journalogs - simple but effective journald monitoring
JOURNALOGS analyzes the last hour's JOURNALD entries for
- alerts = to-be-notified-about entries
- unknown issues
and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.
- place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script.
- place journalogs script in /etc/cron.hourly/
Please see the README for documentation.
All messages are parsed through 2 files containing regular expressions placed in $JLDIR
Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!
With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.
Additionally long-established log evaluation programs won't work anymore.
So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.
At least we now have an automated log evaluation to ease the proper maintenance of the systems.
For details on licensing and support please see there.
This software is published under a "GNU Public License" (v3 or later), an open source license.