Skip to content

erik8989/FoundryLocal_LogAnalyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
Readme.md
Readme.md
 
 
demo_logs.log
demo_logs.log
 
 
log_analyzer.py
log_analyzer.py
 
 

Repository files navigation

Foundry Local Log Analyzer

A dual-mode Python CLI tool that uses Microsoft Foundry Local AI models to analyze server logs — detecting anomalies, classifying severity, and providing actionable recommendations. Runs entirely on-device with no cloud dependency.

Key Features

  • Dual-Mode Inference — Automatically selects the right backend:
    • HTTP mode (CPU/GPU): Uses the Foundry Local SDK + OpenAI-compatible API for fast, parallelized analysis
    • Subprocess mode (NPU): Drives the foundry model run CLI interactively for NPU-accelerated models that lack HTTP support
  • Automatic Fallback — In auto mode, tries HTTP first; if it fails (e.g. NPU model), seamlessly switches to subprocess
  • Batch Processing — Splits large log files into configurable batches for structured analysis
  • Structured JSON Output — Every batch returns severity, anomalies, and recommendations in parseable JSON
  • Auto-Recovery — Subprocess backend detects crashes, restarts the model process, and retries the query
  • Context Refresh — Periodically restarts the subprocess to prevent NPU slowdown from long context accumulation
  • Rich Terminal UI — Color-coded severity tables, progress bars, and detailed result panels via Rich
  • JSON Export — Optionally export all results to a JSON file for further processing

Architecture Overview

┌─────────────┐
│  CLI / main  │
└──────┬──────┘
       │
┌──────▼──────┐     ┌────────────────┐     ┌─────────────────────┐
│AnalysisEngine├────►│  HttpBackend   │────►│FoundryLocal SDK +   │
│  (orchestr.) │     │  (CPU/GPU)     │     │OpenAI-compat. API   │
│              │     ├────────────────┤     ├─────────────────────┤
│  batching    ├────►│SubprocessBackend────►│foundry model run    │
│  threading   │     │  (NPU)         │     │(stdin/stdout pipes) │
│  parsing     │     └────────────────┘     └─────────────────────┘
└──────────────┘

Prerequisites

  • Python 3.10+
  • Foundry Local installed and at least one model downloaded
  • Python packages:
pip install foundry-local-sdk openai rich

Usage

# Demo mode (built-in sample logs)
python log_analyzer.py --demo

# Demo with a specific model
python log_analyzer.py --demo --model qwen2.5-1.5b

# Analyze a real log file (auto mode)
python log_analyzer.py -f /var/log/syslog

# Force subprocess mode for NPU models
python log_analyzer.py -f server.log --mode subprocess --model qwen2.5-1.5b

# Force HTTP mode for CPU/GPU models
python log_analyzer.py -f server.log --mode http --model phi-3.5-mini

# Export results to JSON
python log_analyzer.py --demo --export results.json

CLI Options

Flag Default Description
-f, --file Log file or directory to analyze
--demo Use built-in demo logs
--model phi-3.5-mini Foundry model alias
--mode auto auto, http, or subprocess
--batch-size 15 Lines per analysis batch
--workers 1 Parallel workers (HTTP mode only)
--timeout 600 Request timeout in seconds
--export Export results to JSON file
-v, --verbose Enable debug logging

Output Format

Each batch produces a structured result:

{
  "summary": "Multiple failed SSH login attempts from a single IP, followed by a backup failure and OOM kill.",
  "severity": "CRITICAL",
  "anomalies": [
    "Brute-force SSH attempt from 185.220.101.34",
    "Backup script exited with code 12",
    "OOM killer terminated java process 1847"
  ],
  "recommendations": [
    "Block IP 185.220.101.34 and enable fail2ban",
    "Investigate backup target disk space",
    "Increase JVM heap or add swap"
  ]
}

Supported Models (Tested)

Model Mode Notes
phi-3.5-mini HTTP Fast, good JSON compliance
qwen2.5-1.5b Subprocess (NPU) Works well via interactive CLI

How It Works

  1. Backend Selection — Based on --mode, the tool initializes either HttpBackend (OpenAI SDK against Foundry's local API) or SubprocessBackend (spawns foundry model run and communicates via stdin/stdout pipes).
  2. Pre-Flight Check — A quick test prompt validates the model is responding.
  3. Batching — Log lines are split into chunks (default: 15 lines each).
  4. Inference — Each batch is sent with a system prompt requesting JSON-only output. HTTP mode supports multi-threading; subprocess mode runs sequentially with periodic process restarts.
  5. Parsing — Responses are parsed for JSON. Non-JSON responses are captured as raw summaries.
  6. Display — Results are rendered as a Rich table and detailed panels in the terminal.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages