The Evolution of a Bash Tool: Comparing 3 Levels of Log Analysers

Log analysis is a bread and butter task for any DevOps engineer or SysAdmin. While there are massive enterprise tools for this, sometimes a quick Bash script is all you need.

In this post, I’ll be comparing three versions of a Bash based Log Analyser I've been working on, showing the transition from a "beginner" script to a "professional grade" CLI tool.

---

🚀 The Three Contenders

We have three distinct projects in the repository:

1. log_analyser_simple: The "Keep It Simple, Stupid" (KISS) approach.
2. log_analyser_scrpt: The "Professional" upgrade with flags and colors.
3. log_analyser_adv: The "Advanced" version with robust validation and modularity.

---

1. log_analyser_simple: The Bare Essentials

This version is perfect for anyone just starting with Bash. It focuses purely on the logic of parsing a file without the "bells and whistles" of a CLI.

• Logic: Uses a simple for loop over hardcoded levels (ERROR, WARNING, INFO).
• Argument Handling: Uses positional parameters ($1).
• Key Feature: Identifies top unique messages using a classic grep | awk | sort | uniq | head pipeline.

Best for: Learning the basics of text processing in Unix.

---

2. log_analyser_scrpt: The "Professional" SetUp

This is where the script starts feeling like a real tool. It moves away from positional arguments and introduces a much better user experience.

• CLI Experience: Uses getopts to handle flags like -f (file), -s (search), and -o (output).
• Visuals: Adds ANSI color coding (RED, GREEN, BLUE) to make the terminal output readable at a glance.
• Analytics: Introduces User Activity Tracking, extracting usernames from logs to see who the "noisiest" users are.
• Reporting: Uses tee to show results on screen while simultaneously saving them to a file.

Best for: Daily use in a development environment where you need quick, readable reports.

---

3. log_analyser_adv: The "Production Ready" Tool

The advanced version takes the professional version and hardens it. It’s built for robustness and edge case handling.

• Enhanced Scope: Adds DEBUG and FATAL log levels.
• Validation: Includes strict validation for inputs. For example, it checks if the provided log level via the -l flag is actually valid before running.
• Modularity: Uses functions to organize logic, making the code much easier to maintain.
• Helpful: Includes a proper help message (-h)—a must-have for any shared tool.

Best for: Sharing with a team or using in automated cron jobs where validation is critical.

---

📊 Feature Comparison

Feature	Simple	Professional	Advanced
Argument Parsing	Positional	getopts (Flags)	getopts + Validation
Colors	❌	✅	✅
Search Function	❌	✅	✅
Report Export	❌	✅	✅
Log Levels	3	3	5
User Tracking	❌	✅	✅
Help Menu	❌	❌	✅

---

💡 Which one should you use?

• Use simple if you are learning Bash and want to understand how awk and sed work.
• Use professional if you want a tool that "just works" and looks good in your terminal.
• Use advanced if you need a reliable, validated tool that can handle various log levels and provide a clean help interface.

---

Conclusion

The journey from a simple loop to a modular, flag driven CLI tool is a great way to master Bash scripting. It shows that even small scripts can be evolved into powerful utilities by focusing on user experience, error handling, and modularity.

What's your favorite Bash trick for log parsing? Let me know in the comments!