使用通用的journalctl命令,会出现以下日志行:
[root@bee server]# journalctl -n -- Logs begin at Mon 2015-01-26 19:44:33 EET, end at Wed 2015-06-10 21:41:12 EEST. -- ... Jun 10 21:41:12 bee ownCloud[25476]: {core} Login failed: 'ewrf' (Remote IP: '172.16.0.2', X-Forwarded-For: '') 我怎么能用-u选项来达到这个ownCloud行,又名_SYSTEMD_UNIT ?
[root@bee server]# journalctl -u ownCloud -- Logs begin at Mon 2015-01-26 19:44:33 EET, end at Wed 2015-06-10 22:01:02 EEST. --
我需要在fail2ban的相关owncloud筛选器文件中指定journalmatchvariables。
[root@bee server]# cat /etc/fail2ban/filter.d/owncloud-login.conf [Definition] failregex = {"app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"} Ignoreregex = [Init] # "maxlines" is number of log lines to buffer for multi-line regex searches maxlines = 10 journalmatch = _SYSTEMD_UNIT=ownCloud
我可以使用正则expression式吗? 怎么样?
$man journalctl ... -u, --unit=UNIT|PATTERN Show messages for the specified systemd unit UNIT (such as a service unit), or for any of the units matched by PATTERN. If a pattern is specified, a list of unit names found in the journal is compared with the specified pattern and all that match are used. For each unit name, a match is added for messages from the unit ("_SYSTEMD_UNIT=UNIT"), along with additional matches for messages from systemd and messages about coredumps for the specified unit. ...
我在ArchLinux的uWSGI / Nginx下运行自己的云,而我的journalctl条目显示uwsgi时,实际的系统单元名称是[email protected] 。 您应该能够使用下面的命令找出正确的_SYSTEMD_UNIT名称。 该命令将查找与通配符单元名称匹配的单个条目,然后以JSON格式输出。
journalctl -u *ownCloud* -n 1 --output json --no-pager