WYAE.de - IT Security, KnowHow & Software

2024-02-16

journalogs v24.2.154 - simple but effective journald monitoring

Purpose

JOURNALOGS analyzes the last hour's JOURNALD entries for

  • alerts = to-be-notified-about entries
  • unknown issues

and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles.

Installation

  • place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script.
  • place journalogs script in /etc/cron.hourly/

Please see the README for documentation.

Please visit the GIT repository for changes and issues.

Configuration

All messages are parsed through 2 files containing regular expressions placed in $JLDIR

  • alerts_pattern
  • ignore_pattern

Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)!

Downloads

Journald Rant

With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc.

Additionally long-established log evaluation programs won't work anymore.

So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging.

At least we now have an automated log evaluation to ease the proper maintenance of the systems.

License

For details on licensing and support please see there.

This software is published under a "GNU Public License" (v3 or later), an open source license.