--- name: log-intelligence description: Smart log analysis with pattern detection, error correlation, and automated insights. Auto-rotate, compress, and extract actionable information from logs. --- # Log Intelligence Skill Transform raw logs into actionable insights with smart analysis. ## Log Sources ### Docker Containers ```bash docker logs CONTAINER --tail 1000 --since 1h ``` ### System Logs ```bash journalctl -u SERVICE --since "1 hour ago" ``` ### Application Logs ```bash tail -1000 /var/log/APP/error.log ``` ## Pattern Detection ### Error Patterns ```regex # Common error patterns to detect (?i)(error|exception|fatal|panic|failed) (?i)(connection refused|timeout|unreachable) (?i)(out of memory|oom|killed) (?i)(permission denied|unauthorized|forbidden) (?i)(not found|404|missing) ``` ### Performance Patterns ```regex # Slow query detection took \d{4,}ms # > 1000ms slow query.*\d+ms ``` ### Security Patterns ```regex # Suspicious activity (?i)(sql injection|xss|csrf) (?i)(brute force|multiple failed) (?i)(unauthorized access|invalid token) ``` ## Log Analysis Report ``` 📋 LOG ANALYSIS: rima-backend Period: Last 1 hour Total Lines: 5,234 ┌─────────────────────────────────────────────┐ │ Error Summary │ ├─────────────────────────────────────────────┤ │ Total Errors: 12 │ │ │ │ By Type: │ │ ├─ Database connection: 5 (41%) │ │ │ └─ Spike at 19:15 (postgres restart) │ │ ├─ Validation error: 4 (33%) │ │ │ └─ Invalid email format │ │ └─ Timeout: 3 (25%) │ │ └─ External API (MiniMax) │ └─────────────────────────────────────────────┘ ┌─────────────────────────────────────────────┐ │ Performance Insights │ ├─────────────────────────────────────────────┤ │ Slow Requests: 8 │ │ ├─ /api/v1/music/generate: avg 3.2s │ │ │ └─ Expected (AI generation) │ │ └─ /api/v1/user/profile: 1 slow (850ms) │ │ └─ Investigate: Usually <100ms │ └─────────────────────────────────────────────┘ ┌─────────────────────────────────────────────┐ │ Recommendations │ ├─────────────────────────────────────────────┤ │ 1. Check postgres connection pool settings │ │ 2. Add retry logic for MiniMax API calls │ │ 3. Investigate slow profile query │ └─────────────────────────────────────────────┘ ``` ## Auto-Actions ### Log Rotation ```bash # Rotate logs > 100MB find /var/log -name "*.log" -size +100M -exec gzip {} \; # Delete logs > 30 days find /var/log -name "*.gz" -mtime +30 -delete ``` ### Error Correlation ``` When error detected: 1. Find related errors (±5 seconds) 2. Check other services for cascade 3. Identify root cause service 4. Suggest fix based on pattern ``` ### Alert Triggers ``` Immediate alert if: - Error rate > 10x baseline - OOM detected - Security pattern matched - Service crash detected ``` ## Smart Insights ### Error Clustering Group similar errors to avoid noise: ``` "connection refused" x 50 → 1 alert with count Not 50 separate alerts ``` ### Root Cause Hints ``` Error: "connection refused postgres:5432" Hint: Check if postgres container is running Command: docker ps | grep postgres Likely cause: Container restart or OOM ``` ### Historical Comparison ``` This error last occurred: 3 days ago Resolution: Increased connection pool size Related PR: #123 ``` ## Log Search Commands ```bash # Find errors in last hour docker logs container 2>&1 | grep -i error | tail -50 # Count errors by type docker logs container 2>&1 | grep -oE 'error:[^"]+' | sort | uniq -c | sort -rn # Timeline of errors docker logs container --since 1h 2>&1 | grep -i error | cut -d' ' -f1-2 ``` ## Integration with Proactive Mode On every health check: 1. Scan recent logs (last 15 min) 2. Detect new error patterns 3. Correlate across services 4. Alert if unusual activity 5. Suggest fixes for known patterns