Nagios/Icinga compatible plugin to search journalctl output for matching lines.

check_journal takes a YAML document with regular expressions for matches and exceptions. Example:

criticalpatterns:
  - '[Aa]bort|ABORT'
  - '[Ee]rror|ERROR'

criticalexceptions:
  - 'timestamp:".*",level:"(error|warn)"'
  - '0 errors'

warningpatterns:
  - '[Ff]ail|FAIL'
  - '[Ww]arn|WARN'

warningexceptions:
  - '0 failures'
  - 'graylogctl'
  - 'node\[.*\]: Exception'

check_journal reports a CRITICAL result if any one of criticalpatterns and none of criticalexceptions matches. If there is not critical match, the same procedure is repeated for WARNING.

It is stongly recommended to pass a state file with the -f option. The state file helps check_journal to resume exactly where it stopped on the last run so that no log line is reported twice.

Standard Rust build procedures apply. Basically, invoke

cargo build --release

to obtain a binary.

A Makefile is included which also builds the manpage. To compile and install under /usr/local, invoke

make install PREFIX=/usr/local

Build requirements:

• Rust >= 1.40
• ronn for compiling the man page

The plugin can be released as a snap package by running

snapcraft clean
snapcraft

Once released, this will download the snap from the snap store and install on the machine.

snap install check-journal

check-journal
# -- or -- #
snap run check-journal

The plugin, which is usually running under the nagios user, must be able to access the journal. The recommended way to achieve this is:

1. Grant members of the adm group access to the journal: setfacl -Rnm g:adm:rx,d:g:adm:rx /var/log/journal -- see systemd-journald.service(8) for details. Some distributions already have that ACL set by default.

2. Add the nagios user to the adm group.

The primary author is Christian Kauhaus.

This program is distributed under the terms of the BSD 3-Clause Revised License.