Skip to content
/ loganal Public

Analyses syslogs for warnings, errors and critical events

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cryptrz/loganal

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
README.md
README.md
 
 
loganal.sh
loganal.sh
 
 

Repository files navigation

loganal creates a quick report for a chosen log file.

Description

Example for syslog:

bash loganal.sh /var/log/syslog

or

chmod +x loganal.sh
./loganal.sh /var/log/syslog

When the analysis is done, a message with the report's path appears, it's saved in the current folder:

Analysis complete. Report saved to '/home/johndoe/loganal/log_report_2025-01-01.txt'.

Then you can read it using cat:

cat log_report_2025-01-01.txt

The report looks like this:

Log Analysis Report - Mon Jan  1 12:34:56 AM CET 2025
Analyzed Log File: /var/log/syslog

syslog Total Error Count: 61
syslog Total Warning Count: 34

syslog Critical Events (line numbers):

***************
JOURNALCTL LOGS
***************
Error Count since yesterday: 22
Error Count since 1 week: 26
Error Count since 1 month: 41

Critical events since yesterday: 
Jan 10 14:46:17 ubuntu sudo[4163]: pam_unix(sudo:auth): auth could not identify password for [johndoe]

Critical events since 1 week: 
Jan 01 10:46:17 ubuntu sudo[4163]: pam_unix(sudo:auth): auth could not identify password for [johndoe]

Critical events since 1 month: 
Jan 01 10:46:17 ubuntu sudo[4163]: pam_unix(sudo:auth): auth could not identify password for [johndoe]

In addition to the chosen file, journalctl information is added

Requirements for the email feature (Optional)

Install Postfix and bsd-mailx

  • sudo apt install postfix bsd-mailx
    • Choose internet site
    • Type a name

Enable and start Postfix

  • sudo systemctl enable postfix
  • sudo systemctl start postfix

Configure

  • sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.old
  • sudo vim /etc/postfix/main.cf → Replace inet_interfaces=all with inet_interfaces=loopback-only

Autorize Postfix to communicate

  • sudo ufw allow Postfix
  • sudo ufw allow "Postfix SMTPS"
  • sudo ufw allow "Postfix Submission"

Test the SMTP server

  • telnet localhost 25, you should see something like 220 hostname.isp.domain ESMTP Postfix (Hostname)

  • mailx [email protected] and then enter the Subject, content, CC, and check if you received the email

When it works, just open the script with an editor and assign the email address to the variable MAIL_RECIPIENT. You'll receive the report generated by loganal.sh (Check the spam folder if you don't see it in your Inbox).

About

Analyses syslogs for warnings, errors and critical events

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages