From dad4ae19456e86bc3233e44eed2c798fd02d7195 Mon Sep 17 00:00:00 2001 From: "Kamil Mankowski (kam193)" Date: Sat, 21 Dec 2024 18:00:35 +0100 Subject: [PATCH 1/3] feat(journald-query) Add support for the threshold --- check-plugins/journald-query/README.rst | 55 ++++++++++--------- check-plugins/journald-query/journald-query | 14 ++++- check-plugins/journald-query/unit-test/run | 28 ++++++++++ .../journald-query/unit-test/stdout/EXAMPLE03 | 3 + 4 files changed, 71 insertions(+), 29 deletions(-) create mode 100644 check-plugins/journald-query/unit-test/stdout/EXAMPLE03 diff --git a/check-plugins/journald-query/README.rst b/check-plugins/journald-query/README.rst index d4e889b44..819c40f2c 100644 --- a/check-plugins/journald-query/README.rst +++ b/check-plugins/journald-query/README.rst @@ -24,7 +24,7 @@ Fact Sheet .. csv-table:: :widths: 30, 70 - + "Check Plugin Download", "https://github.com/Linuxfabrik/monitoring-plugins/tree/main/check-plugins/journald-query" "Check Interval Recommendation", "Once a minute" "Can be called without parameters", "Yes" @@ -41,7 +41,7 @@ Help [--ignore-pattern IGNORE_PATTERN] [--ignore-regex IGNORE_REGEX] [--priority PRIORITY] [--severity {warn,crit}] [--since SINCE] [--test TEST] - [--unit UNIT] [--user-unit USER_UNIT] + [--unit UNIT] [--user-unit USER_UNIT] [--count COUNT] Query the systemd journal and alert on any events found. For help on any of the journalctl-specific parameters, see `man journalctl`. @@ -83,6 +83,7 @@ Help journalctl: Show messages for the specified user session unit. This parameter can be specified multiple times. Default: None + --count COUNT Number of events to trigger the state. Default: 1 Usage Examples @@ -98,21 +99,21 @@ Output: .. code-block:: text - 27 events. Latest event at 2022-07-28 15:08:04 from systemd-resolved, level err: `Failed to send hostname reply: Transport endpoint is not connected` [WARNING]. + 27 events. Latest event at 2022-07-28 15:08:04 from systemd-resolved, level err: `Failed to send hostname reply: Transport endpoint is not connected` [WARNING]. Attention: Table below is shortened and just shows the 5 newest and the 5 oldest messages. - Timestamp ! Unit ! Prio ! Message + Timestamp ! Unit ! Prio ! Message --------------------+------------------+------+------------------------------------------------------------------------------------------------------------------------------------------- - 2022-07-28 15:08:04 ! systemd-resolved ! err ! Failed to send hostname reply: Transport endpoint is not connected - 2022-07-28 09:27:03 ! dnf-makecache ! err ! Failed to start dnf makecache. - 2022-07-28 09:10:55 ! session-c1.scope ! err ! GLib-GObject: g_object_unref: assertion 'G_IS_OBJECT (object)' failed - 2022-07-28 09:10:51 ! user@1000 ! err ! Failed to start Application launched by gnome-session-binary. - 2022-07-28 09:10:51 ! user@1000 ! err ! Failed to start Application launched by gnome-session-binary. - 2022-07-27 20:36:52 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' - 2022-07-27 20:36:36 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' - 2022-07-27 20:36:36 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' - 2022-07-27 20:36:34 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' - 2022-07-27 20:36:34 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' + 2022-07-28 15:08:04 ! systemd-resolved ! err ! Failed to send hostname reply: Transport endpoint is not connected + 2022-07-28 09:27:03 ! dnf-makecache ! err ! Failed to start dnf makecache. + 2022-07-28 09:10:55 ! session-c1.scope ! err ! GLib-GObject: g_object_unref: assertion 'G_IS_OBJECT (object)' failed + 2022-07-28 09:10:51 ! user@1000 ! err ! Failed to start Application launched by gnome-session-binary. + 2022-07-28 09:10:51 ! user@1000 ! err ! Failed to start Application launched by gnome-session-binary. + 2022-07-27 20:36:52 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' + 2022-07-27 20:36:36 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' + 2022-07-27 20:36:36 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' + 2022-07-27 20:36:34 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' + 2022-07-27 20:36:34 ! user@1000 ! err ! Ignoring duplicate name 'org.freedesktop.FileManager1' in service file '/usr/share//dbus-1/services/org.freedesktop.FileManager1.service' Use `journalctl --reverse --priority=emerg..err --since=-24h` as a starting point for debugging. Be aware of the fact that you might see even more messages then, as we apply a lot of unit filters to only get messages from basic system services. The full command used was: @@ -131,18 +132,18 @@ Output: 994 events. Latest event at 2022-07-28 18:00:04 from httpd, level err: `[proxy_fcgi:error] [pid 896:tid 929] [client 127.0.0.1:50256] AH01071: Got error 'Primary script unknown'` [CRITICAL]. Attention: Table below is shortened and just shows the 5 newest and the 5 oldest messages. - Timestamp ! Unit ! Prio ! Message + Timestamp ! Unit ! Prio ! Message --------------------+-------+------+----------------------------------------------------------------------------------------------------------- - 2022-07-28 18:00:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 929] [client 127.0.0.1:50256] AH01071: Got error 'Primary script unknown' - 2022-07-28 17:59:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 927] [client 127.0.0.1:57732] AH01071: Got error 'Primary script unknown' - 2022-07-28 17:59:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 945] [client 127.0.0.1:53908] AH01071: Got error 'Primary script unknown' - 2022-07-28 17:58:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 943] [client 127.0.0.1:56074] AH01071: Got error 'Primary script unknown' - 2022-07-28 17:58:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 936] [client 127.0.0.1:44684] AH01071: Got error 'Primary script unknown' - 2022-07-28 09:45:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 947] [client 127.0.0.1:52536] AH01071: Got error 'Primary script unknown' - 2022-07-28 09:45:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 940] [client 127.0.0.1:53256] AH01071: Got error 'Primary script unknown' - 2022-07-28 09:44:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 938] [client 127.0.0.1:44544] AH01071: Got error 'Primary script unknown' - 2022-07-28 09:44:04 ! httpd ! err ! [proxy_fcgi:error] [pid 897:tid 904] [client 127.0.0.1:40142] AH01071: Got error 'Primary script unknown' - 2022-07-28 09:43:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 931] [client 127.0.0.1:34050] AH01071: Got error 'Primary script unknown' + 2022-07-28 18:00:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 929] [client 127.0.0.1:50256] AH01071: Got error 'Primary script unknown' + 2022-07-28 17:59:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 927] [client 127.0.0.1:57732] AH01071: Got error 'Primary script unknown' + 2022-07-28 17:59:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 