In [1]:
import csv
from collections import Counter, defaultdict

LOG_FILE = "sample.log"
OUTPUT_FILE = "log_analysis_results.csv"

# Task 1: Count Requests per IP Address
def count_requests_per_ip(log_lines):
    ip_counts = Counter()
    print(ip_counts)
    for line in log_lines:
        parts = line.split()
#         print(parts)
        ip = parts[0]
        ip_counts[ip] += 1
    print(ip_counts)
    return ip_counts

# Task 2: Identify the Most Frequently Accessed Endpoint
def find_most_accessed_endpoint(log_lines):
    endpoint_counts = Counter()
    for line in log_lines:
        parts = line.split('"')
        if len(parts) > 1:
            request = parts[1]
            endpoint = request.split()[1]
            endpoint_counts[endpoint] += 1
    return endpoint_counts.most_common(1)[0]  # Most frequent endpoint

# Task 3: Detect Suspicious Activity
def detect_suspicious_activity(log_lines, threshold=5):
    failed_attempts = defaultdict(int)
    for line in log_lines:
        if "401" in line or "Invalid credentials" in line:
            ip = line.split()[0]
            failed_attempts[ip] += 1
    return {ip: count for ip, count in failed_attempts.items() if count >= threshold}

# Updated Write-to-CSV function
def write_to_csv(ip_requests, most_accessed_endpoint, failed_logins, output_file):
    with open(output_file, "w") as file:
        writer = csv.writer(file, delimiter=" ", lineterminator="\n")

        # Write IP request counts
        writer.writerow(["IP Address".ljust(20), "Request Count".ljust(15)])
        for ip, count in ip_requests.most_common():
            writer.writerow([ip.ljust(20), str(count).center(15)])
        writer.writerow([])  # Blank row for spacing

        # Write most accessed endpoint
        writer.writerow(["Most Frequently Accessed Endpoint:"])
        writer.writerow([most_accessed_endpoint[0].ljust(20), f"Accessed {most_accessed_endpoint[1]} times".ljust(15)])
        writer.writerow([])  # Blank row for spacing

        # Write suspicious activity
        writer.writerow(["Suspicious Activity Detected:"])
        writer.writerow(["IP Address".ljust(20), "Failed Login Attempts".ljust(15)])
        for ip, count in failed_logins.items():
            writer.writerow([ip.ljust(20), str(count).center(15)])
        writer.writerow([])  # Blank row for spacing

# Main function
def main():
    with open(LOG_FILE, "r") as file:
        log_lines = file.readlines()

    # Task 1: Count requests per IP
    ip_requests = count_requests_per_ip(log_lines)
    
    # Task 2: Identify most accessed endpoint
    most_accessed_endpoint = find_most_accessed_endpoint(log_lines)
    
    # Task 3: Detect suspicious activity
    failed_logins = detect_suspicious_activity(log_lines)
    
    # Print results
    print("IP Address           Request Count")
    for ip, count in ip_requests.most_common():
        print(f"{ip:20}{count}")
    
    print("\nMost Frequently Accessed Endpoint:")
    print(f"{most_accessed_endpoint[0]} (Accessed {most_accessed_endpoint[1]} times)")
    
    print("\nSuspicious Activity Detected:")
    print("IP Address           Failed Login Attempts")
    if failed_logins:
        for ip, count in failed_logins.items():
            print(f"{ip:20}{count}")
    else:
        print("No suspicious activity detected.")
    
    # Task 4: Save results to CSV
    write_to_csv(ip_requests, most_accessed_endpoint, failed_logins, OUTPUT_FILE)
    print(f"\nResults saved to {OUTPUT_FILE}")

if __name__ == "__main__":
    main()


Counter()
Counter({'203.0.113.5': 8, '198.51.100.23': 8, '192.168.1.1': 7, '10.0.0.2': 6, '192.168.1.100': 5})
IP Address           Request Count
203.0.113.5         8
198.51.100.23       8
192.168.1.1         7
10.0.0.2            6
192.168.1.100       5

Most Frequently Accessed Endpoint:
/login (Accessed 13 times)

Suspicious Activity Detected:
IP Address           Failed Login Attempts
203.0.113.5         8
192.168.1.100       5

Results saved to log_analysis_results.csv
