In [1]:
import re
from datetime import datetime, timedelta
from collections import defaultdict

# 1. Load logs from file
def load_logs(file_path):
    with open(file_path, 'r') as f:
        return f.readlines()

# 2. Parse IPs and timestamps
def parse_logs(log_lines):
    pattern = re.compile(r'(?P<ip>\d+\.\d+\.\d+\.\d+).*?\[(?P<datetime>[^\]]+)\]')
    ip_timestamps = defaultdict(list)

    for line in log_lines:
        match = pattern.search(line)
        if match:
            ip = match.group('ip')
            dt_str = match.group('datetime').split()[0]  # remove timezone
            dt_obj = datetime.strptime(dt_str, "%d/%b/%Y:%H:%M:%S")
            ip_timestamps[ip].append(dt_obj)

    return ip_timestamps

# 3. Detect IPs with 10+ requests in 1 minute
def detect_suspicious_ips(ip_timestamps):
    print("\n🔍 Potential scanning or brute-force behavior detected:\n")
    for ip, times in ip_timestamps.items():
        times.sort()
        for i in range(len(times) - 9):
            if times[i+9] - times[i] <= timedelta(minutes=1):
                print(f"⚠️  IP {ip} made 10+ requests between {times[i]} and {times[i+9]}")
                break

# 4. Main
if __name__ == "__main__":
    logs = load_logs("apache_logs.txt")
    ip_data = parse_logs(logs)
    detect_suspicious_ips(ip_data)


🔍 Potential scanning or brute-force behavior detected:

⚠️  IP 83.149.9.216 made 10+ requests between 2015-05-17 10:05:00 and 2015-05-17 10:05:30
⚠️  IP 66.249.73.135 made 10+ requests between 2015-05-17 19:05:00 and 2015-05-17 19:05:57
⚠️  IP 207.241.237.228 made 10+ requests between 2015-05-18 03:05:00 and 2015-05-18 03:05:24
⚠️  IP 218.30.103.62 made 10+ requests between 2015-05-17 11:05:00 and 2015-05-17 11:05:46
⚠️  IP 208.115.111.72 made 10+ requests between 2015-05-17 11:05:00 and 2015-05-17 11:05:16
⚠️  IP 100.43.83.137 made 10+ requests between 2015-05-18 10:05:01 and 2015-05-18 10:05:44
⚠️  IP 108.32.74.68 made 10+ requests between 2015-05-17 12:05:02 and 2015-05-17 12:05:37
⚠️  IP 111.199.235.239 made 10+ requests between 2015-05-17 13:05:01 and 2015-05-17 13:05:14
⚠️  IP 108.171.116.194 made 10+ requests between 2015-05-17 13:05:03 and 2015-05-17 13:05:53
⚠️  IP 144.76.194.187 made 10+ requests between 2015-05-17 13:05:00 and 2015-05-17 13:05:10
⚠️  IP 75.97.9.59 made 10+ 