journalogs v24.2.154 - simple but effective journald monitoring
JOURNALOGS analyzes the last hour's JOURNALD entries for
- alerts = to-be-notified-about entries
- unknown issues
and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.
- place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script.
- place journalogs script in /etc/cron.hourly/
Please see the README for documentation.
Please visit the GIT repository for changes and issues.
All messages are parsed through 2 files containing regular expressions placed in $JLDIR
Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!
With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.
Additionally long-established log evaluation programs won't work anymore.
So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.
At least we now have an automated log evaluation to ease the proper maintenance of the systems.
This software is published under a "GNU Public License" (v3 or later), an open source license.