A small Python CLI tool for collecting baseline system information during the initial stage of incident investigation. It helps human operators prepare structured evidence for AI-assisted investigation without allowing AI to operate the server directly.
This tool is designed for the first look of a problem, not for full diagnosis.
It collects basic read-only system information, saves the results with a timestamp, and generates a Markdown prompt file that can be passed to AI for the next step of investigation.
- Collects basic system information for initial triage
- Saves outputs under a timestamped run directory
- Generates:
summary.txtai_prompt.md- raw command outputs in
raw/
- Supports predefined incident types:
high_loadweb_504other(free text)
- Uses simple read-only commands only
When an issue happens, it is easy to forget what to check first.
This tool helps you:
- collect basic evidence quickly
- keep a timestamped record
- organize the first review order
- prepare input for AI-assisted investigation
It does not attempt to fully diagnose the issue automatically.
- Python 3.9+
- Linux environment for command execution
initial_triage_tool/
├─ main.py
├─ envs.json
├─ README.md
└─ runs/
runs/
└─ web_504_2026-04-03_11-47-05/
├─ summary.txt
├─ ai_prompt.md
└─ raw/
├─ date.txt
├─ hostname.txt
├─ uptime.txt
├─ free.txt
├─ df.txt
├─ top.txt
├─ apache_error_tail.txt
├─ apache_access_tail.txt
├─ ps_cpu.txt
└─ ps_mem.txt
Prepare an envs.json file like this:
[
{
"name": "web_hosting",
"os": "Ubuntu22",
"web": "Apache",
"app": "PHP",
"db": "MySQL",
"control_panel": "cPanel",
"role": "Shared Web hosting",
"notes": "multiple domains, access/error logs available"
}
]python main.py env listpython main.py runpython main.py run high_load
python main.py run web_504
python main.py run otherCollects baseline information for a high load / slow response situation.
Collects baseline information for a 504 Gateway Timeout situation. This also tries to collect Apache access and error log tails.
Lets you enter a free-text symptom description and collects the common baseline command set.
Common baseline commands:
datehostnameuptimefree -mdf -htop -b -n 1 | head -30ps aux --sort=-%cpu | head -15ps aux --sort=-%mem | head -15
Additional commands for web_504:
tail -n 50 /var/log/apache2/error.logtail -n 50 /var/log/apache2/access.log
Contains:
- run ID
- timestamp
- selected symptom
- environment info
- executed commands
- recommended review order
- review notes
Contains a Markdown prompt you can paste directly into AI.
It includes:
- purpose and safety context
- incident context such as symptom, timestamp, and hostname
- the same summary content as
summary.txt - collected raw evidence embedded as Markdown code blocks
Contains the raw output of each command.
- This tool focuses on initial triage only
- It uses simple read-only commands
- Log paths may differ depending on your environment
- Some commands may fail because of permissions or missing files
- The tool still saves those results so you can see what happened
- It is not a full incident diagnosis framework
- It is not environment-aware beyond the values in
envs.json - It assumes a Linux-like environment
- Apache log paths are currently fixed in the code for
web_504
- Run the tool
- Check
summary.txt - Review the files listed in the recommended order
- Open
ai_prompt.md - Paste the Markdown content into AI
- Continue investigation based on AI suggestions
- configurable log paths via
envs.json - additional incident types
- more incident-specific Markdown prompt templates
- richer environment profiles
MIT