Small System Monitoring Script

Avi Alkalay Linux & Open Source

Here is a short shell script to show last logins from SSH, XRDP, SUDO and Cockpit. In addition it show potential disk problems from S.M.A.R.T.

#!/bin/sh

default_since='-1days'
default_priority=info

read -r -d "" data << END_OF_DATA
System login^systemd-logind^New session
XRDP^xrdp-sesman^logged in|Received system login request^-20days
Cockpit login^cockpit-session^session opened
SUDO^sudo^session opened
Storage problems^smartd^uncorrectable|unreadable^-1days
END_OF_DATA


IFS="^"
echo "$data" | while read title slid grep since priority; do
        effective_since=$default_since
        effective_priority=$default_priority
        [[ -n "$since" ]] && effective_since=$since
        [[ -n "$priority" ]] && effective_priority=$priority

        echo $title
        journalctl \
                --no-pager \
                --no-tail \
                --since=$effective_since \
                --priority=$effective_priority \
                --reverse \
                "--grep=$grep" \
                -- SYSLOG_IDENTIFIER=$slid

        echo; echo
done

I made it with the help of Cockpit Logs feature that shows the actual command being executed based on how you configure it.

The most important part of the script is the journalctl command. Everything else are defaults, the list of desired syslog identifiers and what to extract from them, and output formatting.

Leave a Reply

Your email address will not be published. Required fields are marked *