WYAE.de - IT Security, KnowHow & Software


journalogs v24.2.154 - simple but effective journald monitoring


JOURNALOGS analyzes the last hour's JOURNALD entries for

  • alerts = to-be-notified-about entries
  • unknown issues

and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.


  • place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script.
  • place journalogs script in /etc/cron.hourly/

Please see the README for documentation.

Please visit the GIT repository for changes and issues.


All messages are parsed through 2 files containing regular expressions placed in $JLDIR

  • alerts_pattern
  • ignore_pattern

Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!


Journald Rant

With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.

Additionally long-established log evaluation programs won't work anymore.

So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.

At least we now have an automated log evaluation to ease the proper maintenance of the systems.


For details on licensing and support please see there.

This is free software, licensed under the EUROPEAN UNION PUBLIC LICENCE v.1.2 (or later) - see attached file LICENSE_EUPL-1.2_EN.txt and available in other languages under https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12

Copyright (C) 2020- Volker Tanger