{ config, pkgs, ... }: { # Systemd Journal Monitoring. # Alternative: # journal-biref # https://github.com/twaugh/journal-brief # https://opensource.com/article/20/7/systemd-journals-email # Write to Systemd Journal: # echo 'hello' | systemd-cat -p emerg # echo 'hello' | systemd-cat -t someapp -p emerg # View Systemd Journal. # Output similar to dmesg # journalctl -b -k # Filter by app: # journalctl -b -t someapp # Filter by priority: # journalctl -b -p 5 # Manually execute journalwatch timer: # sudo systemctl start journalwatch.service # Find a message and view its details # journalctl -b -p5 -o json-pretty # Then press "/" and enter a pattern, then press "Enter". assertions = [{ assertion = config.services.opensmtpd.enable; message = "journalwatch requires a configured sendmail MTA, see sendmail-mta.nix."; }]; services.journalwatch = { enable = true; # TODO: Same as configured by sendmail MTA. mailFrom = "langbein@mail.de"; mailTo = "daniel+journalwatch@systemli.org"; #interval = "hourly"; # Lowest priority of message to be considered. A value between 7 (“debug”), and 0 (“emerg”). Defaults to 6 (“info”). If you don't care about anything with “info” priority, you can reduce this to e.g. 5 (“notice”) to considerably reduce the amount of messages without needing many filterBlocks. priority = 5; # Default patterns: https://github.com/The-Compiler/journalwatch/blob/363725ac4b8aa841d87654fa8a63403a59ad1275/journalwatch.py#L71 # If the value of `match` starts and ends with a slash, it is interpreted as a regular expression, if not, it's an exact match. # `filters` are always regular expressions. # All regular expressions have to match the full string! filterBlocks = [ # # _TRANSPORT # { # yodaNas filters = '' booting system configuration /nix/store/\S+\.05pre-git ''; match = "_TRANSPORT = kernel"; } # # _EXE # { # yodaNas filters = '' # Ignore any invocation of sudo. .* ''; match = "_EXE = //nix/store/[a-z0-9]+-sudo-[0-9]+\.[0-9]+\.[0-9]+[a-z0-9]+/bin/sudo/"; } # # _SYSTEMD_CGROUP # { # yodaYoga filters = '' parent not found! continent_id [0-9]+ ''; match = "_SYSTEMD_CGROUP = /system.slice/docker.service"; } # # IMAGE_NAME # { # yodaYoga filters = '' \[BABEL\] Note: The code generator has deoptimised the styling of \S+ as it exceeds the max of 500KB\. ''; match = "IMAGE_NAME = /biketripplanner/digitransit-ui:\S+/"; } { # yodaNas # TODO: logged IP is not the public one, but always 172.24.0.6 filters = '' Could not yet connect with DB\. Retrying in 10s \.\.\. [0-9] \[>---------------------------\] [0-9] \[>---------------------------\] # 1.1.1.1 - 28/Sep/2023:21:03:39 +0000 "GET /status.php" 200 # 1.1.1.1 - 28/Sep/2023:21:12:16 +0000 "GET /index.php" 200 # 1.1.1.1 - my-username 28/Sep/2023:21:20:16 +0000 "DELETE /index.php" 200 [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(GET|DELETE) /(index|status)\.php" 200 # 1.1.1.1 - my-username 28/Sep/2023:21:10:18 +0000 "PROPFIND /remote\.php" 207 [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "(DELETE|GET|HEAD|MKCOL|MOVE|OPTIONS|PROPFIND|PUT|REPORT) /remote\.php" (200|201|204|207|401|404) # 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304 # 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304 [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ - \S* \S+ \+0000 "GET /ocs/(v1|v2)\.php" (200|304) ''; match = "IMAGE_NAME = p1st/nextcloud:stable-fpm-alpine"; } { # yodaNas filters = '' \S+ browserless:server Health check stats: CPU [0-9]+%, MEM: [0-9]+%, \S+ browserless:server Health check stats: CPU [0-9]+%,[0-9]+% MEM: [0-9]+%,[0-9]+% \S+ browserless:server Current period usage:.