tchX/log_analyzer

BranchesTags

Repository files navigation

🔍 Log Analyzer

Real-time log analyzer for detecting suspicious IP activity such as brute-force attacks, invalid user attempts, and burst traffic patterns.

⚡ Features

  • 🟢 Live monitoring mode (real-time log analysis)
  • 📊 Batch mode for static log files
  • 🚨 Suspicious activity detection
  • Burst attack detection (rapid repeated attempts)
  • 🎨 Colored output (risk levels, status)
  • 📈 Change tracking (↑ indicators for increasing activity)
  • 📋 Table output (via tabulate)
  • 💾 Export results to CSV / JSON
  • 🎯 Filtering by IP
  • ⏱️ Time-based analysis (batch mode only)

🚀 Installation

git clone https://github.com/m1tchX/log_analyzer.git
cd log_analyzer
pip install -r requirements.txt

▶️ Usage

🔹 Batch mode (analyze file)

python main.py --mode batch -f logs/sample.log

🔹 Live mode (real-time monitoring)

python main.py --mode live -f logs/sample.log

🔹 Enable burst detection

python main.py --mode live -f logs/sample.log --burst

⚙️ CLI Arguments

Argument Description
--file, -f Path to log file
--mode Execution mode: batch or live
--burst Enable burst detection logic
--threshold, -t Suspicious score threshold
--top, -n Show top N IPs only
--ip Filter by specific IP
--now Override current timestamp (batch)
--days / --hours / --minutes Time window filters (batch only)
--csv Export results to CSV
--json Export results to JSON
--format Table format (github, grid, etc.)
--no_color Disable colored output
--no_stats Hide statistics section
--no_table Hide table output
--no_summary Hide summary section

📊 Example Output

[LIVE MODE]

[+5 new events]

[Brute Force]
192.168.1.10 -> 10 attempts -> HIGH

[All Suspicious IPs]
| IP               | Failed | Invalid | Successful | Score | Risk   | Status   |
|------------------|--------|---------|------------|-------|--------|----------|
| 192.168.1.10 [B] | 10 ↑   | 5 ↑     | 0          | 30 ↑  | HIGH   | STABLE   |

🧠 Detection Logic

The analyzer processes logs and builds per-IP behavioral profiles:

Tracks authentication attempts (failed / invalid / successful) Computes a risk score per IP Identifies: brute-force patterns invalid credential probing burst traffic (request spikes in time window) Burst detection

Triggered when an IP exceeds a threshold of requests within a fixed time window.

📁 Project Structure

log_analyzer/
│
├── main.py              # CLI entrypoint
├── launcher.py          # interactive menu launcher
├── runner.py            # batch/live execution engine
├── parser.py            # log parsing logic
├── analyzer.py          # scoring + detection logic
├── reporter.py          # table + stats output
├── utils.py             # helpers (colors, risk, etc.)
├── exporter.py          # CSV / JSON export
│
├── logs/
│   └── sample.log
│
├── requirements.txt
└── README.md

📦 Requirements

tabulate
colorama

🎯 Why This Project?

This project simulates real-world log monitoring tools (like fail2ban) with a focus on:

  • real-time processing
  • anomaly detection
  • terminal-based visualization

About

A Python-based CLI log analysis tool for detecting suspicious network activity. Supports real-time monitoring and batch processing, with brute-force detection, burst traffic analysis, risk scoring, and structured terminal output.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages