You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2024-08-11 11:06:06
- Thorben
- Member
- Registered: 2024-04-15
- Posts: 1
Journalctl subscription
Hi, I'm thinking about logging everything from journalctl into a database, so I can query it (and some other tasks).
Is there a way to subscribe to log entries other than parsing the output from journalctl? I think that reading the output will lose information (the red color will be lost for example).
To me the ideal thing would be an API.
On top of this, are there tools that already do similar things that I could look into?
Offline
#2 2024-08-11 13:48:37
- seth
- Member
- Registered: 2012-09-03
- Posts: 58,667
Online
#3 2024-08-11 14:01:00
- Trilby
- Inspector Parrot
- Registered: 2011-11-29
- Posts: 30,330
- Website
Re: Journalctl subscription
Ah ... reading the output of what will lose information? The "red color" is just for display to the screen.
I take it you have not found the -o flag in the journalctl manual. I'm pretty sure this is what you'll want, particularly the json-* options.
You could dump `journalctl -o json` right into jq to query, or perhaps `-o verbose` might be better for parsing into an sql(ite) table if you'd prefer.
Last edited by Trilby (2024-08-11 14:37:19)
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
#4 2024-08-16 11:39:21
- mountaintrek
- Member
- Registered: 2024-02-01
- Posts: 36
Re: Journalctl subscription
When you start exploring the journal's fields, these commands might be helpful. The journal man page has a lot of info.
# list fields
journalctl --fields
# list values for a field
journalctl --field=PRIORITY
journalctl --field=SYSLOG_IDENTIFIER
# fields and field values
journalctl --boot=0 --lines=all --all --output=verbose
# 5 values for each field
for f in $(journalctl --fields|sort); do echo "=========== ${f}"; journalctl -n 5 -F "${f}";echo;done From man journalctl
When outputting to a tty, lines are colored according to priority: lines of level ERROR and
higher are colored red; lines of level WARNING are colored yellow; lines of level NOTICE are
highlighted; lines of level INFO are displayed normally; lines of level DEBUG are colored
grey.
Offline
Pages: 1