+ ''; match = "IMAGE_NAME = browserless/chrome"; } { # yodaNas filters = '' \S+ [0-9]+ \[Warning\] \[MY-013360\] \[Server\] Plugin mysql_native_password reported: '''mysql_native_password' is deprecated and will be removed in a future release\. Please use caching_sha2_password instead' ''; match = "IMAGE_NAME = /mysql:[0-9]+/"; } { # yodaNas filters = '' crond: USER root pid [0-9]+ cmd wget -qO- http://money\.p1st\.de:8080/api/v1/cron/\S+ > /proc/1/fd/1 2>/proc/1/fd/2 ''; match = "IMAGE_NAME = busybox"; } { # yodaNas filters = '' .* ''; match = "IMAGE_NAME = /(deluan/navidrome|ghcr\.io/dgtlmoon/changedetection\.io)/"; } # # _SYSTEMD_UNIT # { # yodaTux filters = '' .* ''; match = "_SYSTEMD_UNIT = /(bluetooth\.service|cups\.service)/"; } { # yodaYoga filters = '' # Somebody evil trying to connect over SSH ^^ error: kex_exchange_identification: read: Connection reset by peer # Somebody evil connected with a non-SSH client to the SSH server. error: kex_exchange_identification: banner line contains invalid characters # Somebody evil ... error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1\.1" error: kex_exchange_identification: Connection closed by remote host error: PAM: Authentication failure for \S+ from \S+ fatal: Timeout before authentication for \S+ port [0-9]+ ''; match = "_SYSTEMD_UNIT = sshd.service"; } { # yodaTux, yodaYoga filters = '' The system will suspend now! The system will power off now! System is powering down\. ''; match = "_SYSTEMD_UNIT = systemd-logind.service"; } { # yodaTux filters = '' Reexecuting\. (finished )?switching to system configuration /nix/store/.+-nixos-system-.+-[0-9]+\.[0-9]+pre-git ''; match = "_SYSTEMD_UNIT = user@0.service"; } { # yodaTux filters = '' Reexecuting\. (finished )?switching to system configuration /nix/store/.+-nixos-system-.+-[0-9]+\.[0-9]+pre-git ''; match = "_SYSTEMD_UNIT = user@1000.service"; } { # yodaTux filters = '' Reloading rules Collecting garbage unconditionally\.\.\. Loading rules from directory /.+ Finished loading, compiling and executing [0-9]+ rules ''; match = "_SYSTEMD_UNIT = polkit.service"; } { # yodaTux filters = '' .+ error name="org\.bluez\.MediaEndpoint1\.Error\.NotImplemented" .+ # Open issue: https://github.com/NixOS/nixpkgs/issues/79220 Unknown (username|group) .+ in message bus configuration file ''; match = "_SYSTEMD_UNIT = dbus.service"; } { # yodaTux filters = '' Mounted /dev/\S+ at /\S+ on behalf of uid [0-9]+ Cleaning up mount point /\S+ \(device \S+ is not mounted\) Unmounted /dev/\S+ on behalf of uid [0-9]+ Successfully sent SCSI command SYNCHRONIZE CACHE to /dev/\S+ Successfully sent SCSI command START STOP UNIT to /dev/\S+ Powered off /dev/\S+ - successfully wrote to sysfs path /sys/devices/\S+ ''; match = "_SYSTEMD_UNIT = udisks2.service"; } # # SYSLOG_IDENTIFIER # { # yodaTux. If the user `yoda` runs a command with `sudo`. filters = '' \s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+ ''; match = "SYSLOG_IDENTIFIER = sudo"; } { # yodaYoga filters = '' (finished )?switching to system configuration /nix/store/.