- Posted on
- • Artificial Intelligence
Artificial Intelligence Bash Reporting Tools
- Author
-
-
- User
- linuxbash
- Posts by this author
- Posts by this author
-
Artificial Intelligence Bash Reporting Tools: Turn Raw Logs into Executive Summaries
You already have a mountain of logs. What you don’t have is time to explain them. The team wants “what happened and why it matters” in one page, not a 5,000‑line journalctl. The good news: with a little Bash glue and an AI model (cloud or local), you can automate readable, actionable reports from the rawest of data.
This guide shows how to build AI‑assisted reporting pipelines that you can run on-demand or on a schedule with cron/systemd—sticking to portable, UNIX-y tools you already trust.
Why AI + Bash is a legit combo
Bash already does collection and shaping:
grep,awk,jq, and friends are perfect for extracting just the right signal.AI is great at summarization, prioritization, and turning terse bullet points into business‑ready language.
The result is reproducible: keep your prompts and scripts in Git, schedule with cron, and ship consistent reports.
Privacy is your call: use a local model (e.g., Ollama) for offline summarization or a cloud API for best-in-class quality.
Install the basics
We’ll lean on curl, jq, and a few optional tools like pandoc (to render HTML) and gnuplot (for charts). Install them with your package manager:
Debian/Ubuntu (apt):
sudo apt update sudo apt install -y curl jq coreutils gawk sed git pandoc gnuplot cronFedora/RHEL/CentOS Stream (dnf):
sudo dnf install -y curl jq coreutils gawk sed git pandoc gnuplot cronieopenSUSE (zypper):
sudo zypper install -y curl jq coreutils gawk sed git pandoc gnuplot cron
Optional, if you want a local model runner (Ollama):
curl -fsSL https://ollama.com/install.sh | sh
Cloud AI option (OpenAI):
- Set an environment variable with your API key:
export OPENAI_API_KEY="sk-your-key"Consider storing this securely (e.g., in a password manager or systemd EnvironmentFile).
A reusable AI helper for Bash
Drop this into ai_report.sh (or source it in your scripts). It supports both OpenAI (cloud) and Ollama (local). It also includes a basic sanitizer to reduce sensitive data leakage.
#!/usr/bin/env bash
set -euo pipefail
# Choose provider by setting one of these:
# export OPENAI_API_KEY="sk-..."
# or ensure Ollama is running locally: `ollama serve` (usually auto-starts)
# Simple PII/light data sanitizer (emails and IPv4)
sanitize() {
sed -E \
-e 's/[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}/[redacted-email]/g' \
-e 's/\b([0-9]{1,3}\.){3}[0-9]{1,3}\b/[redacted-ip]/g'
}
# JSON-escape input via jq
escape_json() {
jq -Rs .
}
# AI via OpenAI Chat Completions
ai_openai() {
local prompt="$1"
if [[ -z "${OPENAI_API_KEY:-}" ]]; then
echo "OPENAI_API_KEY is not set" >&2
return 1
fi
local body
body=$(jq -n \
--arg sys "You are a concise SRE report writer. Prefer bullet points and short paragraphs. Include risk and next steps." \
--arg user "$prompt" \
'{
model: "gpt-4o-mini",
temperature: 0.2,
max_tokens: 800,
messages: [
{role: "system", content: $sys},
{role: "user", content: $user}
]
}')
curl -sS https://api.openai.com/v1/chat/completions \
-H "Content-Type: application/json" \
-H "Authorization: Bearer '"$OPENAI_API_KEY"'" \
-d "$body" \
| jq -r '.choices[0].message.content'
}
# AI via Ollama local model (e.g., llama3)
ai_ollama() {
local prompt="$1"
curl -sS http://localhost:11434/api/generate \
-d "$(jq -n --arg p "$prompt" '{model:"llama3", prompt:$p, options:{temperature:0.2}}')" \
| jq -r '.response'
}
# Wrapper: auto-pick provider
ai() {
local prompt="$1"
if [[ -n "${OPENAI_API_KEY:-}" ]]; then
ai_openai "$prompt"
else
ai_ollama "$prompt"
fi
}
Tip: Validate the provider once to avoid surprises.
printf "test" | ai >/dev/null || { echo "AI provider check failed"; exit 1; }
1) Security snapshot: from auth logs to a manager-ready brief
Summarize failed SSH logins, top offending IPs, and a compact explanation of risk and next steps.
#!/usr/bin/env bash
set -euo pipefail
. ./ai_report.sh
# Use journalctl if available and recent; fallback to /var/log/auth.log
LOG=$( { journalctl -u ssh -S -24h -n 50000 || grep -i "sshd" /var/log/auth.log || true; } )
FAILED_COUNT=$(printf "%s\n" "$LOG" | grep -i "failed password" | wc -l || true)
TOP_IPS=$(printf "%s\n" "$LOG" \
| awk 'tolower($0) ~ /failed password/ { for(i=1;i<=NF;i++) if ($i ~ /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$/) print $i }' \
| sort | uniq -c | sort -nr | head -5 \
| awk '{print $2":"$1}' | paste -sd, - || true)
SUMMARY_INPUT=$(cat <<EOF
Time window: last 24h
Total failed SSH logins: $FAILED_COUNT
Top offending IPs (ip:count): ${TOP_IPS:-none}
Raw snippet (first 40 lines, sanitized):
$(printf "%s\n" "$LOG" | head -40 | sanitize)
EOF
)
PROMPT=$(cat <<'EOF'
Create a short security snapshot for leadership:
- Bullet list of key findings (counts, top sources)
- Risk rating (low/medium/high) with 1–2 sentences why
- 2–4 next actions (e.g., blocklist ranges, tighten auth, enable 2FA, review fail2ban)
Keep it concise.
