2.4 KiB
2.4 KiB
Python peruser of systemd-journal
This program is intended to be used as a lightweight replacement for both epylog and fail2ban.
The wanted features are these:
- Peruse all log entries from systemd’s journal, and only those (ie: no log files).
- Passively wait on new entries; no active polling.
- Filter-out uninteresting log lines according to the settings.
- Act on matches in the journal, with some pre-defined actions.
- Create a daily report with 2 parts:
- events of interest (according to the settings),
- and other non-filtered-out log entries.
- Send an immediate email when something important happens (according to the settings).
Interesting filtering entries are:
_TRANSPORT
: how the log entry got to the journal (stdout
,syslog
,journal
)PRIORITY
: see https://en.wikipedia.org/wiki/Syslog#Severity_levelSYSLOG_FACILITY
: see https://en.wikipedia.org/wiki/Syslog#Facility_CAP_EFFECTIVE
: effective capabilities as an hexadecimal mask_BOOT_ID
: boot identifier (may be used to detect reboots)_MACHINE_ID
: internal systemd ID for the machine where the log entry occurred_HOSTNAME
: short hostname of the machine where the log entry occurred_UID
: user ID of the systemd service that produced the log entry_GID
: group ID of the systemd service that produced the log entrySYSLOG_IDENTIFIER
: service name as reported to the “syslog” API_COMM
: name of the command that produced the log entry_EXE
: path to the executable file launched by systemd_SYSTEMD_CGROUP
: cgroup of the service, eg./system.slice/systemd-uwsgi.slice/uwsgi@nextcloud.service
_SYSTEMD_UNIT
: name of the systemd unit that produced the log entry_SYSTEMD_SLICE
: name of the systemd slice_CMDLINE
: process name as reported by the main process of the systemd service_PID
: process ID of the systemd unit’s main processMESSAGE
: the actual message of the log entry__REALTIME_TIMESTAMP
: Pythondatetime
of the log entry, formatted as:YYYY-MM-DD HH:MM:SS:µµµµµµ
The /etc/pyruse
directory is where system-specific files are looked-for:
- the
pyruse.json
file that contains the configuration, - the
pyruse/actions
andpyruse/filters
subfolders, which may contain additional actions and filters.
Instead of using /etc/pyruse
, an alternate directory may be specified with the PYRUSE_EXTRA
environment variable.