splunk_local/generators/web_logs.py

#!/usr/bin/env python3
"""
Web access log generator for Splunk testing
Generates realistic Apache/Nginx style access logs
"""

import time
import random
import datetime
from pathlib import Path

# Sample data for realistic log generation
USER_AGENTS = [
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
    "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36",
    "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36",
    "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X)",
    "Mozilla/5.0 (Android 11; Mobile; rv:89.0) Gecko/89.0"
]

IP_RANGES = [
    "192.168.1.", "10.0.0.", "172.16.1.", "203.0.113.", "198.51.100."
]

PATHS = [
    "/", "/login", "/dashboard", "/api/users", "/api/data", "/static/css/main.css",
    "/static/js/app.js", "/images/logo.png", "/favicon.ico", "/health",
    "/admin", "/profile", "/settings", "/logout", "/search"
]

HTTP_METHODS = ["GET", "POST", "PUT", "DELETE", "HEAD", "OPTIONS"]

STATUS_CODES = [200, 200, 200, 200, 201, 301, 302, 400, 401, 403, 404, 500, 502, 503]

def generate_ip():
    range_prefix = random.choice(IP_RANGES)
    return f"{range_prefix}{random.randint(1, 254)}"

def generate_log_entry():
    ip = generate_ip()
    timestamp = datetime.datetime.now().strftime("%d/%b/%Y:%H:%M:%S %z")
    method = random.choice(HTTP_METHODS)
    path = random.choice(PATHS)
    status = random.choice(STATUS_CODES)
    size = random.randint(100, 50000)
    user_agent = random.choice(USER_AGENTS)
    
    # Apache Common Log Format with User-Agent
    log_entry = f'{ip} - - [{timestamp}] "{method} {path} HTTP/1.1" {status} {size} "-" "{user_agent}"'
    return log_entry

def main():
    log_file = Path("/var/log/app/web_access.log")
    log_file.parent.mkdir(parents=True, exist_ok=True)
    
    print("Starting web access log generator...")
    
    while True:
        try:
            log_entry = generate_log_entry()
            
            with open(log_file, "a") as f:
                f.write(log_entry + "\n")
            
            print(f"Generated: {log_entry}")
            
            # Random delay between 1-10 seconds
            time.sleep(random.uniform(1, 10))
            
        except KeyboardInterrupt:
            print("Stopping web log generator...")
            break
        except Exception as e:
            print(f"Error: {e}")
            time.sleep(5)

if __name__ == "__main__":
    main()