EOF
)
REPORT=$(ai "$(printf "%s\n\n%s\n" "$PROMPT" "$SUMMARY_INPUT")")
printf "%s\n" "$REPORT"
Automate it daily with cron (run at 07:00):
0 7 * * * /path/to/security_snapshot.sh > /var/reports/security-$(date +\%F).md 2>&1
2) Disk capacity report: plain English from df output
Convert df into a readable action plan with thresholds.
#!/usr/bin/env bash
set -euo pipefail
. ./ai_report.sh
DF=$(df -P -x tmpfs -x devtmpfs | awk 'NR>1 {printf "%s mount=%s used=%s\n",$1,$6,$5}')
PROMPT=$(cat <<'EOF'
You are an SRE capacity planner. From the following 'df' summary lines,
- Identify volumes over 80% used
- Flag any that may hit 100% within 7 days if usage grows at 2%/day (rough estimate ok)
- Produce a short action plan (resize, cleanup, move logs, alert thresholds)
Use concise bullets.
EOF
)
REPORT=$(ai "$(printf "%s\n\nData:\n%s\n" "$PROMPT" "$(printf "%s\n" "$DF" | sanitize)")")
printf "%s\n" "$REPORT"
Optionally render to HTML with pandoc:
printf "%s\n" "$REPORT" | pandoc -f gfm -t html5 -s -o /var/reports/disk-$(date +%F).html
3) Git release notes: turn commit logs into highlights and risks
Ship weekly “what changed” notes straight from Git.
#!/usr/bin/env bash
set -euo pipefail
. ./ai_report.sh
COMMITS=$(git log --since="7 days ago" --pretty=format:'- %h %s (%an)' | head -200)
PROMPT=$(cat <<'EOF'
Create weekly release notes:
- Group related changes
- Highlight user-facing impact and risks
- Note migrations or rollbacks
- Keep to ~8 bullets plus a brief summary paragraph
EOF
)
REPORT=$(ai "$(printf "%s\n\nCommits (last 7 days):\n%s\n" "$PROMPT" "$(printf "%s\n" "$COMMITS" | sanitize)")")
printf "%s\n" "$REPORT"
4) Log anomaly explainer: “What’s with these spikes?”
Feed aggregated metrics to AI and ask for likely causes and checks.
#!/usr/bin/env bash
set -euo pipefail
. ./ai_report.sh
# Example: Nginx 5xx per hour (last 24h) from access.log
DATA=$(awk '
($9 ~ /^5[0-9][0-9]$/) {
# Common Log Format with [date:time zone]
match($4, /\[([^:]+):([0-9]{2})/, a); if (a[1] && a[2]) { key=a[1]" "a[2]":00"; cnt[key]++ }
}
END {
for (k in cnt) printf "%s %d\n", k, cnt[k]
}' /var/log/nginx/access.log 2>/dev/null | sort)
PROMPT=$(cat <<'EOF'
Analyze hourly 5xx error counts. Identify:
- Anomalies or spikes
- 2–3 plausible root causes
- Concrete diagnostics to confirm (commands/paths)
- Quick mitigations
Be specific but concise.
EOF
)
REPORT=$(ai "$(printf "%s\n\nHourly 5xx counts:\n%s\n" "$PROMPT" "$(printf "%s\n" "$DATA")")")
printf "%s\n" "$REPORT"
Optional: chart with gnuplot, then link it in your Markdown.
printf "%s\n" "$DATA" | awk '{print $2}' | nl -v0 > /tmp/5xx.dat
gnuplot <<'GP'
set terminal pngcairo size 900,300
set output '/var/reports/5xx.png'
set title "Hourly 5xx (last 24h)"
set xlabel "Hour index"
set ylabel "Errors"
plot '/tmp/5xx.dat' with linespoints title '5xx'
GP
Guardrails: privacy, cost, and predictability
Sanitize inputs: Redact emails, IPs, or anything sensitive before sending to a cloud API. Expand the
sanitize()function to suit your environment.Local models: For strict data control, use Ollama + an open model; trade some quality for privacy and $0 variable cost.
Keep prompts in Git: Your “report style” should be versioned and code-reviewed just like everything else.
Determinism: Lower temperature (0–0.3) for consistent outputs. Save raw inputs alongside outputs for auditability.
Putting it together: a daily report runner
Combine multiple sections into one daily Markdown:
#!/usr/bin/env bash
set -euo pipefail
. ./ai_report.sh
OUT="/var/reports/daily-$(date +%F).md"
mkdir -p "$(dirname "$OUT")"
{
echo "# Daily Ops Report ($(date +%F))"
echo
echo "## Security Snapshot"
/path/to/security_snapshot.sh || echo "_security section failed_"
echo
echo "## Disk Capacity"
/path/to/disk_capacity.sh || echo "_disk section failed_"
echo
echo "## Release Notes (last 7 days)"
/path/to/release_notes.sh || echo "_release notes failed_"
echo
echo "## 5xx Anomalies"
/path/to/anomaly_explainer.sh || echo "_anomaly section failed_"
} > "$OUT"
echo "Wrote $OUT"
Cron it:
15 6 * * * /path/to/daily_runner.sh
Conclusion and next steps
You don’t need to rewrite your stack or buy a dashboard suite to get clear reports. Keep Bash for what it’s best at—collecting and shaping data—and let an AI model do the summarizing and storytelling.
Your next steps:
Install the basics (curl, jq, optional pandoc/gnuplot) with apt/dnf/zypper.
Pick a provider: set OPENAI_API_KEY for cloud or install Ollama for local.
Drop in the helper
ai_report.shand run one of the examples.Iterate on the prompts to match your team’s tone and thresholds.
Schedule with cron and ship consistent daily/weekly reports.
Small scripts, big clarity.