Log File Analyzer
Advanced log analysis script that analyzes system logs and reports errors, warnings and important events.
Published: March 05, 2024
Detailed Information
This script analyzes system log files and reports errors, warnings, and important events. Log analysis is critical for detecting system problems and monitoring security events.
What Does This Script Do?
This script analyzes log files to:
- Count error, warning, and critical messages
- List recent errors
- Show most common error messages
- Detect authentication failures
- Report SUDO usage
- Show service restarts
- List most common IP addresses
Why Should You Use It?
Log analysis is fundamental to system management:
- Problem Detection: Quickly find errors
- Security: Detect suspicious activities
- Performance: Analyze system issues
- Reporting: Create detailed log reports
How to Use
Step-by-Step Usage Guide
1. Create Script File
nano log_analyzer.sh2. Make Executable
chmod +x log_analyzer.sh3. Default Log Analysis
./log_analyzer.sh4. Specific Log File Analysis
./log_analyzer.sh /var/log/apache2/error.log
./log_analyzer.sh /var/log/nginx/error.logRequirements
Requirements
- Log File: Log file to analyze
- Read Permission: Permission to read log file
- grep, awk, sort: Basic Linux commands (installed by default)
Use Cases
Use Cases
1. Security Audit
Detect failed login attempts and suspicious IP addresses.
2. Troubleshooting
Quickly resolve issues by analyzing system errors.
3. Performance Analysis
Analyze service restarts and error patterns.
Examples
Usage Examples
Example 1: System Log Analysis
./log_analyzer.shExample 2: Web Server Log Analysis
./log_analyzer.sh /var/log/apache2/error.logCode
#!/bin/bash
# Log File Analyzer
LOG_FILE="${1:-/var/log/syslog}"
OUTPUT_FILE="log_report_$(date +%Y%m%d_%H%M%S).txt"
echo "Analyzing log file: $LOG_FILE"
echo ""
if [ ! -f "$LOG_FILE" ]; then
echo "Error: Log file not found!"
exit 1
fi
{
echo "======================================"
echo " LOG ANALYSIS REPORT"
echo "======================================"
echo "Log File: $LOG_FILE"
echo "Analysis Date: $(date)"
echo "Report Generated By: $(whoami)@$(hostname)"
echo ""
echo "--- SUMMARY ---"
echo "Total Lines: $(wc -l < "$LOG_FILE")"
echo "File Size: $(du -h "$LOG_FILE" | cut -f1)"
echo ""
echo "--- ERROR COUNT ---"
ERROR_COUNT=$(grep -i "error" "$LOG_FILE" | wc -l)
echo "Errors: $ERROR_COUNT"
WARN_COUNT=$(grep -i "warn" "$LOG_FILE" | wc -l)
echo "Warnings: $WARN_COUNT"
CRIT_COUNT=$(grep -i "critical" "$LOG_FILE" | wc -l)
echo "Critical: $CRIT_COUNT"
echo ""
echo "--- RECENT ERRORS (Last 20) ---"
grep -i "error" "$LOG_FILE" | tail -n 20
echo ""
echo "--- TOP ERROR MESSAGES ---"
grep -i "error" "$LOG_FILE" | cut -d: -f4- | sort | uniq -c | sort -rn | head -n 10
echo ""
echo "--- AUTHENTICATION FAILURES ---"
grep -i "failed password" "$LOG_FILE" | tail -n 10
echo ""
echo "--- SUDO USAGE ---"
grep -i "sudo" "$LOG_FILE" | tail -n 10
echo ""
echo "--- SERVICE RESTARTS ---"
grep -i "start\|stop\|restart" "$LOG_FILE" | tail -n 10
echo ""
echo "--- TOP IP ADDRESSES ---"
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" "$LOG_FILE" | sort | uniq -c | sort -rn | head -n 10
echo ""
echo "======================================"
echo "Report completed: $(date)"
echo "======================================"
} | tee "$OUTPUT_FILE"
echo ""
echo "✓ Report saved to: $OUTPUT_FILE"Usage
chmod +x log_analyzer.sh
# Analyze default syslog
./log_analyzer.sh
# Specific log file
./log_analyzer.sh /var/log/apache2/error.log
# Nginx error log
./log_analyzer.sh /var/log/nginx/error.logTroubleshooting
Troubleshooting
Problem: "Log file not found"
Solution: Check log file path:
ls -la /var/log/syslog