fixes

log_parser.py

@@ -1,5 +1,6 @@
 import re
 
+
 def parse_log_file(log_file_path):
     """
     Parse HAProxy syslog format and identify security threats.
@@ -78,7 +79,7 @@ def parse_log_file(log_file_path):
                 
                 ip_address = ip_match.group(1)
                 
-                # Extract date/time in brackets
+                # Extract date/time in brackets (preferred format)
                 datetime_match = re.search(r'\[(\d{2}/\w+/\d{4}:\d{2}:\d{2}:\d{2})', line)
                 if datetime_match:
                     timestamp = datetime_match.group(1)
@@ -95,10 +96,17 @@ def parse_log_file(log_file_path):
                 # Extract HTTP method and URL
                 http_match = re.search(r'"(\w+)\s+([^\s]+)\s+HTTP', line)
                 if not http_match:
-                    continue
-                
-                http_method = http_match.group(1)
-                requested_url = http_match.group(2)
+                    # Fallback: extract entire request line
+                    request_match = re.search(r'"([^"]*)"', line)
+                    if request_match:
+                        request_line = request_match.group(1).split()
+                        http_method = request_line[0] if len(request_line) > 0 else 'UNKNOWN'
+                        requested_url = request_line[1] if len(request_line) > 1 else '/'
+                    else:
+                        continue
+                else:
+                    http_method = http_match.group(1)
+                    requested_url = http_match.group(2)
                 
                 # Detect threats
                 xss_alert = bool(xss_pattern.search(line))
@@ -107,6 +115,24 @@ def parse_log_file(log_file_path):
                 put_method = http_method == 'PUT'
                 illegal_resource = status_code == '403'
                 
+                # Determine status class for UI coloring
+                status_class = 'secondary'
+                if status_code.startswith('2'):
+                    status_class = 'success'
+                elif status_code.startswith('3'):
+                    status_class = 'info'
+                elif status_code.startswith('4'):
+                    status_class = 'warning'
+                    if illegal_resource:
+                        status_class = 'warning'
+                elif status_code.startswith('5'):
+                    status_class = 'danger'
+                
+                # Add threat flag if any security issue detected
+                has_threat = xss_alert or sql_alert or webshell_alert or put_method or illegal_resource
+                if has_threat:
+                    status_class = 'danger'
+                
                 parsed_entries.append({
                     'timestamp': timestamp,
                     'ip_address': ip_address,
@@ -120,16 +146,20 @@ def parse_log_file(log_file_path):
                     'put_method': put_method,
                     'illegal_resource': illegal_resource,
                     'webshell_alert': webshell_alert,
+                    'status_class': status_class,
+                    'has_threat': has_threat,
+                    'message': f"{frontend}~ {backend} [{status_code}] {http_method} {requested_url}"
                 })
             except Exception as e:
-                print(f"Error parsing line: {e}")
+                print(f"[LOG_PARSER] Error parsing line: {e}", flush=True)
                 continue
     
     except FileNotFoundError:
-        print(f"Log file not found: {log_file_path}")
+        print(f"[LOG_PARSER] Log file not found: {log_file_path}", flush=True)
         return []
     except Exception as e:
-        print(f"Error reading log file: {e}")
+        print(f"[LOG_PARSER] Error reading log file: {e}", flush=True)
         return []
     
+    print(f"[LOG_PARSER] Parsed {len(parsed_entries)} log entries", flush=True)
     return parsed_entries