The module takes access logs as written by Tomcat and finds IPs and does some geo-location checks. The analyzer sits on top of common log file format grammar for ANTLR4, which was modified to allow IPv6 addresses. Geo-data are fetched via ipstack. A access key is required.
- Python 3 installed
- Internet connection
- (optional) Java 8 Runtime installed and available via PATH environment variable if rebuilding or modification of the grammar is required.
In case the grammar should be extended to cater for more cases:
In the etc/grammar directory do the following:
java -jar ../tools/antlr-4.7.1-complete.jar -Dlanguage=Python3 clf.g4Move the generated files to aloga/clf directory. Don't modify the files, even they are not PEP8 compliant.
The module is configured by a traditional ini-file.
| Name | Description |
|---|---|
| log.file | Name of the logging file |
| log.level | Logging output level. Supported values are: DEBUG, INFO, WARN, ERROR, FATAL |
| timeout | Timeout for HTTP requests |
| ipstack.key | Access key for ipstack API |
Anaconda users:
Antlr4 runtime seems not to be part of Anaconda repositories
git clone [email protected]:bernd-clemenz/aloga.gitSwitch to the installation directory and run:
python setup.py installSetup takes care of resolving the dependencies.
The module is executable like this:
python -m aloga --conf=aloga.ini --alogafile=access_log --out=access_data --nogeo=False| Name | Description |
|---|---|
| conf | Name of the configuration file, defaults to aloga.ini |
| alogfile | Access log file name to interpret |
| out | Base file name, without extension, of output file(s) |
| nogeo | deactivates reading fetching of geo-data, defaults to True |
- a JSON file with parsed access data, where remote hosts are keys
- some basic statistical evaluations per host. Frequency of HTTP-Status-Types, GEO location data.
- simple bar-chart image access histogram as PNG
- a CSV file with all access data
For the grammar file clf.g4:
BSD License Copyright (c) 2016, Tom Everett All rights reserved.