4

Fedora OS introduces journalctl as the new way to log error messages. I learn about this recently when I performed an upgrade. var/log/messages and many other log files are now combined into a .journal file within the var/log/journal directory.

I have a custom log that was created specially to log critical errors using the old rsyslog:

*.crit  /var/log/critical/log

This file will be emailed to me and rotated every hour using a cron job as long as there is an error. Now, how would this be done using journalctl? The options in journald.conf seems pretty limited. Do I still require rsyslog to do this?

Question Overflow
  • 2,023
  • 7
  • 28
  • 44

2 Answers2

3

This command produces a similar output

journalctl --since="$(date '+%Y-%m-%d %H:%M:%S' -d '1 hour ago')" --priority=crit --quiet
Matthew Ife
  • 22,927
  • 2
  • 54
  • 71
  • Let me guess. You are suggesting that I run the above command with cron? – Question Overflow Dec 28 '13 at 13:46
  • Yeah, if you put it directly in cron, note that the '%' have special significance in cron, replace with '%%'. – Matthew Ife Dec 28 '13 at 17:49
  • Thanks, this is useful. I read through the man page, but the command you wrote within `--since` is not documented anywhere. Can you elaborate further what the `$` sign and `-d` does? Thanks. – Question Overflow Dec 29 '13 at 02:44
  • 3
    On my Fedora Server 25 system I was able to avoid running "date". This is my cron job: `@hourly journalctl --since="1 hour ago" --priority=warning --quiet` – Robpol86 Mar 03 '17 at 01:04
1

FWIW I've written a small program, journal-brief, to give a briefing of journal messages since the last time it was run.

https://github.com/twaugh/journal-brief

If you run it from cron (e.g. journal-brief -p err) you'll be mailed its output.

It bookmarks where it was up to by remembering the journal cursor, so it won't send duplicate log entries.

Tim Waugh
  • 11
  • 2
  • This tool is fabulous, and I've just sent a PR to add support for sending the output via email so that there is no need to run it through 'cron' or a similar tool. – Kevin P. Fleming Jun 18 '20 at 11:39