Server Log Analysis

Purpose

Use this Skill to investigate service issues when logs are stored on remote servers.

This Skill assumes:

• The agent can connect to servers via SSH or equivalent remote execution tooling.
• config.yaml in this Skill directory defines service metadata, log paths, and business context.
• Before deep analysis, relevant log snippets should be copied to local temp/ first.

Required Reading

• Read config.yaml first.
• Read reference.md when field details or command patterns are needed.

Core Workflow

1. Read config.yaml.
2. Map the user issue to one or more configured services.
3. Define the smallest necessary investigation scope:
• target service
• target host
• relevant time window
• candidate log files
4. Connect to the target server via SSH or available remote tools.
5. Perform remote checks before downloading:
• file existence and file size
• last modified time
• whether keyword filtering or tail output is sufficient
6. Download only minimal required log snippets to configured local temp/.
7. Analyze local copies for errors, timing correlation, repeated failures, and likely root cause.
8. Output concise diagnosis with conclusions, evidence, uncertainty, and follow-up actions.

Investigation Rules

• Prioritize service definitions and business context in config.yaml; do not guess.
• Prefer remote filtering before full download:
• narrow time window first
• then filter by keywords
• use tail first for recent incidents
• Download full logs only when snippets are insufficient.
• Local filenames should clearly include service, host, and time range.
• Unless explicitly requested, do not fetch sensitive files, binaries, or unrelated large archives.
• For cross-service issues, analyze primary service first, then expand to dependencies.

Service Selection

When user intent is ambiguous:

1. Use service aliases, keywords, and description in config.yaml.
2. Pick the service with the highest semantic match.
3. If still unclear, ask the user which service to inspect before remote connection.

Remote Pre-Check Checklist

Before downloading logs, confirm:

• host configuration matches target service
• configured log files exist
• which log file was updated most recently
• whether rolling logs must be included
• whether issue is recent or historical

Common remote checks include:

• file metadata checks
• recent log tail checks
• quick keyword search
• time-window extraction
• process/service status when needed

Local Download Rules

Store downloaded logs under configured local_temp_dir.

Recommended filename format:

______.log

Priority order:

1. recent tail logs
2. keyword-filtered snippets
3. explicit time-window snippets
4. full file as last resort

Analysis Focus

Focus on:

• startup failures
• repeated exceptions
• timeout and connection issues
• resource pressure signals
• failures in DB/cache/message queue/DNS/HTTP upstream dependencies
• config errors exposed by stack traces or startup logs
• timestamp alignment across related services

The response should include:

• issue summary
• key evidence
• preliminary cause
• confidence level
• next verification steps

Security Constraints

• Treat config.yaml as operations metadata; do not store plaintext secrets.
• Prefer environment variables, key files, or external secret managers for SSH credentials.
• Unless explicitly requested, do not modify remote files or restart services.
• Unless requested, do not auto-delete downloaded logs.

Exception Handling

If remote access fails:

1. Clearly state which step failed.
2. State target host and service.
3. Ask user for correct SSH access method, network path, or credentials.

If configured log path does not exist:

1. Clearly identify missing path.
2. Check whether alternate paths are configured for the same service.
3. Ask user whether deployment paths changed.

Quick Execution Order

Always follow this order:

1. Read config.yaml.
2. Identify service and host.
3. Perform remote log pre-checks.
4. Copy minimal required logs to temp/.
5. Analyze locally.
6. Summarize conclusions with evidence.