+-nixos-system-.+-[0-9]+\.[0-9]+pre-git ''; match = "SYSLOG_IDENTIFIER = nixos"; } { # yodaYoga filters = '' \S+\.(service|scope): Consumed .+ CPU time, read .+ from disk, written .+ to disk.+ \S+\.(service|scope): Consumed .+ CPU time, received .+ IP traffic, sent .+ IP traffic\. # Shutting down\. ''; match = "SYSLOG_IDENTIFIER = systemd"; } { # yodaTux filters = '' .* ''; match = "SYSLOG_IDENTIFIER = //nix/store/.+/libexec/gdm-x-session/"; } { # yodaTux, yodaTab filters = '' # # YodaTux # # Bug. ACPI: FW issue: working around C-state latencies out of order # Kernel WiFi driver bug. #iwlwifi 0000:01:00\.0: .* iwlwifi 0000:01:00\.0: Unhandled alg: 0x707 iwlwifi 0000:01:00\.0: Not associated and the session protection is over already... iwlwifi 0000:01:00\.0: api flags index 2 larger than supported by driver # Ignore. audit: type=2000 audit([0-9]+\.[0-9]+:[0-9]+): state=initialized audit_enabled=0 res=1 ENERGY_PERF_BIAS: Set to 'normal', was 'performance' Kernel command line: initrd=\\efi\\nixos\\\S+-initrd-linux-\S+-initrd\.efi init=/nix/store/\S+-nixos-system-\S+-[0-9]+\.[0-9]+pre-git/init ip=dhcp loglevel=[0-9] Linux version \S+ \(nixbld@localhost\) \(gcc \(GCC\) \S+, GNU ld \(GNU Binutils\) \S+\) #1-NixOS SMP PREEMPT_DYNAMIC \S+ \S+ \S+ \S+ UTC \S+ random: crng reseeded on system resumption random: crng init done sd [0-9]:0:0:0: \[sd[a-z]\] [0-9]+ 512-byte logical blocks: \([0-9]+ GB/[0-9]+ (GiB|TiB)\) sd [0-9]:0:0:0: \[sd[a-z]\] [0-9]-byte physical blocks sd [0-9]:0:0:0: \[sd[a-z]\] Write Protect is off sd [0-9]:0:0:0: \[sd[a-z]\] Write cache: enabled, read cache: enabled, doesn't support DPO or FUA sd [0-9]:0:0:0: \[sd[a-z]\] Optimal transfer size [0-9]+ bytes not a multiple of preferred minimum block size ([0-9] bytes) sd [0-9]:0:0:0: \[sd[a-z]\] Attached SCSI disk sd [0-9]:0:0:0: \[sd[a-z]\] Synchronizing SCSI cache sd [0-9]:0:0:0: \[sd[a-z]\] supports TCG Opal \#3 # # YodaTab # # Ignore. mmc0: cannot verify signal voltage switch Initialise system trusted keyrings Key type asymmetric registered Asymmetric key parser 'x509' registered Loading compiled-in X\.509 certificates Key type \.fscrypt registered Key type fscrypt-provisioning registered Key type encrypted registered Bridge firewalling registered SCSI subsystem initialized scsi [0-9]:0:0:0: Direct-Access\s+ATA.+PQ: 0 ANSI: 5 scsi [0-9]:0:0:0: Direct-Access.+PQ: 0 ANSI: 6 thinkpad_acpi: Disabling thinkpad-acpi brightness events by default\.\.\. VFS: Disk quotas dquot_[0-9]\.[0-9]\.[0-9] ata1\.00: supports DRM functions and may not be fully accessible # done\. ''; match = "SYSLOG_IDENTIFIER = kernel"; } { # yodaTux filters = '' .* ''; match = "SYSLOG_IDENTIFIER = simple-scan"; } # # _SYSTEMD_USER_UNIT # { # yodaTux, yodaTab filters = '' .+ Setting AttentionNeeded to FALSE because EnsureCredentials\(\) succeded Connecting to org\.freedesktop\.Tracker3\.Miner\.Files ''; match = "_SYSTEMD_USER_UNIT = dbus.service"; } { # yodaTux filters = '' .* ''; match = "_SYSTEMD_USER_UNIT = /(org\.gnome\..+\.service|pipewire\.service|wireplumber\.service|app-gnome-org\.gnome\.Software-[0-9]+\.scope)/"; } ]; }; }