journalogs

journalogs

simple but effective journald monitoring

2015- by Volker Tanger volker.tanger@wyae.de

Homepage https://www.wyae.de/software/journalogs/ GIT-Repo https://git.wyae.de/WYAE/journalogs/

Licensed under GPLv3 (see LICENSE file).

Purpose

JOURNALOGS analyzes the last hour's JOURNALD entries for

• alerts = events you want to be notified about
• unknown issues

and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.

Installation

• place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script.
• place journalogs script in /etc/cron.hourly/

Configuration

All messages are parsed through 2 files containing regular expressions placed in $JLDIR

• alerts_pattern
• ignore_pattern

Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!

If you want a more frequent log evaluation (e.g. every 5 minutes), change the line in the journalogs script

--since "1 hour ago" 

into the appropriate value, e.g.

--since "5 minutes ago" 

and change the cron job to every 5 minutes (using CRON or a systemd timer job).

Journald Rant

With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.

Additionally long-established log evaluation programs won't work anymore.

So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.

So at least we now have an automated log evaluation to ease the proper maintenance of the systems.