Shell script to collect OS logs into a single location, with automatic OS detection, generating both JSON and plain text log outputs.
- Root privileges are required to read most system log files.
Run it withsudo ./LogCollector.shor as a root user to avoidPermission deniederrors.
chmod +x LogCollector.shsudo ./LogCollector.shThis will generate two outputs in /tmp/logscan/:
master.log– plain text logmaster.json– structured JSON log
A summary of log matches will also be printed after scanning:
====== SUMMARY ======
ufw: 2
syslog: 2You can add custom logs by defining them in the appropriate OS arrays in the script:
declare -A <Your_OS>_LOGS=(
[<Name>]="/Path/To/log"
# Example:
#[auth]="/var/log/auth.log"
)
declare -A <Your_OS>_PATTERNS=(
[<Name>]="<Samples>"
# Example:
#[cron]="FAILED|BAD|error"
)Replace <Your_OS> with the OS you are adding logs for (e.g., UBUNTU_LOGS, CENTOS_LOGS), and fill in the path and regex patterns you want to match.
Each matching line is timestamped and labeled with the source file.
2025-11-15T14:00:00 | /var/log/syslog | Nov 15 14:00:00 hostname kernel: [ 12.345678] error detected
All matches for a log are grouped under the log name:
{
"ufw": {
"Name": "ufw",
"Description": [
"Nov 7 09:58:08 testhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=aa:bb:cc SRC=10.0.0.1 DST=224.0.0.1 LEN=32",
"Nov 7 10:02:15 testhost kernel: [UFW BLOCK] IN=eth0 OUT= MAC=aa:bb:cc SRC=10.0.0.2 DST=224.0.0.2 LEN=64"
]
},
"syslog": {
"Name": "syslog",
"Description": [
"Oct 20 08:15:12 testhost systemd[1]: Failed to start session",
"Oct 20 09:01:42 testhost sshd[1234]: Invalid user test from 192.168.1.100"
]
}
}
The script automatically detects your OS and loads relevant log paths and patterns. Root privileges are required for access to most system logs. JSON output is good for automation or further parsing in scripts etc.