check_journal
Nagios/Icinga compatible plugin to search journalctl output for matching lines.
Usage
check_journal takes a YAML document with regular expressions for matches and exceptions. Example:
criticalpatterns:
- '[Aa]bort|ABORT'
- '[Ee]rror|ERROR'
criticalexceptions:
- 'timestamp:".*",level:"(error|warn)"'
- '0 errors'
warningpatterns:
- '[Ff]ail|FAIL'
- '[Ww]arn|WARN'
warningexceptions:
- '0 failures'
- 'graylogctl'
- 'node\[.*\]: Exception'check_journal reports a CRITICAL result if any one of criticalpatterns and
none of criticalexceptions matches. If there is not critical match, the same
procedure is repeated for WARNING.
It is stongly recommended to pass a state file with the -f option. The state
file helps check_journal to resume exactly where it stopped on the last run so
that no log line is reported twice.
Installation
Standard Rust build procedures apply. Basically, invoke
cargo build --releaseto obtain a binary.
A Makefile is included which also builds the manpage. To compile and install
under /usr/local, invoke
make install PREFIX=/usr/localBuild requirements:
- Rust >= 1.40
- ronn for compiling the man page
Packaging
The plugin can be released as a snap package by running
snapcraft clean
snapcraftInstalling the snap
Once released, this will download the snap from the snap store and install on the machine.
snap install check-journalRunning the snap
check-journal
# -- or -- #
snap run check-journalJournal permissions
The plugin, which is usually running under the nagios user, must be able to access the journal. The recommended way to achieve this is:
-
Grant members of the adm group access to the journal:
setfacl -Rnm g:adm:rx,d:g:adm:rx /var/log/journal-- see systemd-journald.service(8) for details. Some distributions already have that ACL set by default. -
Add the nagios user to the adm group.
Author
The primary author is kc@flyingcircus.io" rel="nofollow">Christian Kauhaus.
License
This program is distributed under the terms of the BSD 3-Clause Revised License.
