Simple but effective journald monitoring
JOURNALOGS analyzes the last hour's JOURNALD entries for
* alerts = to-be-notified-about entries
* unknown issues
and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.
https://www.wyae.de/software/journalogs/
Volker Tanger 5d4a1a7017 retracted a bit too much regex optimisation | 2 weeks ago | |
---|---|---|
.gitignore | 1 year ago | |
LICENSE_EUPL-1.2_EN.txt | 7 months ago | |
README.md | 7 months ago | |
alert_pattern | 1 year ago | |
ignore_pattern | 2 weeks ago | |
journalogs | 7 months ago |
simple but effective journald monitoring
2015- by Volker Tanger volker.tanger@wyae.de
Homepage https://www.wyae.de/software/journalogs/ GIT-Repo https://git.wyae.de/WYAE/journalogs/
Licensed under the EUROPEAN UNION PUBLIC LICENCE v. 1.2 (or later). This is free software - see attached file LICENSE_EUPL-1.2_EN.txt and available in other languages under https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
JOURNALOGS analyzes the last hour's JOURNALD entries for
and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.
All messages are parsed through 2 files containing regular expressions placed in $JLDIR
Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!
If you want a more frequent log evaluation (e.g. every 5 minutes), change the line in the journalogs script
--since "1 hour ago"
into the appropriate value, e.g.
--since "5 minutes ago"
and change the cron job to every 5 minutes (using CRON or a systemd timer job).
With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.
Additionally long-established log evaluation programs won't work anymore.
So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.
So at least we now have an automated log evaluation to ease the proper maintenance of the systems.