I've listed flows for scrapers I'm most familiar with. If you want to list out others, please feel free to file a pull request!
-
Run the installer.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bash -s -g grafana-agent -
Configure your Grafana Agent to scrape the service using the API key file generated from earlier as the password file.
# Add this to the `scrape_configs:` section of your Prometheus config - job_name: journald-exporter basic_auth: username: metrics password_file: /etc/prometheus-keys/journald-exporter.key static_configs: - targets: - localhost:12345
-
Restart your local agent.
sudo systemctl restart grafana-agent.service
Once you've done all of this, metrics should start flowing within a few minutes.
This is essentially the same whether you're using it in agent mode or server mode.
-
Run the installer.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bash -s -g prometheus -
Configure your Prometheus instance to scrape the service using the API key file generated from earlier as the password file.
# Add this to the `scrape_configs:` section of your Prometheus config - job_name: journald-exporter basic_auth: username: metrics password_file: /etc/prometheus-keys/journald-exporter.key static_configs: - targets: - localhost:12345
-
Restart your local Prometheus service.
sudo systemctl restart prometheus.service
Once you've done all of this, metrics should start flowing within a few minutes.
This is essentially the same whether you're using it in agent mode or server mode.
-
Provision a certificate + private key pair. In the next step,
$certis the path to that certificate, and$privis the path to its corresponding private key. -
Run the installer.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bash -s -C $cert -K $priv
-
Poke a hole in your firewall for port 12345 to allow inbound connections from it.
-
Copy
/etc/prometheus-keys/journald-exporter.keyfile to your remote instance. -
Configure your Prometheus instance to scrape the service using the API key file generated from earlier as the password.
# Add this to the `scrape_configs:` section of your Prometheus config - job_name: journald-exporter basic_auth: username: metrics # You may need to change this to wherever you saved it on your remote # Prometheus instance. password_file: /etc/prometheus-keys/journald-exporter.key scheme: https static_configs: - targets: # Set this to whatever the host in question is. - your-host.example.com:12345
-
Restart your remote Prometheus service.
sudo systemctl restart prometheus.service
Once you've done all of this, metrics should start flowing within a few minutes.
It'll depend on what you're using.
-
Run the installer.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bashIf you can, set the key's owning group to the
$groupyour scraper runs under by passing-s -g $groupat the end. It'll save you achgrp $group /etc/prometheus-keys/journald-exporter.keycommand and some time.# Alternative command curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bash -s -g $group
-
Configure your scraper to read from the service.
- Scrape endpoint:
http://localhost:12345/metrics - Authorization: Basic auth
- Username:
metrics - Password: the contents of
/etc/prometheus-keys/journald-exporter.key(prefer to pass a file name instead of its contents if you can, for security reasons)
- Scrape endpoint:
Once you've done all of this, metrics should start flowing within a few minutes.
It'll depend on what you're using.
-
Provision a certificate + private key pair. In the next step,
$certis the path to that certificate, and$privis the path to its corresponding private key. -
Run the installer.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/install.sh | sudo bash -s -C $cert -K $priv
If your scraper is local, pass
-g SCRAPER_GROUPif you can to set the owning key to the right group right off the bat. It'll save you achgrp SCRAPER_GROUP /etc/prometheus-keys/journald-exporter.keycommand and some time. -
Poke a hole in your firewall for port 12345 to allow inbound connections from it.
-
Configure your scraper to read from the service.
- Scrape endpoint:
https://localhost:12345/metrics - Authorization: Basic auth
- Username:
metrics - Password: the contents of the local
/etc/prometheus-keys/journald-exporter.key(prefer to pass a file name instead of its contents if you can, for security reasons)
- Scrape endpoint:
Once you've done all of this, metrics should start flowing within a few minutes.
Of course, this can still be installed manually. It's tedious, as you can see, but you do get full control.
This assumes a basic understanding of shell commands and shell variables.
-
If you plan to scrape from a remote machine, provision a certificate + private key pair. Place the certificate at
/etc/journald-exporter/cert.keyand the private key at/etc/journald-exporter/priv.key. -
Download the latest binary and install it somewhere in your
$PATH./usr/sbin/journald-exporteris recommended, as that's what the update script assumes.# Assumes `journald-exporter` is in the current directory and `/usr/sbin` # is in your default `$PATH` # Note: you have to use `mv` to replace the file to avoid "text file busy" # file access errors on update chmod 755 journald-exporter sudo cp journald-exporter journald-exporter.tmp sudo mv journald-exporter.tmp /usr/sbin/journald-exporter
-
Set up a
journald-exportersystem user with same-named group. No home directory is needed.sudo useradd --system --user-group journald-exporter
This username is hard-coded into the exporter. If you really want a different name, you'll have to update the source code and recompile it.
