Projet

Général

Profil

Révision cdb82255

IDcdb82255e9151f42176d36da1d7817bf83d51b81
Parent e178be64
Enfant 8f68d6e6

Ajouté par Thomas Riccardi il y a plus de 7 ans

sshd_log: allow multiple journalctl args

Useful for multiple filtering.
At the cost of not being able to pass spaces properly in args, but
that's uncommon.

Voir les différences:

plugins/ssh/sshd_log
25 25 

  		




  26
  26
  
    
If the "logfile" environment variable is set to "journald" the sshd


  		




  27
  27
  
    
logs are read from journald, filtering on program "sshd". The filtering


  		




  28
  
  
    
may be changed using "journalctlarg".


  		




  
  28
  
    
may be changed using "journalctlargs".


  		




  29
  29
  
    

  		




  30
  30
  
    

  		




  31
  31
  
    
Config examples for /etc/munin/plugin-conf.d/munin-node:


  		




  ......




  46
  46
  
    
  [sshd_log]


  		




  47
  47
  
    
      group systemd-journal


  		




  48
  48
  
    
      env.logfile journald


  		




  49
  
  
    
      env.journalctlarg --unit=sshd.service


  		




  
  49
  
    
      env.journalctlargs --unit=sshd.service


  		




  50
  50
  
    

  		




  51
  51
  
    
=head1 MAGIC MARKERS


  		




  52
  52
  
    

  		




  ......




  70
  70
  
    

  		




  71
  71
  
    

  		




  72
  72
  
    
LOG=${logfile:-/var/log/secure}


  		




  73
  
  
    
JOURNALCTL_ARG=${journalctlarg:-_COMM=sshd}


  		




  
  73
  
    
JOURNALCTL_ARGS=${journalctlargs:-_COMM=sshd}


  		




  74
  74
  
    

  		




  75
  75
  
    

  		




  76
  76
  
    
if [ "$1" = "autoconf" ]; then


  		




  77
  77
  
    
        if [ "$LOG" = "journald" ]; then


  		




  78
  
  
    
                if journalctl --no-pager --quiet --lines=1 "$JOURNALCTL_ARG" | read -r DUMMY; then


  		




  
  78
  
    
                # shellcheck disable=SC2086,SC2034


  		




  
  79
  
    
                if journalctl --no-pager --quiet --lines=1 $JOURNALCTL_ARGS | read -r DUMMY; then


  		




  79
  80
  
    
                        echo "yes"


  		




  80
  81
  
    
                else


  		




  81
  
  
    
                        echo "no (journald empty log for '$JOURNALCTL_ARG' not found)"


  		




  
  82
  
    
                        echo "no (journald empty log for '$JOURNALCTL_ARGS' not found)"


  		




  82
  83
  
    
                fi


  		




  83
  84
  
    
        else


  		




  84
  85
  
    
                if [ -r "$LOG" ]; then


  		




  ......




  151
  152
  
    
fi


  		




  152
  153
  
    

  		




  153
  154
  
    
if [ "$LOG" = "journald" ]; then


  		




  154
  
  
    
        journalctl --no-pager --quiet --show-cursor ${CURSOR:+"--after-cursor=$CURSOR"} "$JOURNALCTL_ARG"


  		




  
  155
  
    
        # shellcheck disable=SC2086


  		




  
  156
  
    
        journalctl --no-pager --quiet --show-cursor ${CURSOR:+"--after-cursor=$CURSOR"} $JOURNALCTL_ARGS


  		




  155
  157
  
    
else


  		




  156
  158
  
    
        cat "$LOG"


  		




  157
  159
  
    
fi | \


  		












Formats disponibles :  Unified diff