Is there a good tool or could there be a good tool to get notified about errors/strings in logs?
I have a few of scripts that basically check logs for errors or strings and run notify-send to let me know when certain things happen, but it feels hacky, especially for something that should be a fairly standard task.
Things I monitor:
user journalctl for errors
system jounralctl for errors
system jounralctl for apparmor denials
system jounralctl for logged firewall notifications
system jounralctl for logged outbound firewall notifications
But doing it with notify-send isn’t great because it lacks:
Throttling notifications
Click to take actions
View logs in klogviewer
Launch aa-logprof
Launch some ufw script
Snooze a class of notification
Proper marking and processing of logs (I just use —since “X minutes ago” and run my jobs every X minutes)
It also feels kind of dumb to use fancy tools like journalctl to store logs, then resort to basically dumping the whole log and grepping it multiple times.
Am i missing something?
Is there an existing tool/is my usecase too niche?
I just use scripts and cron jobs, or systemd services for that kind of thing.
Not sure why you would think it was dumb, its far easier and quicker to manipulate something from the terminal when you know and understand the commands rather than trying to point and click various interface options to set something up in a GUI.
Learn grep, sed, awk along with your built-in shell syntax, commands, functions, and aliases and you can do almost anything.
You could even use kdialog if you want to pop them out to a GUI notification.
One approach could be to check traditional monitoring solutions. e.g. those used for server monitoring, and see if they can somehow be told “output” to desktop.
They should have the necessary capabilities, configurable rules and matches, different urgency levels and notification rate limitation.
Thanks @jinliu I’ll try jouno
** @krake what would you recommend for server monitoring? I use monit for my homeserver and splunk at work, but monit isn’t great for checking logs and splunk/elk seems overkill (and ends up taking a bunch of time to fine tune anyway)
I don’t really have any recommendation as I don’t run any servers myself at the moment.
Sometimes there are multiple paths to a solution. In this case adding monitoring to a log viewer, alternatively adding desktop integration to a monitoring system.
it doesn’t seem out of scope to write a bash script to add this kind of feature set to the notify-send feature, the GUI could be done entirely using kdialog
seems like a months worth of scripting and it could be available in the kde store (if i had the time).