filtering the systemd journal

seamusdemora · 2022-02-01 01:18:57

There are log events for which I want notification. I've written a small awk script that does the filtering. As of now, I run the job from cron every hour. The following command gets the log data:

 journalctl --since "60 min ago" --until "now"

The output is piped into awk where I do my filtering & notification; for example:

awk '/uart/ && /DMA/ {m=1}; END { if (m == 1){system("cat msg.txt | mail -s Heads_up_Dude $USER")} }'

This works OK, but it occurs to me there may be a better way - and this is my question:

My idea was to create a systemd unit service file that streams journalctl (journalctl --follow) to my awk script (which would need to be revised). I've never written a unit service file, and there may be options in journalctl that eliminate the need for awk I thought I would ask here for a "sanity check" on the idea before spending more time on it. Any pointers, criticisms or suggestions are welcome.

Trilby · 2022-02-01 01:27:35

The current awk command is just an overly complex `grep -q` and a wrapper for a useless cat. That can all be replaced with:

journalctl --since "60 min ago" --until "now" | \
   grep -qm1 '\(uart.*DMA\|DMA.*uart\)' && \
   mail -s Heads_up_Dude $USER < msg.txt

I suspect that grep pattern can be simplified - you want to match a line with "uart" and "DMA", but I suspect you'd know which order they would be in, right? What do these matching lines look like? As for revising it to do something totally different, you'd have to specify what it is you want it to do. Do you want to receive one email for every single match?

You can also most likely do the matching with journalctl. But without specifiying what it is that you are actually hoping to match, we can't really help with that other than pointing you to the man pages.

Last edited by Trilby (2022-02-01 01:32:23)

Arch Linux

#1 2022-02-01 01:18:57

filtering the systemd journal

#2 2022-02-01 01:27:35

Re: filtering the systemd journal

Board footer