Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lynix/journalcheck
Simple logcheck Replacement for Usage with journald
https://github.com/lynix/journalcheck
bash journald logcheck systemd
Last synced: 8 days ago
JSON representation
Simple logcheck Replacement for Usage with journald
- Host: GitHub
- URL: https://github.com/lynix/journalcheck
- Owner: lynix
- License: mit
- Created: 2015-03-17T20:33:04.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-01-25T13:27:27.000Z (10 months ago)
- Last Synced: 2024-02-13T21:46:39.272Z (9 months ago)
- Topics: bash, journald, logcheck, systemd
- Language: Shell
- Homepage:
- Size: 54.7 KB
- Stars: 23
- Watchers: 7
- Forks: 4
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
journalcheck
============
(C) Alexander Koch
### A simple replacement for logcheck for usage with journald
Journalcheck aims at being a simple replacement for
[_logcheck_](http://logcheck.org) when using journald for system logs. It calls
`journalctl` to obtain all messages that have been recorded since its last
invocation, pipes the output through `egrep` with a given set of filters, and
passes the remaining messages to stdout. Journalcheck therefore works with
volatile system logs as well.
## Dependencies
* systemd (`journalctl`)
* coreutils (`split`)
* grep (`egrep`)
## Usage
Journalcheck is best run as regular user (no need for root privileges!) via
cron:
```
MAILTO=user@localhost
# m h dom mon dow command
*/30 * * * * journalcheck
```
With a local MTA/MDA set up correctly, you will receive all log entries not
matching the white-list by mail. In addition to the ones shipped with
journalcheck, it looks in _~/.journalcheck.d_ for user-defined filters.
For cron-less systems making use of systemd .timer units instead, there are
example units in _example_. They rely on
[checkrun.sh](https://github.com/lynix/checkrun.sh) for mail functionality.
## Configuration
Journalcheck is configurable through the following environment variables
(default values in brackets):
* `JC_FILTERS_GLOBAL` (*/usr/lib/journalcheck*): Directory for system-wide filters
* `JC_FILTERS_USER` (*~/.journalcheck.d*): Directory for user-defined filters
* `JC_CURSOR_FILE` (*~/.journalcheck.cursor*): Last run timestamp file
* `JC_NUM_THREADS` (no. of logical CPUs): Number of worker threads to spawn
* `JC_LOGLEVEL` (0..5): Priority (loglevel) filter
## Help Wanted
As I only have a limited set of machines and applications running to derive
filters from, I rely heavily on contributions in order to provide a universal
filter set. Pull requests are welcome!
## License
Journalcheck is released under the terms of the MIT License, see LICENSE file.