Paul Wise <p...@debian.org> writes:
> On Tue, 2021-11-16 at 17:57 -0500, Zack Weinberg wrote:
>> Do you know of a tool that does what logcheck does, but operating
>> directly on the journal? Logcheck is the only reason I still have
>> rsyslog installed on the servers I maintain.
>
> https://github.com/cyberitsolutions/journalcheck
^ This is me.
The main limitation is journald's choice of HTTPS pull instead of RELP push:
https://github.com/cyberitsolutions/journalcheck/blob/master/debian/control#L20-L22
journalcheck also includes a cleanup/rewrite of syslog-summary, and
it accepts logcheck-database as-is.
IIRC it also includes some tricks to get a 1000-fold speedup compared to
stock logcheck (by working around some GNU grep performance tradeoffs).
I haven't pursued getting it into Debian because
what I have is Good Enough For MeTM.
If other people are interested I'm happy to just hand over the project.
Or I can afford a couple of contact hours a month.
PS: I don't read this ML regularly, so please CC me any followups.
