A CLI tool to analyze journalctl logs with specific parsers and LLM integration.
Project description
LogWatch Analyzer
LogWatch Analyzer is a command-line tool to analyze system logs from journalctl on Linux systems. It uses a YAML configuration file to define specific analysis tasks and can leverage a Large Language Model (LLM) via Ollama, Gemini, or other providers for in-depth analysis and report generation.
Features
- Configurable Analysis: Define which logs to analyze directly in the
config.yamlfile. - Specific Parsers: Includes optimized parsers for common events like failed SSH logins and kernel errors.
- LLM Integration: Utilizes a Large Language Model for generic analysis and generating human-readable reports.
- Flexible Output: Displays results in formatted tables in the terminal or generates reports in Markdown format.
- Simple CLI Interface: Easy to use with arguments to list tasks, run specific ones, and set time windows.
Installation
You can install LogWatch Analyzer from PyPI:
pip install logwatch-analyzer
First-Time Setup
After installation, you need a configuration file. The package comes with a default one. It's recommended to copy it to your user configuration directory to customize it.
-
Create the configuration directory:
mkdir -p ~/.config/logwatch
-
Copy the default configuration file. You can get the default config from the project's GitHub repository or by running the following command after installation to find the package path and copy it:
# This is an example, the exact path may vary python -c "import os, shutil, importlib.resources; src = importlib.resources.files('logwatch_cli').joinpath('config.yaml'); shutil.copy(src, '~/.config/logwatch/config.yaml')" echo "Configuration file copied to ~/.config/logwatch/config.yaml"
Now you can edit
~/.config/logwatch/config.yamlto add your own tasks or change LLM providers.
Usage
The tool is available as the logwatch command.
List all available tasks
To see a list of all tasks defined in your config.yaml:
logwatch --list
Run a specific task
To execute a single analysis task:
logwatch --task "SSH Failed Logins"
Run all tasks
To run all tasks in sequence:
logwatch
Generate a Report File
For tasks that use the llm_parser, you can save the generated report to a Markdown file:
logwatch --task "Sudo Usage" --output report_sudo.md
Override the Time Window
You can specify a different time range from the one in the configuration file on the fly:
logwatch --task "Kernel Errors" --since "2 hours ago"
License
This project is licensed under the MIT License. See the LICENSE file for details.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file logwatch_analyzer-0.1.0.tar.gz.
File metadata
- Download URL: logwatch_analyzer-0.1.0.tar.gz
- Upload date:
- Size: 8.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
21db74dd195ce11cb841e26589bdfeb738c83c486815f374b5a52e5c58432670
|
|
| MD5 |
a8033bdca7039b02e3508107dfe232a4
|
|
| BLAKE2b-256 |
992ce9fa6d641f4bb2fb4b1df8e359464522422a0013e8aaec8c1c4e83be20d2
|
File details
Details for the file logwatch_analyzer-0.1.0-py3-none-any.whl.
File metadata
- Download URL: logwatch_analyzer-0.1.0-py3-none-any.whl
- Upload date:
- Size: 10.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
349f0d1872bb758d53974112cae36c2aac12db59a72743d48fbc79e7733ee52b
|
|
| MD5 |
ce0933c2dfb897a2080e64daa1b785a7
|
|
| BLAKE2b-256 |
0df9ef9cb28550c770004dfe1e533a5f21cabe00260f73b904458b4f8c4bd128
|
