Application logs contain sensitive data: user IDs, IP addresses, API keys that leaked, internal service names. Sending them to ChatGPT or Claude for analysis means sending that data to a third party. With Ollama, you can analyze logs locally.
The setup
# Install Ollama
brew install ollama # or curl -fsSL https://ollama.com/install.sh | sh
# Pull a model good at structured analysis
ollama pull qwen3:8bBasic log analysis
# Pipe logs directly to Ollama
tail -100 /var/log/app/error.log | ollama run qwen3:8b "Analyze these error logs. Group by error type, count occurrences, and identify the root cause for the top 3 errors:"Python script for structured analysis
import ollama
import re
from collections import Counter
def analyze_logs(log_file, hours=24):
# Read recent logs
with open(log_file) as f:
lines = f.readlines()
# Extract errors
errors = [l for l in lines if "ERROR" in l or "FATAL" in l]
if not errors:
return "No errors found in the last period."
# Group by error type
error_types = Counter()
for e in errors:
# Extract error class/message
match = re.search(r'(ERROR|FATAL)\s+(.+?)(?:\s+at|\s+in|\n)', e)
if match:
error_types[match.group(2).strip()] += 1
# Send to local AI for analysis
summary = f"Error summary ({len(errors)} total errors):\n"
for error, count in error_types.most_common(10):
summary += f" {count}x: {error}\n"
summary += f"\nSample errors:\n{''.join(errors[:20])}"
response = ollama.chat(model="qwen3:8b", messages=[{
"role": "user",
"content": f"""Analyze these application errors:
{summary}
Provide:
1. Root cause analysis for the top 3 errors
2. Severity assessment (critical/warning/info)
3. Recommended fixes
4. Whether any errors indicate a security issue"""
}])
return response["message"]["content"]
# Run daily
print(analyze_logs("/var/log/app/error.log"))Anomaly detection
def detect_anomalies(log_file, baseline_file=None):
"""Compare today's error patterns against a baseline."""
with open(log_file) as f:
today_errors = [l for l in f if "ERROR" in l]
prompt = f"""You are a DevOps engineer analyzing error logs.
Today's errors ({len(today_errors)} total):
{''.join(today_errors[:50])}
Identify:
1. Any NEW error patterns not typically seen in web applications
2. Any error spikes (same error appearing many times in short period)
3. Any errors that suggest a security incident (auth failures, injection attempts)
4. Any errors that suggest infrastructure issues (timeouts, connection refused)
Rate overall system health: healthy / degraded / critical"""
response = ollama.chat(model="qwen3:8b", messages=[
{"role": "user", "content": prompt}
])
return response["message"]["content"]Automate with cron or n8n
Cron (simple)
# Run daily at 7am, send results to Slack
0 7 * * * python3 /opt/scripts/analyze_logs.py | curl -X POST -d @- https://hooks.slack.com/services/YOUR/WEBHOOKn8n (visual)
Use our n8n + Ollama setup to build a visual workflow:
Schedule (7am) β Read logs β Ollama (analyze) β Slack notificationClaude Code Routine (if you prefer cloud)
If privacy isnβt a concern, a Claude Code Routine can do this with better analysis quality β but your logs leave your network.
Which model for log analysis
| Model | RAM | Speed | Quality | Best for |
|---|---|---|---|---|
qwen3:8b | 5 GB | Fast | Good | Daily summaries |
qwen3.5:27b | 16 GB | Medium | Better | Root cause analysis |
deepseek-r1:14b | 9 GB | Medium | Best reasoning | Complex incident investigation |
For routine daily analysis, qwen3:8b is fast enough and catches the obvious issues. For investigating a specific incident, switch to a larger model.
Security considerations
- Never send logs to cloud AI if they contain PII, credentials, or internal infrastructure details
- Redact sensitive data before analysis if using any external service
- Local models (Ollama) keep everything on your machine
- Rotate logs β donβt keep months of logs accessible to the analysis script
Related: Ollama Complete Guide Β· Self-Host n8n with Local AI Β· LLM Observability Β· AI Agent Logging and Tracing Β· Self-Hosted AI for Enterprise Β· AI GDPR Guide