ClawHub

Logfile Analyzer

Analyze application logs to produce actionable error digests with pattern detection, severity classification, trend analysis, and remediation recommendations. Supports auto-detection of common log formats including syslog, JSON structured logs, Apache/Nginx access and error logs, Python tracebacks, Node.js errors, Docker logs, and generic timestamped formats. Use when asked to analyze logs, debug errors from log files, find recurring issues in logs, create error reports from log data, investigate production incidents from logs, summarize log output, identify error patterns, check application health from logs, or parse server logs. Triggers on "analyze logs", "check logs", "log errors", "error digest", "parse logs", "log report", "what's failing", "production errors", "log summary", "incident analysis", "error patterns".

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalAdvisory

Multi-engine malware detections and file reputation.

Install

openclaw skills install logfile-analyzer

Log Analyzer

Parse application logs into actionable error digests with pattern grouping, severity classification, trend detection, and remediation recommendations.

Quick Start

# Analyze a single log file
python3 scripts/analyze_logs.py /var/log/app.log

# Analyze all logs in a directory
python3 scripts/analyze_logs.py /var/log/myapp/

# Last 24 hours only, errors and above
python3 scripts/analyze_logs.py /var/log/app.log --since 24h --severity error

# JSON output for programmatic use
python3 scripts/analyze_logs.py /var/log/app.log --output json

# Markdown report with trends
python3 scripts/analyze_logs.py /var/log/app.log --output markdown --trends

# Ignore noisy patterns
python3 scripts/analyze_logs.py /var/log/app.log --ignore "healthcheck" --ignore "GET /favicon"

Supported Formats (Auto-Detected)

  • JSON structured — Bunyan, Winston, Pino, structlog, any {"level": ..., "msg": ...} format
  • Syslog — RFC 3164 (Mar 28 02:31:00 host service: msg)
  • Apache/Nginx access — Combined log format
  • Nginx error2026/03/28 02:31:00 [error] ...
  • Python tracebacks — Multi-line traceback collection
  • Docker — ISO 8601 timestamps with container output
  • Generic timestamped[2026-03-28 02:31:00] LEVEL: message

Force format with --format <name> if auto-detection fails.

What It Does

  1. Parses log entries with format auto-detection
  2. Classifies severity (TRACE → DEBUG → INFO → WARN → ERROR → FATAL)
  3. Normalizes messages (replaces UUIDs, IPs, timestamps, paths with placeholders)
  4. Groups similar errors by fingerprint to find recurring patterns
  5. Ranks by severity and frequency
  6. Detects trends with --trends (hourly frequency buckets)
  7. Recommends fixes for 15+ known error patterns (OOM, connection refused, disk full, timeouts, SSL issues, rate limits, etc.)

Options

FlagDefaultDescription
--formatautoForce log format
--sinceallTime filter (1h, 24h, 7d, or ISO date)
--severitywarnMinimum severity to report
--top20Number of top patterns to show
--outputtextOutput format: text, json, markdown
--trendsoffShow hourly frequency trends
--ignorenoneRegex patterns to exclude (repeatable)
-qoffSummary only, skip individual entries

Exit Codes

  • 0 — No errors found
  • 1 — Errors found (warn/error level)
  • 2 — Fatal/critical entries found

Use in CI/CD pipelines to fail builds on log errors.

Workflow

Incident Investigation

  1. Run with --since 1h --severity error --trends to see recent errors with frequency
  2. Review top patterns — the most frequent errors are usually the root cause
  3. Check recommendations for known patterns
  4. Use --output json to feed into monitoring dashboards

Periodic Health Check

  1. Run with --since 24h --output markdown for a daily report
  2. Compare pattern counts across days to spot trends
  3. Set up as cron job for automated daily digests

Deep Dive

  1. Run with --severity debug to see full picture
  2. Use --ignore to filter out known noise
  3. Check references/error-patterns.md for detailed remediation steps on specific error types

Error Pattern Reference

For detailed remediation guidance on specific error types (memory, network, database, SSL, etc.), see references/error-patterns.md.