- git clone
https://github.com/CruiseDevice/illumio-challenge.git - cd
illumio-challenge - Run the script from the command line:
python flow_log_analyzer.py log.txt lookup.csv output.csv
- Reads the lookup table from a CSV file into dictionary.
- Parses the flow log file line by line.
- For each line, it extracts the destination port and protocol
- It looks up the tag for the port/protocol combination in the lookup dictionary.
- It counts the occurrences of each tag and each port/protocol combination.
- Finally, it writes the results to the output CSV file.
- The program only supports default log format and version 2 of flow logs.
- The flow log file is in the format described in the AWS documentation.
- The protocol field in the flow log is numeric (6 for TCP, 17 for UDP, 1 for ICMP)
- The lookup table CSV file has headers 'dstport', 'protocol', and 'tag'
- Tested with the sample flow logs and lookup table provided in the description
- Tested with emply flow log file and empty lookup table.
- Tested with flow log entries that don't match any lookup table entry.
- Tested with large file (upto 10MB) to ensure performance.
- The program uses Python's built-in CSV module for reading and writing CSV files, which is efficient and reliable
- It uses a dictionaty for the lookup table, providing O(1) lookup time.
- The program processes the flow log file line by line, which allows it to handle large files without loading everything into memory at once.