945] [client 127.0.0.1:53908] AH01071: Got error 'Primary script unknown' + 2022-07-28 17:58:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 943] [client 127.0.0.1:56074] AH01071: Got error 'Primary script unknown' + 2022-07-28 17:58:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 936] [client 127.0.0.1:44684] AH01071: Got error 'Primary script unknown' + 2022-07-28 09:45:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 947] [client 127.0.0.1:52536] AH01071: Got error 'Primary script unknown' + 2022-07-28 09:45:04 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 940] [client 127.0.0.1:53256] AH01071: Got error 'Primary script unknown' + 2022-07-28 09:44:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 938] [client 127.0.0.1:44544] AH01071: Got error 'Primary script unknown' + 2022-07-28 09:44:04 ! httpd ! err ! [proxy_fcgi:error] [pid 897:tid 904] [client 127.0.0.1:40142] AH01071: Got error 'Primary script unknown' + 2022-07-28 09:43:55 ! httpd ! err ! [proxy_fcgi:error] [pid 896:tid 931] [client 127.0.0.1:34050] AH01071: Got error 'Primary script unknown' The full command used was: journalctl --reverse --priority=emerg..err --since=-24h --unit="httpd.service" @@ -160,8 +161,8 @@ Perfdata / Metrics .. csv-table:: :widths: 25, 15, 60 :header-rows: 1 - - Name, Type, Description + + Name, Type, Description journald-query, Number, Number of events found in journald diff --git a/check-plugins/journald-query/journald-query b/check-plugins/journald-query/journald-query index 09c75aa5a..4abeb187d 100755 --- a/check-plugins/journald-query/journald-query +++ b/check-plugins/journald-query/journald-query @@ -38,6 +38,7 @@ DEFAULT_SERVERITY = 'warn' DEFAULT_SINCE = '-8h' DEFAULT_UNIT = None DEFAULT_USER_UNIT = None +DEFAULT_COUNT = 1 # don't sort JOURNALD_PRIOS alphabetically, we need the indexes (0 = emerg etc.) JOURNALD_PRIOS = [ @@ -166,6 +167,14 @@ def parse_args(): action='append', ) + parser.add_argument( + '--count', + help='Number of events to trigger the state. Default: %(default)d', + dest='COUNT', + default=DEFAULT_COUNT, + type=lib.args.int_or_none, + ) + return parser.parse_args() @@ -259,8 +268,8 @@ def main(): # analyze data if stdout: # found something, so nothing good - state = lib.base.str2state(args.SEVERITY) result = stdout.splitlines() + threshold = args.COUNT or 1 compiled_ignore_regex = [re.compile(item) for item in args.IGNORE_REGEX] for item in result: @@ -302,6 +311,7 @@ def main(): # build the message if table_data: + state = lib.base.str2state(args.SEVERITY) if cnt >= threshold else STATE_OK msg = '{} {}. Latest event at {} from {}, level {}: `{}`{}'.format( cnt, lib.txt.pluralize('event', cnt), @@ -309,7 +319,7 @@ def main(): table_data[0]['unit'], table_data[0]['priority'], table_data[0]['MESSAGE'], - lib.base.state2str(lib.base.str2state(args.SEVERITY), prefix=' '), + lib.base.state2str(state, prefix=' '), ) if shortened: msg += '\nAttention: Table below is truncated, showing the 5 newest and ' \ diff --git a/check-plugins/journald-query/unit-test/run b/check-plugins/journald-query/unit-test/run index f8b62be0b..406109c9b 100755 --- a/check-plugins/journald-query/unit-test/run +++ b/check-plugins/journald-query/unit-test/run @@ -52,6 +52,34 @@ class TestCheck(unittest.TestCase): self.assertEqual(stderr, '') self.assertEqual(retc, STATE_CRIT) + def test_if_check_respects_ignores_EXAMPLE02c(self): + stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(self.check + ' --ignore-pattern="iSCSI" --test=stdout/EXAMPLE02,,0')) + self.assertIn('Everything is ok.', stdout) + self.assertEqual(stderr, '') + self.assertEqual(retc, STATE_OK) + + + def test_events_below_threshold_EXAMPLE03a(self): + stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(self.check + ' --count=5 --test=stdout/EXAMPLE03,,0')) + self.assertIn('3 events. Latest event at 2022-07-28 14:29:48 from iscsid, level err: `iSCSI daemon with pid=865 started!