This Python program parses flow log data and a lookup table, maps each flow log entry to a tag, and generates an output file with:
- The count of matches for each tag.
- The count of matches for each port/protocol combination.
- Supported Log Version: Only version 2.
- Protocols: Supports TCP (6), UDP (17), and ICMP (1).
- Unknown Entries: Entries with no match are tagged as Untagged.
- Lookup Table: CSV format with dstport, protocol, and tag.
- Place flow_logs.csv and lookup_table.csv in the same directory as the program.
- Run the program:
python main.py- Output file flow_log_analysis_output.txt will be generated.