[Pkg-nagios-devel] Bug#1060859: monitoring-plugins-check-logfiles: Add abiltiy to search systemd journals by syslog identifiers

John Lines john+reportbug at paladyn.org
Mon Jan 15 19:32:23 GMT 2024 

Package: monitoring-plugins-check-logfiles
Version: 4.1.1-3
Severity: wishlist
Tags: patch upstream

Dear Maintainer,

I scan mail logs for Deliverable Status Notifications for 'dsn=5.7" on
my delivery server, so if some recipient starts blocking the server I
can start investigating and switch to a different outbound server before
users start to report that 'mail is not working'.

For systems where mail logs are in /var/log/mail.log this is simple, but
where they are in the systemd journal a scan which looks only at, in
this case, entries with a SYSLOG_IDENTIFIER of 'postfix/smtp' is more
effective.

The attached patch allows an argument of 
 --type=journald:identifier='postfix/smtp'
to be specified.

-- System Information:
Debian Release: 12.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-17-amd64 (SMP w/24 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages monitoring-plugins-check-logfiles depends on:
ii  perl  5.36.0-7+deb12u1

monitoring-plugins-check-logfiles recommends no packages.

monitoring-plugins-check-logfiles suggests no packages.

-- no debconf information
-------------- next part --------------
--- check_logfiles	2023-01-20 22:18:33.000000000 +0000
+++ check_logfiles_journal_identifier	2024-01-15 18:10:54.103892826 +0000
@@ -8,6 +8,8 @@
 #          tivoli config files and
 #          return it as hash structure
 #
+# John Lines  update to filter on journald:identifier
+#  to allow, for example --type=journald:identifier='postfix/smtp'
 package Nagios::Tivoli::Config::Logfile;
 
 use strict;
@@ -5685,6 +5687,7 @@
   if ($self->{journaldunit} and $self->{tag} eq "default") {
     $self->{tag} = $self->{journaldunit};
   }
+  $self->{journaldidentifier} = $params->{journald}->{identifier};
   $self->default_options({ exeargs => "", });
   $self->SUPER::init($params);
 }
@@ -5708,6 +5711,9 @@
     if ($self->{journaldunit}) {
       $cmdline = $cmdline." --unit '".$self->{journaldunit}."'";
     }
+    if ($self->{journaldidentifier}) {
+      $cmdline = $cmdline." --identifier '".$self->{journaldidentifier}."'";
+    }
     $cmdline = $cmdline." --since '".strftime("%Y-%m-%d %H:%M:%S", localtime($self->{journald}->{since}))."'|";
     if ($fh->open($cmdline)) {
       push(@{$self->{relevantfiles}},

More information about the Pkg-nagios-devel mailing list