Latest version: 0.2.1
You can find the source code on this GitHub, where you can also report bugs, send suggestions or other (constructive) feedback.
What is journal-triggerd ?
journal-triggerd is a small daemon that runs in the background, listening to systemd's journal, and will run "triggers" (i.e. exec a given command line) when certain messages are added.
Which messages to listen for, and what action to run when such messages are added, is simply define via rules.
Rules are defined in (UTF8 encoded) text files, whose names must end with .rule and placed in /etc/journal-triggerd.rules
Any file whose name not end in .rule will be ignored. Files are not processed in any defined order, neither will rules be processed in any given order; Not that it should matter, since all rules are always processed against every new message added to the journal.
A rule is composed of two things : a filter, used to match messages added to the journal, and a trigger, to be run when match occurs.
Rule File Format
Rule files have a syntax similar to that of conf/INI files, or systemd's unit files. A section [Rule] must exist, where filter/trigger be defined.
The trigger is simply a command line, define under option trigger
A filter can be either a list of conditions to match, or use boolean logic to create more complex filtering. For the former, no option under [Rule] is needed, simply create a section [Filter] and define the conditions there.
To create more complex filters, an option filer can be set under [Rule] and must be an expression that can make use of parenthesis, AND, OR and NOT as well as named filters/groups.
Those names are case-sensitive names of sections that must exist in the file, where a list of conditions will be defined.
For example, one could use:
filter=foobar AND (foo OR bar) AND NOT barfoo
And there must be sections [foobar], [foo], [bar], and [barfoo] defined in the rule file, all of which defining one or more conditions to be matched.
It is of course possible to only use one group name, i.e. when no option filter is set, it defaults to filter=Filter
Define multiple rules in one file
As a facility it is possible to define multiple rules from a single file, thus allowing to use the same groups in different filters. To do so, simply create an option filterXXX with a matching triggerXXX
[Rule] filter_foo=foo AND NOT foobar trigger_foo=foobar --foo filter_bar=bar AND NOT foobar trigger_bar=foobar --bar filter=foobar AND (foo OR bar) trigger=foobar --foobar
The heart of a filter is a group of conditions, defined simply as a section in
the rule file. All conditions are simply the name of a field from the journal,
an optional comparison operator before the required equal sign (
=), and the
value to compare with.
The supported operators are :
=The field must be of the specified value.
?You can use
?wildcards with similar semantics as the standard glob functions:
*matches an arbitrary, possibly empty, string,
?matches an arbitrary character.
<The value must be an integer, the value of the field will also be parsed as an integer value, and must be less than or equal to the specified value to match.
>The value must be an integer, the value of the field will also be parsed as an integer value, and must be greater than or equal to the specified value to match.
You can specify as many conditions as you want in each group; All will need to be a match for the entire group to be a match. You can specify conditions on the same field multiple times.
It is also possible to prefix the comparison operator with a
! in order to
inverse the match, i.e. the field shall not match the condition for it to be a
[Filter] PRIORITYE<=3 MESSAGE!=Some message to ignore MESSAGE!=Another message to ignore