Configuration example for 'system_notifier' plugin

[dantefromhell]

I've recently ran into an issue that required me to monitor my systemd logs more consistently and the system_notifier plugin sounded like exactly my thing.

Sadly my python skills are a bit too rusty to reverse engineer the correct syntax for configuring matching rules. Plus I seem to had a problem with one of the regexes.

In all I wished there would have been a working configuration example ;-)

[fdev31]

Would you like to help maturing it?
I didn't release it because it doesn't work well enough to my taste, so maybe it's too complex to use or something like this (I didn't spend too much time testing it, but my current config gives poor results, only one "rule" works and it shows many times which is not what I want, but my config is also quite poor....) if you have a practical scenario you can easily play with and provide some valuable feedback, suggestions, ideas, etc... you are very welcome...
My configuration is, hoping it's self explanatory,
note that:

sources are programs returning logs, they are provided to a parser.

parsers are list of rules (hence the [[ ]]) which consist in apattern detecting lines of interest and optionally reformatting it with a filter.

[system_notifier]
# Active sources
sources = ["kernel_logs", "user_logs", "system_logs"]

# Sources

[system_notifier.source.kernel_logs]
command = "sudo journalctl -fkn"
parser = "journal"

[system_notifier.source.system_logs]
command = "sudo journalctl -fxn"
parser = "journal"

[system_notifier.source.user_logs]
command = "journalctl --user -fxn"
parser = "journal"

# Parsers

## Journal

[[system_notifier.parsers.journal]]

pattern = '.*systemd-networkd\[\d+\]: ([a-z0-9]+): Link (UP|DOWN)$'
filter = 's/.*\[\d+\]: ([a-z0-9]+): Link (UP|DOWN)/\1 is \2/'

[[system_notifier.parsers.journal]]
pattern = '.*systemd-coredump\[\d+\]:.* Process \d+ [(]([^)]+)[)] of .* dumped core\.$'
filter = 's/.*Process \d+ \(([^)]+)\) of .* dumped core./\1 dumped core/'

[[system_notifier.parsers.journal]]

pattern = '.*usb \d+-[0-9.]+: Product: (.*)'
filter = 's/.*usb \d+-[0-9.]+: Product: (.*)/USB plugged: \1/'

Only the last rule works for me in this config... and I didn't try to debug my rules or code yet to understand why... the multiple messages are maybe not a bug depending on each the content of of the logs I source, but I didn't check it either...
Something not requiring python skills that can be very useful:
use cat in commands to feed known logs and understand what's wrong, if it's the config or the code...

Could be something with newlines too, and the last rule don't have an explicit end-of-line character "$".
Maybe regex aren't ideal for that, it can turn quite complex... but it's very handy in the filter and allows some harmony...

[fdev31]

I had a look, the code was quite wrong... expect an update in the next days, I'll probably release it.

[fdev31]

Check the latest git version + wiki ;)