https://github.com/flyingcircusio/check_journal
Nagios/Icinga compatible plugin to search `journalctl` output for matching lines
https://github.com/flyingcircusio/check_journal
journalctl monitoring
Last synced: 6 months ago
JSON representation
Nagios/Icinga compatible plugin to search `journalctl` output for matching lines
- Host: GitHub
- URL: https://github.com/flyingcircusio/check_journal
- Owner: flyingcircusio
- License: bsd-3-clause
- Created: 2018-06-06T07:52:49.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2023-09-12T13:48:59.000Z (almost 3 years ago)
- Last Synced: 2023-09-12T22:45:05.854Z (almost 3 years ago)
- Topics: journalctl, monitoring
- Language: Rust
- Size: 127 KB
- Stars: 3
- Watchers: 6
- Forks: 6
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- Changelog: ChangeLog
- License: LICENSE
Awesome Lists containing this project
README
# check_journal
[](https://snapcraft.io/check-journal)
Nagios/Icinga compatible plugin to search `journalctl` output for matching lines.
## Usage
check_journal takes a YAML document with regular expressions for matches and
exceptions. Example:
```
criticalpatterns:
- '[Aa]bort|ABORT'
- '[Ee]rror|ERROR'
criticalexceptions:
- 'timestamp:".*",level:"(error|warn)"'
- '0 errors'
warningpatterns:
- '[Ff]ail|FAIL'
- '[Ww]arn|WARN'
warningexceptions:
- '0 failures'
- 'graylogctl'
- 'node\[.*\]: Exception'
```
check_journal reports a CRITICAL result if any one of `criticalpatterns` and
none of `criticalexceptions` matches. If there is not critical match, the same
procedure is repeated for WARNING.
It is stongly recommended to pass a state file with the `-f` option. The state
file helps check_journal to resume exactly where it stopped on the last run so
that no log line is reported twice.
## Installation
Standard Rust build procedures apply. Basically, invoke
```
cargo build --release
```
to obtain a binary.
A Makefile is included which also builds the manpage. To compile and install
under `/usr/local`, invoke
```
make install PREFIX=/usr/local
```
Build requirements:
* *Rust* >= 1.40
* *ronn* for compiling the man page
## Packaging
The plugin can be released as a snap package by running
```bash
snapcraft clean
snapcraft
```
### Installing the snap
Once released, this will download the snap from the snap store and install
on the machine.
```bash
snap install check-journal
```
### Running the snap
```bash
check-journal
# -- or -- #
snap run check-journal
```
## Journal permissions
The plugin, which is usually running under the *nagios* user, must be able to
access the journal. The recommended way to achieve this is:
1. Grant members of the *adm* group access to the journal:
`setfacl -Rnm g:adm:rx,d:g:adm:rx /var/log/journal` -- see
systemd-journald.service(8) for details. Some distributions already have
that ACL set by default.
2. Add the *nagios* user to the *adm* group.
## Author
The primary author is [Christian Kauhaus](mailto:kc@flyingcircus.io).
## License
This program is distributed under the terms of the [BSD 3-Clause Revised
License](https://opensource.org/licenses/BSD-3-Clause).