[systemd-devel] Looking for experiences formalizing an API for journal messages
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Jul 30 08:47:20 PDT 2015
On Thu, Jul 30, 2015 at 10:56:42AM -0400, Anne Mulhern wrote:
> > On Wed, Jul 29, 2015 at 03:02:26PM -0400, Anne Mulhern wrote:
> > > What I'm wondering about is the existence of some processes (not systemd),
> > > that have an
> > > agreement on a set of key-value pairs that they communicate with through
> > > the journal.
> >
> > There was work done on converting abrt to use the journal. We extended
> > our set of metadata fields for coredumps which were already used internally
> > by coredumpctl (see
> > http://cgit.freedesktop.org/systemd/systemd/commit/?id=3f132692e3).
> > I think this work is not finished yet, because of some issues that abrt
> > would have to copy the coredump file (?), but abrt is becoming an external
> > consumer.
>
> Thanks! That's a helpful datapoint.
>
> > fail2ban has a "systemd" backend which uses the journal. It uses the
> > python API for journal to add matches (the mechanism is general and
> > the matches themselves are specified by filters). This is the same
> > functionality
> > that journalctl uses.
>
> I did take a look at fail2ban. I didn't study it in depth, but it looks
> like it processes journal entries into a different format and then does
> regular expression matching on the result. So it didn't really feel like
> a good example for what I had in mind.
It seems to have (https://github.com/fail2ban/fail2ban/blob/HEAD/fail2ban/protocol.py)
["set <JAIL> addjournalmatch <MATCH>", "adds <MATCH> to the journal filter of <JAIL>"],
so it looks like it is at least possible. I don't know if it is used.
> I've been exercising the systemd-python package a little and AFAICT it's
> a pretty straightforward mapping onto the journal C API, with a few extra
> bits from the journalctl front-end thrown in for convenience.
That's a valid description.
Zbyszek
More information about the systemd-devel
mailing list