In [7]:
import re
from collections import Counter

def parse_log_line(line):
    pattern = r'(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+) (\S+)'
    match = re.match(pattern, line)
    if match:
        return match.groups()
    else:
        return None

def analyze_logs(log_file):
    ip_counter = Counter()
    port_counter = Counter()

    with open(log_file, 'r') as file:
        for line in file:
            log_entry = parse_log_line(line)
            if log_entry:
                timestamp, action, protocol, src_ip, dst_ip, src_port, dst_port, _, _, _, _ = log_entry

                if action == 'ALLOW':
                    ip_counter[src_ip] += 1
                    ip_counter[dst_ip] += 1
                    port_counter[src_port] += 1
                    port_counter[dst_port] += 1

    return ip_counter, port_counter

def generate_report(ip_counter, port_counter):
    
    report = "Firewall Log Analysis Report\n\n"
    report += "Top Source/Destination IP Addresses:\n"
    for ip, count in ip_counter.most_common(10):
        report += f"{ip}: {count} occurrences\n"

    report += "\nTop Source/Destination Ports:\n"
    for port, count in port_counter.most_common(10):
        report += f"Port {port}: {count} occurrences\n"

    return report

if __name__ == "__main__":
    log_file_path = "path/to/your/log/file.log"  # log file
    ip_counter, port_counter = analyze_logs("firewalllog_2023_11_7.log.txt")
    report = generate_report(ip_counter, port_counter)

    with open("firewall_analysis_report.txt", 'w') as report_file:
        report_file.write(report)

    print("Analysis completed. Check 'firewall_analysis_report.txt' for the report.")


Analysis completed. Check 'firewall_analysis_report.txt' for the report.
