You are not logged in.
- Topics: Active | Unanswered
#1 2014-07-11 12:11:37
- The Compiler
- Member
- From: Switzerland
- Registered: 2011-05-01
- Posts: 214
- Website
journalwatch - Minimal log watcher/notifier for the systemd journal
Inspired by a blogpost I started a small project: A tool similiar to logwatch/logcheck, but much more KISS, and working with the systemd journal. It's written using Python3.
Git repository
AUR package (journalwatch)
PyPi page
The configuration is very simple: You define patterns for log messages you're not interested in, like this:
_SYSTEMD_UNIT = systemd-logind.service
New session [a-z]?\d+ of user \w+\.
Removed session [a-z]?\d+\.
SYSLOG_IDENTIFIER = /(CROND|crond)/
pam_unix\(crond:session\): session (opened|closed) for user \w+
\(\w+\) CMD .*Then if anything happens which is not filtered by your patterns, you get a mail (or the lines printed on stdout).
From the README:
journalwatch is a tool which can find error messages in the systemd journal.
It is similiar to tools like logwatch/logcheck except it's much more KISS and only works with the systemd journal. It works by defining patterns to match all log lines which are not interesting, and then prints all log lines not matching those patterns (or sends them by mail).
When you start it the first time, it'll write the default pattern and config to $XDG_CONFIG_HOME/.config/journalwatch ($XDG_CONFIG_HOME is your home if unset). Details on how to configure journalwatch are available in these files.
Feedback of any kind is very welcome! 
>>> from __future__ import braces
File "<stdin>", line 1
SyntaxError: not a chance
Offline
#2 2014-07-12 03:39:46
- Gregosky
- Member
- From: UK
- Registered: 2013-07-26
- Posts: 179
Re: journalwatch - Minimal log watcher/notifier for the systemd journal
Hello mate, a good while ago I started working on automated self adapting log analyser. I wanted something that will read audited logs and learn system patterns so during normal operation it would raise alert each time something unusual happens. I wanted this to be done in C (just a thought that C is much easier than C++ to do things right even though I'm very far to call myself a proper programmer).
http://sourceforge.net/projects/intelligentloganalyser/
(in progress, when busy time at day work is over I'm finishing that project off)
Offline