HxHippy

Log Analyzer Script

Parse and analyze common log formats. Extract IPs, count errors, identify patterns, and generate reports.

Last updated: 2024-12-15

Overview

Versatile log analyzer for common log formats (Apache, Nginx, syslog). Extracts statistics, identifies issues, and generates summary reports.

The Script

#!/bin/bash
# Log Analyzer Script
# Parse and analyze various log formats

set -euo pipefail

LOG_TYPE="auto"
TOP_N=10

LOGFILE="$1"

if [ ! -f "$LOGFILE" ]; then
    echo "Error: File not found: $LOGFILE"
    exit 1
fi

echo "========================================"
echo " LOG ANALYSIS REPORT"
echo " File: $LOGFILE"
echo " Type: $LOG_TYPE"
echo " Date: $(date)"
echo "========================================"

# Basic stats
TOTAL_LINES=$(wc -l < "$LOGFILE")
FILE_SIZE=$(du -h "$LOGFILE" | cut -f1)

echo "Total lines: $TOTAL_LINES"
echo "File size: $FILE_SIZE"

# Top IPs
echo "TOP $TOP_N IP ADDRESSES"
awk '{print $1}' "$LOGFILE" | sort | uniq -c | sort -rn | head -$TOP_N

echo "========================================"
echo " ANALYSIS COMPLETE"
echo "========================================"

Usage Examples

# Analyze Nginx access log
./log-analyzer.sh /var/log/nginx/access.log

# Focus on errors in Apache log
./log-analyzer.sh -e -t apache /var/log/apache2/error.log

# Auth log analysis with IP focus
./log-analyzer.sh -i /var/log/auth.log

Quick One-Liners

# Top IPs in access log
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head

# HTTP status code distribution
awk '{print $9}' access.log | sort | uniq -c | sort -rn

# Failed SSH attempts
grep "Failed password" /var/log/auth.log | grep -oE '[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+' | sort | uniq -c | sort -rn
intermediate Text Processing Updated 2024-12-15
  • log
  • analysis
  • parsing
  • awk
  • grep
  • errors
  • ip addresses
  • apache
  • nginx