| name | log-analysis |
| description | Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs. |
| allowed-tools | Read Grep Glob |
| metadata | {"tags":"logs, analysis, debugging, monitoring, grep, patterns","platforms":"Claude, ChatGPT, Gemini"} |
Log Analysis
When to use this skill
- Error debugging: analyze the root cause of application errors
- Performance analysis: analyze response times and throughput
- Security audit: detect anomalous access patterns
- Incident response: investigate the root cause during an outage
Instructions
Step 1: Locate Log Files
/var/log/
/var/log/nginx/
/var/log/apache2/
./logs/
Step 2: Search for Error Patterns
Common error search:
grep -i "error\|exception\|fail" application.log
tail -100 application.log | grep -i error
grep -E "^\[.*ERROR" application.log
HTTP error codes:
grep -E "HTTP/[0-9.]+ 5[0-9]{2}" access.log
grep -E "HTTP/[0-9.]+ 4[0-9]{2}" access.log
grep "HTTP/1.1\" 500" access.log
Step 3: Pattern Analysis
Time-based analysis:
grep -i error application.log | cut -d' ' -f1,2 | sort | uniq -c | sort -rn
grep "2025-01-05 14:" application.log
IP-based analysis:
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -20
grep "192.168.1.100" access.log
Step 4: Performance Analysis
Response time analysis:
awk '{print $NF}' access.log | sort -n | tail -20
awk '$NF > 1.0 {print $0}' access.log
Traffic volume analysis:
awk '{print $4}' access.log | cut -d: -f1,2,3 | uniq -c
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -20
Step 5: Security Analysis
Suspicious patterns:
grep -iE "(union|select|insert|update|delete|drop).*--" access.log
grep -iE "<script|javascript:|onerror=" access.log
grep -E "\.\./" access.log
grep -E "POST.*/login" access.log | awk '{print $1}' | sort | uniq -c | sort -rn
Output format
Analysis report structure
# Log analysis report
## Summary
- Analysis window: YYYY-MM-DD HH:MM ~ YYYY-MM-DD HH:MM
- Total log lines: X,XXX
- Error count: XXX
- Warning count: XXX
## Error analysis
| Error type | Occurrences | Last seen |
|----------|-----------|----------|
| Error A | 150 | 2025-01-05 14:30 |
| Error B | 45 | 2025-01-05 14:25 |
## Recommended actions
1. [Action 1]
2. [Action 2]
Best practices
- Set time range: clearly define the time window to analyze
- Save patterns: script common grep patterns
- Check context: review logs around the error too (
-A, -B options)
- Log rotation: search compressed logs with zgrep as well
Constraints
Required Rules (MUST)
- Perform read-only operations only
- Mask sensitive information (passwords, tokens)
Prohibited (MUST NOT)
- Do not modify log files
- Do not expose sensitive information externally
References
Examples
Example 1: Basic usage
Example 2: Advanced usage