AWB ELB log analyzer

These details have not been verified by PyPI

Project description

ELB Log Analyzer

Tool for analyzing ELB logs for automating steps to retreive details of ip's user agent, total request count, to which urls requests were made along with their total count, and http methods in json format.

S3 Bucket Log Downloader

Downloads S3 bucket objects that we created in specified time window.

Installation

Using Pip

python3 -m pip install elb-log-analyzer

AWS configuration

Create IAM policy with below configuration

{
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "S3ListSpecificDirectory",
        "Effect": "Allow",
        "Action": "s3:ListBucket",
        "Resource": "arn:aws:s3:::alb-log-bucket-name"
    },
    {
        "Sid": "S3GetSpecificDirectory",
        "Effect": "Allow",
        "Action": "s3:GetObject",
        "Resource": "arn:aws:s3:::alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/*"
    }
]
}

Note: above policy will allow user to list all contents in the bucket but download objects only from s3://alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/*

Create AWS access keys
Use aws cli to configure access key for boto3
```
aws configure
```

S3 Bucket Log Downloader Usage

Print Help Menu.
```
python3 -m elb_log_analyzer.s3_log -h
```

Download all log files generated in 10 hours from now.

python3 -m elb_log_analyzer.s3_log -b elb-log-bucket -p 'alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/' -H 10

Download all log files generated in 40 mins from now.

python3 -m elb_log_analyzer.s3_log -b elb-log-bucket -p 'alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/' -m 40

Download all log files generated in 20 secs from now.

python3 -m elb_log_analyzer.s3_log -b elb-log-bucket -p 'alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/' -s 20

Download all log files generated in 10 hours, 40 mins and 20 secs from now and store in a directory.

python3 -m elb_log_analyzer.s3_log -b elb-log-bucket -p 'alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/' --hours 10 --minutes 40 --seconds 20 -o './logs/downloads'

Analyzer

Analyzes downloaded log files.

Analyzer Usage

Print Help Menu
```
python3 -m elb_log_analyzer -h
```

Print json data on console

python3 -m elb_log_analyzer -i [INPUT_LOG_FILE_PATH]

Store json data in a file
```
python3 -m elb_log_analyzer -i [INPUT_LOG_FILE_PATH] -o [OUTPUT_FILE_PATH]
```
Note: INPUT_LOG_FILE_PATH can be log file or a directory containing all log files ending with .log extension

Get IP details from IPAbuseDB

python3 -m elb_log_analyzer -i [LOG_FILE_PATH] -t [REQUESTS_THRESHOLD_VALUE] -k [IP_ABUSE_DB_API_KEY] -o [OUTPUT_FILE_PATH]

Alerts

Send alert to slack channel with abusive ip details.

Usage

Send alert from analyzed file

python elb_log_analyzer.alerts -w [SLACK_WEBHOOK] -f [ANALYZED_LOG_FILE_LOCATION]

Dashboard

Dashboard to visualize data.

Dashboard Installation

Install requirements

python3 -m pip install dashboard/requirements.txt

Usage

Start App
```
streamlit run dashboard/app.py
```
Enter Log File/Directory Path

Publish package to pypi

Using poetry

python3 -m poetry publish --build --username [PYPI_USERNAME] --password [PYPI_PASSWORD]

Usage Summary

Download log files

python3 -m elb_log_analyzer.s3_log -b elb-log-bucket -p 'alb-log-bucket-name/AWSLogs/XXXXXXXXXXXX/elasticloadbalancing/aws-region/' -H [HOURS] -o logs

Analyze Log Files

python3 -m elb_log_analyzer -i logs -o log.json -t [REQUEST_THRESHOLD] -k [IP_ABUSE_API_KEY]

Send Alert to slack with client ips having total number of requests greater than threshold requests
```
python -m elb_log_analyzer.alerts -w [SLACK_WEBHOOK] -f [ANALYZED_LOG_FILE_LOCATION]
```
Visualize Analyzed Logs using Dashboard
```
streamlit run dashboard/app.py
```

Docker

Pull image

docker pull dmdhrumilmistry/elb-log-analyzer

Start Container

docker run -it --rm dmdhrumilmistry/elb-log-analyzer "elb_log_analyzer -h"

Project details

These details have not been verified by PyPI

Release history Release notifications | RSS feed

This version

0.5.0

Mar 14, 2023

0.4.2

Mar 13, 2023

0.4.1

Mar 10, 2023

0.4.0

Mar 10, 2023

0.3.0

Mar 9, 2023

0.2.0

Feb 9, 2023

0.1.0

Feb 8, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

elb_log_analyzer-0.5.0.tar.gz (10.1 kB view details)

Uploaded Mar 14, 2023 Source

Built Distribution

elb_log_analyzer-0.5.0-py3-none-any.whl (10.2 kB view details)

Uploaded Mar 14, 2023 Python 3

File details

Details for the file elb_log_analyzer-0.5.0.tar.gz.

File metadata

Download URL: elb_log_analyzer-0.5.0.tar.gz
Upload date: Mar 14, 2023
Size: 10.1 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.3.2 CPython/3.11.2 Darwin/22.3.0

File hashes

Hashes for elb_log_analyzer-0.5.0.tar.gz
Algorithm	Hash digest
SHA256	`bc9c4254cffa7e4fb483b63fd483061798eae5385d2b676d8a5e00e90ae80a60`
MD5	`647c3cc4659f9e19aafc2162d2c2b889`
BLAKE2b-256	`8c4d1fa3057770bf064f2d5739ee7f8f1347cec0bfbc1474281ff67c3e6163ea`

See more details on using hashes here.

File details

Details for the file elb_log_analyzer-0.5.0-py3-none-any.whl.

File metadata

Download URL: elb_log_analyzer-0.5.0-py3-none-any.whl
Upload date: Mar 14, 2023
Size: 10.2 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: poetry/1.3.2 CPython/3.11.2 Darwin/22.3.0

File hashes

Hashes for elb_log_analyzer-0.5.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`4937fd69c491db217361ee68db20799c3c7981b3f19db683c0270bb5d973c188`
MD5	`e181aa349077ada66e17920969bfbe8e`
BLAKE2b-256	`17486abb533c560f24490d7679792f1b9766588eb68fc41efe3de4e409c2524a`