log-analysis

📁 chaterm/terminal-skills 📅 Jan 24, 2026

总安装量

周安装量

#31928

全站排名

安装命令

npx skills add https://github.com/chaterm/terminal-skills --skill log-analysis

Agent 安装分布

claude-code 7

opencode 6

gemini-cli 5

github-copilot 5

codex 5

cursor 4

Skill 文档

æ¥å¿åæä¸å¤ç

æ¦è¿°

æ¥å¿èåãåæå·¥å·ãåè¦éç½®çæè½ã

æ¥å¿æ¥ç

åºç¡å½ä»¤

# å®æ¶æ¥ç
tail -f /var/log/syslog
tail -f /var/log/nginx/access.log

# å¤æä»¶åæ¶æ¥ç
tail -f /var/log/nginx/*.log
multitail /var/log/nginx/access.log /var/log/nginx/error.log

# æ¥çæåNè¡
tail -n 100 /var/log/syslog

# æ¥çå¼å¤´
head -n 100 /var/log/syslog

# åé¡µæ¥ç
less /var/log/syslog
less +F /var/log/syslog             # ç±»ä¼¼ tail -f

ææ¶é´è¿æ»¤

# ä½¿ç¨ sed ææ¶é´èå´
sed -n '/2024-01-15 10:00/,/2024-01-15 11:00/p' /var/log/app.log

# ä½¿ç¨ awk
awk '/2024-01-15 10:/ && /2024-01-15 11:/' /var/log/app.log

# ä½¿ç¨ journalctl
journalctl --since "2024-01-15 10:00" --until "2024-01-15 11:00"
journalctl --since "1 hour ago"
journalctl --since today

ææ¬æç´¢

grep

# åºç¡æç´¢
grep "error" /var/log/syslog
grep -i "error" /var/log/syslog     # å¿½ç¥å¤§å°å
grep -r "error" /var/log/           # éå½æç´¢

# æ£åè¡¨è¾¾å¼
grep -E "error|warning" /var/log/syslog
grep -P "\d{4}-\d{2}-\d{2}" /var/log/syslog  # Perl æ£å

# ä¸ä¸æ
grep -A 3 "error" /var/log/syslog   # å3è¡
grep -B 3 "error" /var/log/syslog   # å3è¡
grep -C 3 "error" /var/log/syslog   # åå3è¡

# ç»è®¡
grep -c "error" /var/log/syslog     # è®¡æ°
grep -l "error" /var/log/*.log      # åªæ¾ç¤ºæä»¶å

# æé¤
grep -v "debug" /var/log/syslog     # æé¤åå« debug çè¡

ripgrep (rg)

# æ´å¿«çæç´¢
rg "error" /var/log/
rg -i "error" /var/log/             # å¿½ç¥å¤§å°å
rg -C 3 "error" /var/log/           # ä¸ä¸æ
rg --type log "error"               # ææä»¶ç±»å

ææ¬å¤ç

awk

# æå°ç¹å®å
awk '{print $1, $4}' /var/log/nginx/access.log

# æ¡ä»¶è¿æ»¤
awk '$9 == 500' /var/log/nginx/access.log
awk '$9 >= 400 && $9 < 500' /var/log/nginx/access.log

# ç»è®¡
awk '{sum += $10} END {print sum}' /var/log/nginx/access.log
awk '{count[$9]++} END {for (c in count) print c, count[c]}' /var/log/nginx/access.log

# èªå®ä¹åéç¬¦
awk -F: '{print $1}' /etc/passwd
awk -F'[ :]' '{print $1, $2}' /var/log/syslog

sed

# æ¿æ¢
sed 's/old/new/g' file.log
sed -i 's/old/new/g' file.log       # åå°ä¿®æ¹

# å é¤è¡
sed '/pattern/d' file.log
sed '1,10d' file.log                # å é¤å10è¡

# æåè¡
sed -n '10,20p' file.log            # æå°10-20è¡
sed -n '/start/,/end/p' file.log    # æå°å¹éèå´

sort & uniq

# æåº
sort file.log
sort -r file.log                    # éåº
sort -n file.log                    # æ°åæåº
sort -k2 file.log                   # æç¬¬2åæåº

# å»éç»è®¡
sort file.log | uniq
sort file.log | uniq -c             # è®¡æ°
sort file.log | uniq -c | sort -rn  # æé¢çæåº

