log-analysis
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
80
1.46x
Quality
82%
Does it follow best practices?
Impact
60%
1.46xAverage score across 3 eval scenarios
Securityby
Passed
No known issues
Log Analysis
When to use this skill
- Error debugging: analyze the root cause of application errors
- Performance analysis: analyze response times and throughput
- Security audit: detect anomalous access patterns
- Incident response: investigate the root cause during an outage
Instructions
Step 1: Locate Log Files
# Common log locations
/var/log/ # System logs
/var/log/nginx/ # Nginx logs
/var/log/apache2/ # Apache logs
./logs/ # Application logsStep 2: Search for Error Patterns
Common error search:
# Search ERROR-level logs
grep -i "error\|exception\|fail" application.log
# Recent errors (last 100 lines)
tail -100 application.log | grep -i error
# Errors with timestamps
grep -E "^\[.*ERROR" application.logHTTP error codes:
# 5xx server errors
grep -E "HTTP/[0-9.]+ 5[0-9]{2}" access.log
# 4xx client errors
grep -E "HTTP/[0-9.]+ 4[0-9]{2}" access.log
# Specific error code
grep "HTTP/1.1\" 500" access.logStep 3: Pattern Analysis
Time-based analysis:
# Error count by time window
grep -i error application.log | cut -d' ' -f1,2 | sort | uniq -c | sort -rn
# Logs for a specific time window
grep "2025-01-05 14:" application.logIP-based analysis:
# Request count by IP
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -20
# Activity for a specific IP
grep "192.168.1.100" access.logStep 4: Performance Analysis
Response time analysis:
# Extract response times from Nginx logs
awk '{print $NF}' access.log | sort -n | tail -20
# Slow requests (>= 1 second)
awk '$NF > 1.0 {print $0}' access.logTraffic volume analysis:
# Requests per minute
awk '{print $4}' access.log | cut -d: -f1,2,3 | uniq -c
# Requests per endpoint
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -20Step 5: Security Analysis
Suspicious patterns:
# SQL injection attempts
grep -iE "(union|select|insert|update|delete|drop).*--" access.log
# XSS attempts
grep -iE "<script|javascript:|onerror=" access.log
# Directory traversal
grep -E "\.\./" access.log
# Brute force attack
grep -E "POST.*/login" access.log | awk '{print $1}' | sort | uniq -c | sort -rnOutput format
Analysis report structure
# Log analysis report
## Summary
- Analysis window: YYYY-MM-DD HH:MM ~ YYYY-MM-DD HH:MM
- Total log lines: X,XXX
- Error count: XXX
- Warning count: XXX
## Error analysis
| Error type | Occurrences | Last seen |
|----------|-----------|----------|
| Error A | 150 | 2025-01-05 14:30 |
| Error B | 45 | 2025-01-05 14:25 |
## Recommended actions
1. [Action 1]
2. [Action 2]Best practices
- Set time range: clearly define the time window to analyze
- Save patterns: script common grep patterns
- Check context: review logs around the error too (
-A,-Boptions) - Log rotation: search compressed logs with zgrep as well
Constraints
Required Rules (MUST)
- Perform read-only operations only
- Mask sensitive information (passwords, tokens)
Prohibited (MUST NOT)
- Do not modify log files
- Do not expose sensitive information externally
References
Examples
Example 1: Basic usage
<!-- Add example content here -->Example 2: Advanced usage
<!-- Add advanced example content here -->- Repository
- supercent-io/skills-template
- Commit
c033769
- Last updated
- Created
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.