# journalogs simple but effective journald monitoring 2015- by Volker Tanger Homepage https://www.wyae.de/software/journalogs/ GIT-Repo https://git.wyae.de/WYAE/journalogs/ Licensed under the EUROPEAN UNION PUBLIC LICENCE v. 1.2 (or later). This is free software - see attached file LICENSE_EUPL-1.2_EN.txt and available in other languages under https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12 ## Purpose JOURNALOGS analyzes the last hour's JOURNALD entries for * alerts = events you want to be notified about * unknown issues and sends an email whenever there are any. It pretty much works similar to logcheck - but on journald instead of regular logfiles. ## Installation * place the *_pattern files in /usr/local/etc/journalogs/ or in a directory defined in the $JLDIR config variable with in the journalogs script. * place journalogs script in /etc/cron.hourly/ ## Configuration All messages are parsed through 2 files containing regular expressions placed in $JLDIR * alerts_pattern * ignore_pattern Please feel free to add new lines. MAKE SURE THAT THERE ARE NO EMPTY LINES (which match everything)! If you want a more frequent log evaluation (e.g. every 5 minutes), change the line in the journalogs script --since "1 hour ago" into the appropriate value, e.g. --since "5 minutes ago" and change the cron job to every 5 minutes (using CRON or a systemd timer job). ## Journald Rant With the advent of SYSTEMD the long-established Syslog logging facility has been replaced by JOURNALD - which locks-up the system whenever there are write-errors, is incapable of forwarding to central logging repositories, has an unreliable syslog connector, etc. Additionally long-established log evaluation programs won't work anymore. So even if it is massively unsuited for servers, journald (coming along with systemd) it has become the de-facto standard for logging. So at least we now have an automated log evaluation to ease the proper maintenance of the systems.