Nginx æ¥å¿åæ

å¸¸ç¨åæ

# è®¿é®éç»è®¡
wc -l /var/log/nginx/access.log

# IP è®¿é®æè¡
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -20

# ç¶æç ç»è®¡
awk '{print $9}' access.log | sort | uniq -c | sort -rn

# URL è®¿é®æè¡
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -20

# æ¯å°æ¶è®¿é®é
awk '{print substr($4,14,2)}' access.log | sort | uniq -c

# æ¢è¯·æ±ï¼ååºæ¶é´ > 1sï¼
awk '$NF > 1' access.log | head -20

# 404 éè¯¯
awk '$9 == 404 {print $7}' access.log | sort | uniq -c | sort -rn

# å¸¦å®½ç»è®¡
awk '{sum += $10} END {print sum/1024/1024 " MB"}' access.log

GoAccess å®æ¶åæ

# å®è£
apt install goaccess

# å®æ¶åæ
goaccess /var/log/nginx/access.log -c

# çæ HTML æ¥å
goaccess /var/log/nginx/access.log -o report.html --log-format=COMBINED

# å®æ¶ HTML
goaccess /var/log/nginx/access.log -o /var/www/html/report.html --real-time-html

æ¥å¿è½®è½¬

logrotate éç½®

# /etc/logrotate.d/myapp
/var/log/myapp/*.log {
    daily                           # æ¯å¤©è½®è½¬
    rotate 7                        # ä¿ç7ä¸ª
    compress                        # åç¼©
    delaycompress                   # å»¶è¿åç¼©
    missingok                       # æä»¶ä¸åå¨ä¸æ¥é
    notifempty                      # ç©ºæä»¶ä¸è½®è½¬
    create 0640 www-data www-data   # åå»ºæ°æä»¶
    sharedscripts
    postrotate
        systemctl reload nginx > /dev/null 2>&1 || true
    endscript
}

æå¨è½®è½¬

# æµè¯éç½®
logrotate -d /etc/logrotate.d/myapp

# å¼ºå¶è½®è½¬
logrotate -f /etc/logrotate.d/myapp

å¸¸è§åºæ¯

åºæ¯ 1ï¼éè¯¯æ¥å¿åæ

# ç»è®¡éè¯¯ç±»å
grep -E "ERROR|WARN|FATAL" /var/log/app.log | \
    awk '{print $3}' | sort | uniq -c | sort -rn

# æè¿1å°æ¶çéè¯¯
awk -v date="$(date -d '1 hour ago' '+%Y-%m-%d %H')" \
    '$0 ~ date && /ERROR/' /var/log/app.log

åºæ¯ 2ï¼æ§è½åæ

# ååºæ¶é´åå¸
awk '{print int($NF)}' access.log | sort -n | uniq -c | \
    awk '{printf "%ds: %d\n", $2, $1}'

# æ¢è¯·æ± Top 10
awk '{print $NF, $7}' access.log | sort -rn | head -10

åºæ¯ 3ï¼å®å¨åæ

# å¤±è´¥ç»å½å°è¯
grep "Failed password" /var/log/auth.log | \
    awk '{print $(NF-3)}' | sort | uniq -c | sort -rn

# å¯ç IP
awk '$9 ~ /4[0-9][0-9]/ {print $1}' access.log | \
    sort | uniq -c | sort -rn | head -20

æéææ¥

é®é¢	ææ¥æ¹æ³
æ¥å¿å¤ªå¤§	éç½® logrotateãææ¶é´è¿æ»¤
æç´¢æ¢	ä½¿ç¨ ripgrepãå»ºç«ç´¢å¼
æ ¼å¼ä¸ç»ä¸	ä½¿ç¨ awk èªå®ä¹è§£æ
å®æ¶çæ§	tail -fãGoAccess
åå²åæ	ELK StackãLoki

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

log-analysis

Agent 安装分布

Skill 文档

æ¥å¿åæä¸å¤ç

æ¦è¿°

æ¥å¿æ¥ç

åºç¡å½ä»¤

ææ¶é´è¿æ»¤

ææ¬æç´¢

grep

ripgrep (rg)

ææ¬å¤ç

awk

sed

sort & uniq

Nginx æ¥å¿åæ

å¸¸ç¨åæ

GoAccess å®æ¶åæ

æ¥å¿è½®è½¬

logrotate é ç½®

æå¨è½®è½¬

å¸¸è§åºæ¯

åºæ¯ 1ï¼éè¯¯æ¥å¿åæ

åºæ¯ 2ï¼æ§è½åæ

åºæ¯ 3ï¼å®å ¨åæ

æ éææ¥