Install
openclaw skills install cm-log-analyzerLog Analyzer
v1.0.0Analyze application logs to produce actionable error digests with pattern detection, severity classification, trend analysis, and remediation recommendations...
0· 16· 1 versions· 0 current· 0 all-time· Updated 4h ago· MIT-0
Security Scans
Log Analyzer
Parse application logs into actionable error digests with pattern grouping, severity classification, trend detection, and remediation recommendations.
Quick Start
# Analyze a single log file
python3 scripts/analyze_logs.py /var/log/app.log
# Analyze all logs in a directory
python3 scripts/analyze_logs.py /var/log/myapp/
# Last 24 hours only, errors and above
python3 scripts/analyze_logs.py /var/log/app.log --since 24h --severity error
# JSON output for programmatic use
python3 scripts/analyze_logs.py /var/log/app.log --output json
# Markdown report with trends
python3 scripts/analyze_logs.py /var/log/app.log --output markdown --trends
# Ignore noisy patterns
python3 scripts/analyze_logs.py /var/log/app.log --ignore "healthcheck" --ignore "GET /favicon"
Supported Formats (Auto-Detected)
- JSON structured — Bunyan, Winston, Pino, structlog, any
{"level": ..., "msg": ...}format - Syslog — RFC 3164 (
Mar 28 02:31:00 host service: msg) - Apache/Nginx access — Combined log format
- Nginx error —
2026/03/28 02:31:00 [error] ... - Python tracebacks — Multi-line traceback collection
- Docker — ISO 8601 timestamps with container output
- Generic timestamped —
[2026-03-28 02:31:00] LEVEL: message
Force format with --format <name> if auto-detection fails.
What It Does
- Parses log entries with format auto-detection
- Classifies severity (TRACE → DEBUG → INFO → WARN → ERROR → FATAL)
- Normalizes messages (replaces UUIDs, IPs, timestamps, paths with placeholders)
- Groups similar errors by fingerprint to find recurring patterns
- Ranks by severity and frequency
- Detects trends with
--trends(hourly frequency buckets) - Recommends fixes for 15+ known error patterns (OOM, connection refused, disk full, timeouts, SSL issues, rate limits, etc.)
Options
| Flag | Default | Description |
|---|---|---|
--format | auto | Force log format |
--since | all | Time filter (1h, 24h, 7d, or ISO date) |
--severity | warn | Minimum severity to report |
--top | 20 | Number of top patterns to show |
--output | text | Output format: text, json, markdown |
--trends | off | Show hourly frequency trends |
--ignore | none | Regex patterns to exclude (repeatable) |
-q | off | Summary only, skip individual entries |
Exit Codes
0— No errors found1— Errors found (warn/error level)2— Fatal/critical entries found
Use in CI/CD pipelines to fail builds on log errors.
Workflow
Incident Investigation
- Run with
--since 1h --severity error --trendsto see recent errors with frequency - Review top patterns — the most frequent errors are usually the root cause
- Check recommendations for known patterns
- Use
--output jsonto feed into monitoring dashboards
Periodic Health Check
- Run with
--since 24h --output markdownfor a daily report - Compare pattern counts across days to spot trends
- Set up as cron job for automated daily digests
Deep Dive
- Run with
--severity debugto see full picture - Use
--ignoreto filter out known noise - Check
references/error-patterns.mdfor detailed remediation steps on specific error types
Error Pattern Reference
For detailed remediation guidance on specific error types (memory, network, database, SSL, etc.), see references/error-patterns.md.
Version tags
latest