LogGuardian reads server log files, identifies failed login attempts, and outputs IP addresses that have failed to log in three or more times. This helps identify potential malicious actors based on repeated invalid attempts.
- Processes log files using Java's
String.splitmethod to parse each line. - Extracts IP addresses and tracks the count of failed login attempts.
- Outputs IP addresses with three or more failures to a specified output file.
-
Log Parsing:
- Reads a log file line by line.
- Identifies lines with failed login attempts based on specific keywords (e.g., "Invalid").
- Extracts IP addresses from the log entries.
-
Failure Tracking:
- Maintains a count of failed login attempts for each IP address.
- Tracks only IP addresses that fail to log in three or more times.
-
Output File:
- Writes the list of flagged IP addresses to a specified output file.
- Compile the Program:
javac Fail2Ban.java
- Run the Program:
java Fail2Ban <log_file> <output_file>
Example: java Fail2Ban logs_processed.txt output.txt
Fail2Ban.java: Main program logic for parsing logs and generating output.logs_processed.txt: Sample log file for testing.output.txt: Example output file containing flagged IP addresses.README.txt: Explains the implementation and provides additional instructions.