Lightweight replacement to both epylog and fail2ban.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Y 298a4c3a11 more filters 3 years ago
extra setup and configuration information 3 years ago
pyruse more filters 3 years ago
tests more filters 3 years ago
LICENSE init 3 years ago
README.md setup and configuration information 3 years ago
TODO.md setup and configuration information 3 years ago

README.md

Python peruser of systemd-journal

This program is intended to be used as a lightweight replacement for both epylog and fail2ban.

The wanted features are these:

  • Peruse all log entries from systemd’s journal, and only those (ie: no log files).
  • Passively wait on new entries; no active polling.
  • Filter-out uninteresting log lines according to the settings.
  • Act on matches in the journal, with some pre-defined actions.
  • Create a daily report with 2 parts:
    • events of interest (according to the settings),
    • and other non-filtered-out log entries.
  • Send an immediate email when something important happens (according to the settings).

Interesting filtering entries are:

  • _TRANSPORT: how the log entry got to the journal (stdout, syslog, journal)
  • PRIORITY: see https://en.wikipedia.org/wiki/Syslog#Severity_level
  • SYSLOG_FACILITY: see https://en.wikipedia.org/wiki/Syslog#Facility
  • _CAP_EFFECTIVE: effective capabilities as an hexadecimal mask
  • _BOOT_ID: boot identifier (may be used to detect reboots)
  • _MACHINE_ID: internal systemd ID for the machine where the log entry occurred
  • _HOSTNAME: short hostname of the machine where the log entry occurred
  • _UID: user ID of the systemd service that produced the log entry
  • _GID: group ID of the systemd service that produced the log entry
  • SYSLOG_IDENTIFIER: service name as reported to the “syslog” API
  • _COMM: name of the command that produced the log entry
  • _EXE: path to the executable file launched by systemd
  • _SYSTEMD_CGROUP: cgroup of the service, eg. /system.slice/systemd-uwsgi.slice/uwsgi@nextcloud.service
  • _SYSTEMD_UNIT: name of the systemd unit that produced the log entry
  • _SYSTEMD_SLICE: name of the systemd slice
  • _CMDLINE: process name as reported by the main process of the systemd service
  • _PID: process ID of the systemd unit’s main process
  • MESSAGE: the actual message of the log entry
  • __REALTIME_TIMESTAMP: Python datetime of the log entry, formatted as: YYYY-MM-DD HH:MM:SS:µµµµµµ

The /etc/pyruse directory is where system-specific files are looked-for:

  • the pyruse.json file that contains the configuration,
  • the pyruse/actions and pyruse/filters subfolders, which may contain additional actions and filters.

Instead of using /etc/pyruse, an alternate directory may be specified with the PYRUSE_EXTRA environment variable.