My first open-source code contribution – spilp

Spilp is a simple Python script that takes IIS logs, parses them and creates statistical reports which can be used to discover unusual IP activity more easily.”

‘Been working on this one for some time now and finally everything I wanted to implement is in place. The whole thing is released under GNU GPL v3 license for everybody to enjoy. You can download the script here. Below is a list of spilp features with links to sample reports.

Features

  • extracts a list of IP addresses with number of hits they made sorted by number of hits
  • extracts a list of “close” IP addresses that made a certain number of hits
  • extracts a list of user agents sorted by number of hits
  • extracts a list of cs-method hits (GET method excluded)
  • extracts a list of file hits sorted by number of hits
  • extracts extended information for document and web file hits
    • includes timestamps, client IP addresses, methods, ports, user agent details and http status codes
  • extracts a list of “unusual” http status code hits sorted by number of hits
    • client IP address list
    • a list of files hit by an IP and number of hits for that file
  • filtering results (include or exclude filtering – works in “either-or” way)
    • ability to auto-generate an IP range list as a filter
  • reverse DNS country lookup using MaxMinds? GeoIP country downloadable database
    • additional info in certain reports
    • filtering results by country of origin (as a separate filtering option using spilpconf.py file)
  • ability to process large amount of IIS log files
  • CONFIG file for performance and output tweaking
Rejoice!