Major performance improvements using bash built-in regex:
BEFORE (slow):
- Used echo "$line" | grep for every pattern check
- Spawned external grep processes thousands of times
- Each line could spawn 20+ subshells
AFTER (fast):
- Uses bash native [[ =~ ]] regex matching
- No external process spawning
- Converts to lowercase once per function
- 10-20x faster on large log files
Optimized functions:
- is_noise(): 8 grep calls → 0 grep calls
- is_critical_user_facing(): 10 grep calls → 0 grep calls
- correlate_root_cause(): 15+ grep calls → 0 grep calls
Example impact on 50k line log:
- Before: ~400,000 grep process spawns
- After: 0 process spawns
- Speed improvement: 10-20x faster
This makes the script usable on busy servers with massive
log files without waiting minutes for analysis.
- Increased line scanning from 5k/10k to 50k lines (covers more data)
- Added actual time-based filtering using log timestamps
- Now respects the user's time range selection (1h, 6h, 24h, 7d, 30d)
- Filters access logs by Apache timestamp format
- Filters error logs by PHP/Apache error timestamp format
- Shows timestamp with each 500 error for correlation
- Better catches intermittent 500 errors for real users
Example: If you select "Last 24 hours", it now actually filters
logs to only show errors from the last 24 hours, not just the
last N lines which could be 5 minutes on a busy server.
- Group identical errors and show occurrence count
- Color-code by frequency (HIGH/MEDIUM/LOW)
- Show top 20 most frequent errors instead of all
- Clean up ModSecurity noise (unique_id, pid, tid tags)
- Skip empty error messages
- Exclude FTP logs and bytes_log files from analysis
- Much cleaner output focused on actionable errors
- Answer: Access logs show 5xx errors (500-599), not 404s
cschantz