`', stdout) + self.assertIn('Timestamp ! Unit ! Prio ! Message', stdout) + self.assertIn('--------------------+--------+------+------------------------------------', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=865 started!', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=866 started!', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=867 started!', stdout) + self.assertEqual(stderr, '') + self.assertEqual(retc, STATE_OK) + + def test_events_above_threshold_EXAMPLE03a(self): + stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(self.check + ' --count=2 --test=stdout/EXAMPLE03,,0')) + self.assertIn('3 events. Latest event at 2022-07-28 14:29:48 from iscsid, level err: `iSCSI daemon with pid=865 started!` [WARNING]', stdout) + self.assertIn('Timestamp ! Unit ! Prio ! Message', stdout) + self.assertIn('--------------------+--------+------+------------------------------------', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=865 started!', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=866 started!', stdout) + self.assertIn('2022-07-28 14:29:48 ! iscsid ! err ! iSCSI daemon with pid=867 started!', stdout) + self.assertEqual(stderr, '') + self.assertEqual(retc, STATE_WARN) if __name__ == '__main__': unittest.main() diff --git a/check-plugins/journald-query/unit-test/stdout/EXAMPLE03 b/check-plugins/journald-query/unit-test/stdout/EXAMPLE03 new file mode 100644 index 000000000..18e915d10 --- /dev/null +++ b/check-plugins/journald-query/unit-test/stdout/EXAMPLE03 @@ -0,0 +1,3 @@ +{ "__CURSOR" : "s=8ba8080b764946c2b09652c8f6f6d573;i=2e3;b=5aa7e94ae99b4bcab2e262a17cfeeb2a;m=25a642;t=5e4dcb07afe37;x=1705c95a45c73ab2", "__REALTIME_TIMESTAMP" : "1659011388341815", "__MONOTONIC_TIMESTAMP" : "2467394", "_BOOT_ID" : "5aa7e94ae99b4bcab2e262a17cfeeb2a", "SYSLOG_FACILITY" : "3", "_UID" : "0", "_GID" : "0", "_SYSTEMD_SLICE" : "system.slice", "_MACHINE_ID" : "80e8db6b3ccf05cef005708f62ceaaf7", "_HOSTNAME" : "ubuntu1604.localdomain", "_CAP_EFFECTIVE" : "3fffffffff", "_TRANSPORT" : "syslog", "SYSLOG_IDENTIFIER" : "iscsid", "_COMM" : "iscsid", "PRIORITY" : "3", "MESSAGE" : "iSCSI daemon with pid=865 started!", "_PID" : "863", "_EXE" : "/sbin/iscsid", "_CMDLINE" : "/sbin/iscsid", "_SYSTEMD_CGROUP" : "/system.slice/iscsid.service", "_SYSTEMD_UNIT" : "iscsid.service", "_SOURCE_REALTIME_TIMESTAMP" : "1659011388341744" } +{ "__CURSOR" : "s=8ba8080b764946c2b09652c8f6f6d573;i=2e3;b=5aa7e94ae99b4bcab2e262a17cfeeb2a;m=25a642;t=5e4dcb07afe37;x=1705c95a45c73ab2", "__REALTIME_TIMESTAMP" : "1659011388341815", "__MONOTONIC_TIMESTAMP" : "2467394", "_BOOT_ID" : "5aa7e94ae99b4bcab2e262a17cfeeb2a", "SYSLOG_FACILITY" : "3", "_UID" : "0", "_GID" : "0", "_SYSTEMD_SLICE" : "system.slice", "_MACHINE_ID" : "80e8db6b3ccf05cef005708f62ceaaf7", "_HOSTNAME" : "ubuntu1604.localdomain", "_CAP_EFFECTIVE" : "3fffffffff", "_TRANSPORT" : "syslog", "SYSLOG_IDENTIFIER" : "iscsid", "_COMM" : "iscsid", "PRIORITY" : "3", "MESSAGE" : "iSCSI daemon with pid=866 