yves
/
pyruse
1
0
Fork 1
Code Issues 1 Pull Requests Releases Wiki Activity
pyruse/README.md

42 lines
2.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Python peruser of systemd-journal
This program is intended to be used as a lightweight replacement for both epylog and fail2ban.
The wanted features are these:
* Peruse all log entries from systemds journal, and only those (ie: no log files).
* Passively wait on new entries; no active polling.
* Filter-out uninteresting log lines according to the settings.
* Act on matches in the journal, with some pre-defined actions.
* Create a daily report with 2 parts:
- events of interest (according to the settings),
- and other non-filtered-out log entries.
* Send an immediate email when something important happens (according to the settings).
Interesting [filtering entries](https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html) are:
* `_TRANSPORT`: how the log entry got to the journal (`stdout`, `syslog`, `journal`)
* `PRIORITY`: see https://en.wikipedia.org/wiki/Syslog#Severity_level
* `SYSLOG_FACILITY`: see https://en.wikipedia.org/wiki/Syslog#Facility
* `_CAP_EFFECTIVE`: effective capabilities as an hexadecimal mask
* `_BOOT_ID`: boot identifier (may be used to detect reboots)
* `_MACHINE_ID`: internal systemd ID for the machine where the log entry occurred
* `_HOSTNAME`: short hostname of the machine where the log entry occurred
* `_UID`: user ID of the systemd service that produced the log entry
* `_GID`: group ID of the systemd service that produced the log entry
* `SYSLOG_IDENTIFIER`: service name as reported to the “syslog” API
* `_COMM`: name of the command that produced the log entry
* `_EXE`: path to the executable file launched by systemd
* `_SYSTEMD_CGROUP`: cgroup of the service, eg. `/system.slice/systemd-uwsgi.slice/uwsgi@nextcloud.service`
* `_SYSTEMD_UNIT`: name of the systemd unit that produced the log entry
* `_SYSTEMD_SLICE`: name of the systemd slice
* `_CMDLINE`: process name as reported by the main process of the systemd service
* `_PID`: process ID of the systemd units main process
* `MESSAGE`: the actual message of the log entry
* `__REALTIME_TIMESTAMP`: Python `datetime` of the log entry, formatted as: `YYYY-MM-DD HH:MM:SS:µµµµµµ`
The `/etc/pyruse` directory is where system-specific files are looked-for:
* the `pyruse.json` file that contains the configuration,
* the `pyruse/actions` and `pyruse/filters` subfolders, which may contain additional actions and filters.
Instead of using `/etc/pyruse`, an alternate directory may be specified with the `PYRUSE_EXTRA` environment variable.
Reference in New Issue View Git Blame Copy Permalink