In [2]:
import re
from collections import defaultdict
from datetime import datetime

LOG_FILE = "logs.txt"
FAILED_LOGIN_THRESHOLD = 3
REPORT_FILE = "report.txt"

def read_logs(file_path):
    try:
        with open(file_path, "r") as file:
            return file.readlines()
    except FileNotFoundError:
        print("Log file not found.")
        return []

def detect_failed_logins(logs):
    failed_attempts = defaultdict(int)

    for line in logs:
        if "Login failed" in line:
            ip_match = re.search(r'ip=([\d\.]+)', line)
            if ip_match:
                ip = ip_match.group(1)
                failed_attempts[ip] += 1

    return failed_attempts

def decision_agent(failed_attempts):
    alerts = []

    for ip, count in failed_attempts.items():
        if count >= FAILED_LOGIN_THRESHOLD:
            alerts.append({
                "ip": ip,
                "attempts": count,
                "threat": "Possible Brute Force Attack",
                "severity": "HIGH"
            })

    return alerts

def generate_report(alerts):
    timestamp = datetime.now().strftime("%Y-%m-%d %H:%M:%S")

    with open(REPORT_FILE, "w") as report:
        report.write("CYBERSECURITY LOG ANALYSIS REPORT\n")
        report.write("=" * 40 + "\n")
        report.write(f"Generated at: {timestamp}\n\n")

        if not alerts:
            report.write("No suspicious activity detected.\n")
        else:
            for alert in alerts:
                report.write(f"IP Address   : {alert['ip']}\n")
                report.write(f"Attempts     : {alert['attempts']}\n")
                report.write(f"Threat       : {alert['threat']}\n")
                report.write(f"Severity     : {alert['severity']}\n")
                report.write("-" * 30 + "\n")

    print("Security report generated successfully.")

def run_agent():
    print("[Agent] Reading logs...")
    logs = read_logs(LOG_FILE)

    print("[Agent] Analyzing failed login attempts...")
    failed_attempts = detect_failed_logins(logs)

    print("[Agent] Making security decisions...")
    alerts = decision_agent(failed_attempts)

    print("[Agent] Generating alert report...")
    generate_report(alerts)

    print("[Agent] Analysis completed.")

    run_agent()