started!", "_PID" : "863", "_EXE" : "/sbin/iscsid", "_CMDLINE" : "/sbin/iscsid", "_SYSTEMD_CGROUP" : "/system.slice/iscsid.service", "_SYSTEMD_UNIT" : "iscsid.service", "_SOURCE_REALTIME_TIMESTAMP" : "1659011388341744" } +{ "__CURSOR" : "s=8ba8080b764946c2b09652c8f6f6d573;i=2e3;b=5aa7e94ae99b4bcab2e262a17cfeeb2a;m=25a642;t=5e4dcb07afe37;x=1705c95a45c73ab2", "__REALTIME_TIMESTAMP" : "1659011388341815", "__MONOTONIC_TIMESTAMP" : "2467394", "_BOOT_ID" : "5aa7e94ae99b4bcab2e262a17cfeeb2a", "SYSLOG_FACILITY" : "3", "_UID" : "0", "_GID" : "0", "_SYSTEMD_SLICE" : "system.slice", "_MACHINE_ID" : "80e8db6b3ccf05cef005708f62ceaaf7", "_HOSTNAME" : "ubuntu1604.localdomain", "_CAP_EFFECTIVE" : "3fffffffff", "_TRANSPORT" : "syslog", "SYSLOG_IDENTIFIER" : "iscsid", "_COMM" : "iscsid", "PRIORITY" : "3", "MESSAGE" : "iSCSI daemon with pid=867 started!", "_PID" : "863", "_EXE" : "/sbin/iscsid", "_CMDLINE" : "/sbin/iscsid", "_SYSTEMD_CGROUP" : "/system.slice/iscsid.service", "_SYSTEMD_UNIT" : "iscsid.service", "_SOURCE_REALTIME_TIMESTAMP" : "1659011388341744" } From 1a472592e514584fe41537e1eef8837ec309786c Mon Sep 17 00:00:00 2001 From: "Kamil Mankowski (kam193)" Date: Sat, 21 Dec 2024 18:13:54 +0100 Subject: [PATCH 2/3] feat(journald-query) Add regex to select certain messages --- check-plugins/journald-query/README.rst | 11 ++++++++--- check-plugins/journald-query/journald-query | 12 ++++++++++++ check-plugins/journald-query/unit-test/run | 2 +- 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/check-plugins/journald-query/README.rst b/check-plugins/journald-query/README.rst index 819c40f2c..1d58badb8 100644 --- a/check-plugins/journald-query/README.rst +++ b/check-plugins/journald-query/README.rst @@ -39,9 +39,10 @@ Help usage: journald-query [-h] [-V] [--always-ok] [--facility FACILITY] [--identifier IDENTIFIER] [--ignore-pattern IGNORE_PATTERN] - [--ignore-regex IGNORE_REGEX] [--priority PRIORITY] - [--severity {warn,crit}] [--since SINCE] [--test TEST] - [--unit UNIT] [--user-unit USER_UNIT] [--count COUNT] + [--ignore-regex IGNORE_REGEX] [--grep GREP] + [--priority PRIORITY] [--severity {warn,crit}] + [--since SINCE] [--test TEST] [--unit UNIT] + [--user-unit USER_UNIT] [--count COUNT] Query the systemd journal and alert on any events found. For help on any of the journalctl-specific parameters, see `man journalctl`. @@ -67,6 +68,10 @@ Help `journalctl`, you can easily use a regex to ignore certain messages. Example: '(?i)linuxfabrik' for a case-insensitive search for "linuxfabrik". + --grep GREP journalctl: Filter output to entries where the + MESSAGE= field matches the specified regular + expression. PERL-compatible regular expressions are + used --priority PRIORITY journalctl: Filter output by message priorities or priority ranges. Default: emerg..err --severity {warn,crit} diff --git a/check-plugins/journald-query/journald-query b/check-plugins/journald-query/journald-query index 4abeb187d..1b717d7a9 100755 --- a/check-plugins/journald-query/journald-query +++ b/check-plugins/journald-query/journald-query @@ -39,6 +39,7 @@ DEFAULT_SINCE = '-8h' DEFAULT_UNIT = None DEFAULT_USER_UNIT = None DEFAULT_COUNT = 1 +DEFAULT_GREP = None # don't sort JOURNALD_PRIOS alphabetically, we need the indexes (0 = emerg etc.) JOURNALD_PRIOS = [ @@ -111,6 +112,15 @@ def parse_args(): dest='IGNORE_REGEX', ) + parser.add_argument( + '--grep', + help='journalctl: Filter output to entries where the MESSAGE= field ' + 'matches the specified regular expression. PERL-compatible ' + 'regular