← Back to Skills Marketplace
Network Log Analysis
by
Vahagn Madatyan
· GitHub ↗
· v1.0.0
· MIT-0
110
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install network-log-analysis
Description
Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, devi...
Usage Guidance
This skill appears coherent for offline syslog forensic work. Before installing, verify how your agent/platform will obtain access to the syslog collector and network devices: provide only read-only SSH/console credentials and limit filesystem access to the collector log directories. Be aware log files may contain sensitive data (IPs, usernames, session identifiers); ensure your agent is not allowed to exfiltrate logs or send them to external endpoints. Because the skill runs shell-style parsing commands, confirm the execution environment (GNU date vs BSD date) and test parsing one-liners on a non-production sample. If you want extra caution, restrict the skill's runtime network egress or require manual invocation rather than allowing broad autonomous runs.
Capability Analysis
Type: OpenClaw Skill
Name: network-log-analysis
Version: 1.0.0
The skill bundle provides a comprehensive framework for network log analysis but contains shell command injection vulnerabilities in SKILL.md and references/cli-reference.md. Specifically, several awk one-liners use the 'getline' function to execute the 'date' command using unsanitized fields from log files (e.g., $1, $2, $3) as arguments. This allows for potential remote code execution (RCE) if an attacker can inject shell metacharacters into the syslog headers of the files being analyzed.
Capability Assessment
Purpose & Capability
The name/description (syslog-based network log analysis) match the instructions and reference materials: examining /etc/rsyslog.conf, /etc/syslog-ng/, /var/log/*, device CLI commands, and using grep/awk/sort is exactly what you'd expect for this task. No unrelated services, binaries, or credentials are requested.
Instruction Scope
The SKILL.md explicitly instructs the agent to read collector config files and log directories (e.g., /etc/rsyslog.conf, /var/log/*) and to query devices via CLI (show logging, show ntp). That scope is appropriate for forensic timeline work, but it assumes the agent has SSH/console access and read permissions; ensure any credentials given are least-privilege (read-only). The instructions do not direct data to external endpoints or perform unexpected collection beyond logs and device config/status.
Install Mechanism
Instruction-only skill with no install steps, no downloaded artifacts, and no declared dependencies. This is the lowest-risk install posture.
Credentials
The skill declares no required environment variables or credentials, which is consistent because it expects direct access to syslog files and device CLIs provided by whatever platform or operator supplies credentials. Users should confirm how the agent/platform will provide SSH/device credentials and that those credentials are scoped to read-only access for the collector and devices.
Persistence & Privilege
always: false and no install behavior means the skill does not request permanent presence or elevated platform privileges. The default ability for the agent to invoke the skill autonomously is normal; it is not combined with other risky flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install network-log-analysis - After installation, invoke the skill by name or use
/network-log-analysis - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release: Skill for device-level network log analysis using raw syslog data, without reliance on SIEM platforms.
- Provides step-by-step guidance for forensic timeline construction using rsyslog/syslog-ng collectors, device console logs, and SNMP trap data.
- Covers syslog pattern recognition for Cisco IOS-XE, Juniper JunOS, and Arista EOS log formats, including severity/facility mapping.
- Explains multi-device event correlation and timeline reconstruction using standard Unix tools (grep, awk, sort, sed) and NTP-aware timestamp normalization.
- Includes guidance on anomaly detection via baseline deviation and log retention policy verification.
- Prerequisites, stepwise procedures, and references to CLI one-liners and syslog pattern catalogs are documented.
Metadata
Frequently Asked Questions
What is Network Log Analysis?
Device-level network log analysis using raw syslog data without SIEM platforms. Guides forensic timeline construction from rsyslog/syslog-ng collectors, devi... It is an AI Agent Skill for Claude Code / OpenClaw, with 110 downloads so far.
How do I install Network Log Analysis?
Run "/install network-log-analysis" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Network Log Analysis free?
Yes, Network Log Analysis is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Network Log Analysis support?
Network Log Analysis is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Network Log Analysis?
It is built and maintained by Vahagn Madatyan (@vahagn-madatyan); the current version is v1.0.0.
More Skills