Bug#876420: Support for systemd journal as a log source

Thu, 21 Sep 2017 16:36:36 -0700 

Package: logcheck
Version: 1.3.18

I've made a change to logoutput() that allows you to add "journal" to
logcheck.logfiles in order to pull logs out of systemd journal.

(also allows for "systemd" to be listed as an alternative dependency
from system-log-daemon.

Patch attached.



>From d5a988cd7936d6ccbb9503ee0e32ca0cb2b15b9c Mon Sep 17 00:00:00 2001
From: Lee Maguire <lee-deb...@hexkey.co.uk>
Date: Fri, 22 Sep 2017 00:04:21 +0100
Subject: [PATCH] add support for journal

---
 logcheck | 43 +++++++++++++++++++++++++++++--------------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/logcheck b/logcheck
index a8c58ea..e0bcf89 100755
--- a/logcheck
+++ b/logcheck
@@ -428,20 +428,35 @@ cleanchecked() {
 
 # Get the yet unseen part of one logfile.
 logoutput() {
-    file="$1"
-
-    # There are some problems with this section.
-    debug "logoutput called with file: $file"
-    if [ -f "$file" ]; then
-	offsetfile="$STATEDIR/offset$(echo "$file" | tr / .)"
-	debug "Running $LOGTAIL on $file"
-	$LOGTAIL $LOGTAIL_OPTS -f "$file" -o "$offsetfile" \
-	    >> "$TMPDIR/logoutput/$(basename "$file")" 2>&1 \
-	    || error "Could not run logtail or save output"
-    else
-	echo "E: File could not be read: $file" >> "$TMPDIR/errors" \
-	    || error "Could not output to $TMPDIR/errors."
-    fi
+	file="$1"
+	JOURNALCTL="journalctl"
+	JOURNALCTL_OPTS=""
+
+	# There are some problems with this section.
+	debug "logoutput called with file: $file"
+	if [ -f "$file" ]; then
+		offsetfile="$STATEDIR/offset$(echo "$file" | tr / .)"
+		debug "Running $LOGTAIL on $file"
+		$LOGTAIL $LOGTAIL_OPTS -f "$file" -o "$offsetfile" \
+		    >> "$TMPDIR/logoutput/$(basename "$file")" 2>&1 \
+		    || error "Could not run logtail or save output"
+	else
+		if [ $file == "journal" ] && [ -x "$(command -v $JOURNALCTL)" ]; then
+			offsetfile="$STATEDIR/offset.$file"
+			offsettime=""
+			if [ -f "$offsetfile" ]; then
+				offsettime="--since=@$(stat -c %Y $offsetfile)"
+			fi
+			debug "Running $JOURNALCTL $JOURNALCTL_OPTS -q $offsettime"
+			$JOURNALCTL $JOURNALCTL_OPTS -q $offsettime \
+			    >> "$TMPDIR/logoutput/$file" 2>&1 \
+			    || error "Could not run journalctl or save output"
+			touch $offsetfile
+		else
+			echo "E: File could not be read: $file" >> "$TMPDIR/errors" \
+			    || error "Could not output to $TMPDIR/errors."
+		fi
+	fi
 }
 
 # Show all the cli options to our users.
-- 
2.11.0

Reply via email to