-
Place a systemd service unit file in
/etc/systemd/system/journald-exporter.servicewith the following contents:[Unit] Description=journald-exporter Documentation=https://github.com/dead-claudia/journald-exporter # Couple conditions so it doesn't immediately bork on startup. The program also # checks for the directory, but this avoids having to reset the failure counter # in case it fails for whatever reason. After=network.target # Asserting here as it's pretty important to make sure metrics are flowing. AssertPathIsDirectory=/etc/journald-exporter/keys # So it'll run on startup. [Install] WantedBy=default.target [Service] Type=notify ExecStart=/usr/sbin/journald-exporter --key-dir /etc/journald-exporter/keys --port 12345 # Use this instead if you have an HTTPS certificate provisioned #ExecStart=/usr/sbin/journald-exporter --key-dir /etc/journald-exporter/keys --port 12345 --certificate /etc/journald-exporter/cert.key --private-key /etc/journald-exporter/priv.key WatchdogSec=5m Restart=always # And a number of security settings to lock down the program somewhat. NoNewPrivileges=true ProtectSystem=strict ProtectClock=true ProtectKernelTunables=true ProtectKernelModules=true ProtectKernelLogs=true ProtectControlGroups=true MemoryDenyWriteExecute=true SyslogLevel=warning SyslogLevelPrefix=false
If you want, or need, to change the key directory or port number, this is where you'll need to configure it.
-
Make the
/etc/journald-exporter/keysdirectory mentioned above, with an owner of root and permissions of 755 (user has all perms, everyone else has only read/execute). This is where you'll put your API keys.sudo mkdir --mode=755 /etc/journald-exporter/keys
-
Create an API key (must be pure hexadecimal but may be surrounded by whitespace in the file) and copy it to
/etc/journald-exporter/keyswith an owner of root and permissions of 600 (root can read and write, nobody else can access).key_name="$(date -uIseconds).key" sudo openssl rand -hex -out "$key_name" 32 sudo chmod 600 "$key_name" sudo mv "$key_name" "/etc/journald-exporter/keys/$key_name"
You'll also want to copy this key - you'll need it later. You can use the following (using
$namefrom above) to set up the key for a local Prometheus instance:sudo mkdir -p /etc/prometheus-keys sudo cp "/etc/journald-exporter/keys/$name" /etc/prometheus-keys/journald-exporter.key sudo chgrp $prometheus_user /etc/prometheus-keys/journald-exporter.key sudo chmod 640 /etc/prometheus-keys/journald-exporter.key
-
Start the service.
sudo systemctl start journald-exporter.service
-
If you plan to scrape from a remote machine, poke a hole in your firewall to allow inbound connections from port 12345.
-
Configure your scraper to read from the service.
- Scrape endpoint:
http://localhost:12345/metricsorhttps://your-host.example.com:12345/metricsas applicable - Authorization: Basic auth
- Username:
metrics - Password: the contents of the local
/etc/prometheus-keys/journald-exporter.key(prefer to pass a file name instead of its contents if you can, for security reasons)
- Scrape endpoint:
Once you've done all of this, metrics should start flowing within a few minutes.
To update, just reinstall the binary per the first installation step and restart the service via systemctl restart journald-exporter.service.
Just run this command. Doesn't matter what you're using to scrape it with.
curl https://raw.githubusercontent.com/dead-claudia/journald-exporter/main/update.sh | sudo bashYou can also download that script and just run it locally if you prefer.
It's also easy to do manually:
- Download the latest release.
- Take the file, make a copy on the same partition as the root binary if needed, and rename it to
/usr/sbin/journald-exporter. (This avoids permissions errors, since you can't directly write to a running executable.) - Restart the service:
sudo systemctl restart journald-exporter.service
You'll need to have the existing certificates handy. Should take very little time to swap them out.
- Replace the certificate at
/etc/journald-exporter/cert.keywith the new certificate. - Replace the private key at
/etc/journald-exporter/priv.keywith the new private key. - Restart the service:
sudo systemctl restart journald-exporter.service