The firewall serves as the first line of defence, regulating incoming and outgoing network traffic based on an applied rule set. The logs generated by the firewall
provide valuable data that can be analyzed to detect anomalies, identify patterns of malicious activity, and aid in fortifying the network against attacks.
By analyzing Firewall logs the following objectives can be achieved.
- Detect and respond to threats in real-time.
- Enhance their understanding of the traffic patterns.
- Improve their network's security posture by adjusting firewall rules based on the insights gained from the logs.
- Comply with industry regulations that mandate the monitoring and analysis of security logs.
This script is written completely in Python(3.11). This script can process logs generated by the firewalls and helps to get meaningful insights.
As shown above replace the location of your log file instead of "path to the log file" in the main funciton and run the script.
The insights will be printed in the Terminal.
- This script will separate the logs whose action is "BLOCK"
- This script will print the total log count and the counts of "ALLOW" and "BLOCK" actions separately
- The result also includes the top 5 source IPs and top 5 destination IPs based on the count they were involved in the actions
- For the ease of identifying potential threats the IP addresses of Sources whose actions are blocked will be printed separately,
This will help to find the trends and patterns found in the logs.
- A Sample log file (sample_log.csv) has been provided with the source code.
- This code process log files in .csv format