Nagios/Icinga compatible plugin to search journalctl output for matching lines.
check_journal takes a YAML document with regular expressions for matches and exceptions. Example:
criticalpatterns:
- '[Aa]bort|ABORT'
- '[Ee]rror|ERROR'
criticalexceptions:
- 'timestamp:".*",level:"(error|warn)"'
- '0 errors'
warningpatterns:
- '[Ff]ail|FAIL'
- '[Ww]arn|WARN'
warningexceptions:
- '0 failures'
- 'graylogctl'
- 'node\[.*\]: Exception'
check_journal reports a CRITICAL result if any one of criticalpatterns and
none of criticalexceptions matches. If there is not critical match, the same
procedure is repeated for WARNING.
It is stongly recommended to pass a state file with the -f option. The state
file helps check_journal to resume exactly where it stopped on the last run so
that no log line is reported twice.
Standard Rust build procedures apply. Basically, invoke
cargo build --release
to obtain a binary.
A Makefile is included which also builds the manpage. To compile and install
under /usr/local, invoke
make install PREFIX=/usr/local
Build requirements:
- Rust >= 1.40
- ronn for compiling the man page
The plugin can be released as a snap package by running
snapcraft clean
snapcraftOnce released, this will download the snap from the snap store and install on the machine.
snap install check-journalcheck-journal
# -- or -- #
snap run check-journalThe plugin, which is usually running under the nagios user, must be able to access the journal. The recommended way to achieve this is:
-
Grant members of the adm group access to the journal:
setfacl -Rnm g:adm:rx,d:g:adm:rx /var/log/journal-- see systemd-journald.service(8) for details. Some distributions already have that ACL set by default. -
Add the nagios user to the adm group.
The primary author is Christian Kauhaus.
This program is distributed under the terms of the BSD 3-Clause Revised License.