Nagios/Icinga compatible plugin to search
journalctl output for matching lines.
check_journal takes a YAML document with regular expressions for matches and exceptions. Example:
criticalpatterns: - '[Aa]bort|ABORT' - '[Ee]rror|ERROR' criticalexceptions: - 'timestamp:".*",level:"(error|warn)"' - '0 errors' warningpatterns: - '[Ff]ail|FAIL' - '[Ww]arn|WARN' warningexceptions: - '0 failures' - 'graylogctl' - 'node\[.*\]: Exception'
check_journal reports a CRITICAL result if any one of
criticalexceptions matches. If there is not critical match, the same
procedure is repeated for WARNING.
It is stongly recommended to pass a state file with the
-f option. The state
file helps check_journal to resume exactly where it stopped on the last run so
that no log line is reported twice.
Standard Rust build procedures apply. Basically, invoke
cargo build --release
to obtain a binary.
A Makefile is included which also builds the manpage. To compile and install
make install PREFIX=/usr/local
- Rust >= 1.40
- ronn for compiling the man page
The plugin can be released as a snap package by running
snapcraft clean snapcraft
Installing the snap
Once released, this will download the snap from the snap store and install on the machine.
snap install check-journal
Running the snap
check-journal # -- or -- # snap run check-journal
The plugin, which is usually running under the nagios user, must be able to access the journal. The recommended way to achieve this is:
Grant members of the adm group access to the journal:
setfacl -Rnm g:adm:rx,d:g:adm:rx /var/log/journal-- see systemd-journald.service(8) for details. Some distributions already have that ACL set by default.
Add the nagios user to the adm group.
The primary author is firstname.lastname@example.org" rel="nofollow">Christian Kauhaus.
This program is distributed under the terms of the BSD 3-Clause Revised License.