scripts/log-analyzer.sh — the single entry point for all analyses.
The script is self-contained, works on any Linux system with standard tools (grep, awk, sort, uniq), and handles both file and piped input.
Analyze /var/log/syslog with all checks:
bash scripts/log-analyzer.sh -f /var/log/syslog --all
Or pipe logs directly:
journalctl -u nginx --since "24 hours ago" | bash scripts/log-analyzer.sh --all
| Option | Description |
|---|---|
| --- | --- |
-f | Log file to analyze (use - for stdin) |
-p | Custom error pattern (default: error/i, fail/i, warn/i, critical/i, exception) |
-t | Time window in hours (default: 24) |
--errors | Find top error messages and their frequency |
--time-analysis | Group errors by time period (hourly/daily) |
--ips | Analyze IP frequency from log entries |
--spikes | Identify unusual patterns and spikes |
--all | Run all analyses (default if no option given) |
--help | Show this help message |
--errors)Scans for configured error patterns, groups and sorts by frequency, shows the top most common error messages.
--time-analysis)Groups errors into hourly and daily buckets to show when issues occur most frequently.
--ips)Extracts IPv4 addresses from log entries, counts occurrences, and shows the top sources.
--spikes)Compares error counts per time bucket against the average. Flags buckets that exceed 2x the average as potential anomalies.
-f - explicitly when piping-t or pre-filtering with grep共 1 个版本