Log Analyser

The script will parse the log file, detect patterns, and send alerts to the configured AWS Lambda function after a number of login attempts.

---

Features

• Pattern Matching: Uses regular expressions to detect:
  • Failed login attempts
  • Successful logins
• Triggers an AWS Lambda function if a user exceeds a threshold of failed login attempts.
• Sends alert payload to Lambda function for further processing

---

Requirements

• Python 3.7+
• boto3
• AWS credentials configured (via environment variables, AWS CLI, or IAM role)
• An AWS Lambda function set up to receive and process alert payloads

---

Setup

1. Clone the Repository

   git clone https://github.com/yourusername/log-analyser.git
   cd log-analyser

2. Install Dependencies

   pip install boto3

Configure AWS

• create a new AWS account
• search for sns

• click topics

• click create topic
• there are two types of topic, choose standard

• provide a name for your topic and click create topic
• copy the topic ARN and save it somewhere

lets add subscriptions

• click subscriptions on the left nav bar

• click create subscription
• select your topic arn and select email as the protocol. then enter your email for endpoint

• confirmation mail will be sent to the endpoint email address

Create lambda function

• search for lambda

• click functions
• Click create functions
• select Author from scratch

• enter function name and select python (or whichever language you are using) as the runtime

• leave the rest as default then click create function

by default, basic execution role is attached to your lambda function. if you need your lambda do more, then you need to add more permissions

lambda execution role

We will give the lambda execution permission to publish the sns message on your newly created lambda function page

• open your lambda function dashboard

• click configuration, then click permissions
• click the link under role name

• it will take you to a new page.
• under permsisions, click add permissions, then create inline policy

• clickd on json editor on the top right
• pasted this

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublishSNSMessage",
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": "arn:aws:sns:your-region:your-account-number:your-topic-name"
        }
    ]
}

• changed resource to the arn of the topic you create previously. the one that was saved
• click next
• give policy a name
• click create policy

IAM user permission

To be able to invoke the lambda function from anywhere, the IAM role should have the permission to invoke

• on the page for the lambda function, click configuration, then permissions

• click the link under role name heading

• on the new page, click add permission, then create inline policy

• select lambda as service from the dropdown

• filter for InvokeFunction

• then add the arn of your lambda function

• gave policy a name, then clicked create policy

Protecting the lambda function

You need to also secure the lambda function

• You can use environment variables to store sensitive information like the Lambda function name in your code

function_name = os.getenv('LAMBDA_FUNCTION_NAME')

• restrict the IAM role to only invoke the lambda function

• Add validation logic in your Lambda function to ensure the payload contains only expected data:

def lambda_handler(event, context):
    required_keys = {'alert_type', 'user', 'ip', 'timestamp', 'occurrence'}
    if not required_keys.issubset(event.keys()):
        raise ValueError("Invalid payload")
    # the events lambda should carry out will go below  

• to add that, click code and enter into the code editor

there invoke function for lambda in the code. it takes the payload and send to email