Анализатор Файлов Логов
Продвинутый скрипт анализа логов, который анализирует системные логи и сообщает об ошибках, предупреждениях и важных событиях.
Опубликовано: 05.03.2024
Код
#!/bin/bash
# Log File Analyzer
LOG_FILE="${1:-/var/log/syslog}"
OUTPUT_FILE="log_report_$(date +%Y%m%d_%H%M%S).txt"
echo "Analyzing log file: $LOG_FILE"
echo ""
if [ ! -f "$LOG_FILE" ]; then
echo "Error: Log file not found!"
exit 1
fi
{
echo "======================================"
echo " LOG ANALYSIS REPORT"
echo "======================================"
echo "Log File: $LOG_FILE"
echo "Analysis Date: $(date)"
echo "Report Generated By: $(whoami)@$(hostname)"
echo ""
echo "--- SUMMARY ---"
echo "Total Lines: $(wc -l < "$LOG_FILE")"
echo "File Size: $(du -h "$LOG_FILE" | cut -f1)"
echo ""
echo "--- ERROR COUNT ---"
ERROR_COUNT=$(grep -i "error" "$LOG_FILE" | wc -l)
echo "Errors: $ERROR_COUNT"
WARN_COUNT=$(grep -i "warn" "$LOG_FILE" | wc -l)
echo "Warnings: $WARN_COUNT"
CRIT_COUNT=$(grep -i "critical" "$LOG_FILE" | wc -l)
echo "Critical: $CRIT_COUNT"
echo ""
echo "--- RECENT ERRORS (Last 20) ---"
grep -i "error" "$LOG_FILE" | tail -n 20
echo ""
echo "--- TOP ERROR MESSAGES ---"
grep -i "error" "$LOG_FILE" | cut -d: -f4- | sort | uniq -c | sort -rn | head -n 10
echo ""
echo "--- AUTHENTICATION FAILURES ---"
grep -i "failed password" "$LOG_FILE" | tail -n 10
echo ""
echo "--- SUDO USAGE ---"
grep -i "sudo" "$LOG_FILE" | tail -n 10
echo ""
echo "--- SERVICE RESTARTS ---"
grep -i "start\|stop\|restart" "$LOG_FILE" | tail -n 10
echo ""
echo "--- TOP IP ADDRESSES ---"
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" "$LOG_FILE" | sort | uniq -c | sort -rn | head -n 10
echo ""
echo "======================================"
echo "Report completed: $(date)"
echo "======================================"
} | tee "$OUTPUT_FILE"
echo ""
echo "✓ Report saved to: $OUTPUT_FILE"Использование
chmod +x log_analyzer.sh
# Analyze default syslog
./log_analyzer.sh
# Specific log file
./log_analyzer.sh /var/log/apache2/error.log
# Nginx error log
./log_analyzer.sh /var/log/nginx/error.log