expressions are used', + default=DEFAULT_GREP, + dest='GREP', + ) + parser.add_argument( '--priority', help='journalctl: Filter output by message priorities or priority ' @@ -252,6 +262,8 @@ def main(): if args.USER_UNIT is not None: for unit in args.USER_UNIT: cmd += '--user-unit="{}" '.format(unit) + if args.GREP is not None: + cmd += ' --grep="{}" '.format(args.GREP) cmd = cmd.strip() stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(cmd)) # pylint: disable=W0612 if stderr: diff --git a/check-plugins/journald-query/unit-test/run b/check-plugins/journald-query/unit-test/run index 406109c9b..c842a7194 100755 --- a/check-plugins/journald-query/unit-test/run +++ b/check-plugins/journald-query/unit-test/run @@ -70,7 +70,7 @@ class TestCheck(unittest.TestCase): self.assertEqual(stderr, '') self.assertEqual(retc, STATE_OK) - def test_events_above_threshold_EXAMPLE03a(self): + def test_events_above_threshold_EXAMPLE03b(self): stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(self.check + ' --count=2 --test=stdout/EXAMPLE03,,0')) self.assertIn('3 events. Latest event at 2022-07-28 14:29:48 from iscsid, level err: `iSCSI daemon with pid=865 started!` [WARNING]', stdout) self.assertIn('Timestamp ! Unit ! Prio ! Message', stdout) From 755c423ae992eee231de99418066bf10912714d0 Mon Sep 17 00:00:00 2001 From: "Kamil Mankowski (kam193)" Date: Sat, 21 Dec 2024 18:43:07 +0100 Subject: [PATCH 3/3] feat(journald-query) Add support for field matching --- check-plugins/journald-query/README.rst | 4 ++++ check-plugins/journald-query/journald-query | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/check-plugins/journald-query/README.rst b/check-plugins/journald-query/README.rst index 1d58badb8..8e828bf3c 100644 --- a/check-plugins/journald-query/README.rst +++ b/check-plugins/journald-query/README.rst @@ -43,6 +43,7 @@ Help [--priority PRIORITY] [--severity {warn,crit}] [--since SINCE] [--test TEST] [--unit UNIT] [--user-unit USER_UNIT] [--count COUNT] + [--match MATCH] Query the systemd journal and alert on any events found. For help on any of the journalctl-specific parameters, see `man journalctl`. @@ -89,6 +90,9 @@ Help session unit. This parameter can be specified multiple times. Default: None --count COUNT Number of events to trigger the state. Default: 1 + --match MATCH journalctl: Filter journal entries by specific fields' + values. Should be in the format "FIELD=VALUE", see + `man journalctl` for details. Usage Examples diff --git a/check-plugins/journald-query/journald-query b/check-plugins/journald-query/journald-query index 1b717d7a9..e955d5571 100755 --- a/check-plugins/journald-query/journald-query +++ b/check-plugins/journald-query/journald-query @@ -185,6 +185,16 @@ def parse_args(): type=lib.args.int_or_none, ) + parser.add_argument( + '--match', + help='journalctl: Filter journal entries by specific fields\' values.' + ' Should be in the format "FIELD=VALUE", see `man journalctl` for ' + 'details.', + action='append', + default=[], + dest='MATCH', + ) + return parser.parse_args() @@ -264,6 +274,11 @@ def main(): cmd += '--user-unit="{}" '.format(unit) if args.GREP is not None: cmd += ' --grep="{}" '.format(args.GREP) + if args.MATCH is not None: + for match in args.MATCH: + if match.find('=') == -1: + lib.base.cu('Invalid match specification: {}'.format(match)) + cmd += ' "{}" '.format(match) cmd = cmd.strip() stdout, stderr, retc = lib.base.coe(lib.shell.shell_exec(cmd)) # pylint: disable=W0612 if stderr: