Skip to main content

systemd log monitor that publishes to an MQTT bus on specific events

Project description


Ochlero is a script that monitors the systemd journal for specific events that
trigger publications on an MQTT queue.

"Ochlero" comes from "Ochlerotatus Triseriatus", a species of tree hole breeding
mosquitoes (, ie
mosquitoes that like logs...

## Running and testing

Ochlero is tested against and runs on python 2.7 and python 3.5.

With python 2.x you need to install the systemd and mqtt wrappers on your system.
On CentOS or Fedora, you can do so with the following command (extra repositories
such as EPEL might need to be activated):

sudo yum install systemd-python python-paho-mqtt

This is necessary due to a problem in the PyPI version of the systemd wrapper.

With python 3.5, running

pip install -r requiremenits.txt

should be enough.

To start ochlero, simply run

ochlero -c /path/to/config/file.yaml

## The configuration file

Ochlero uses a yaml configuration file to define the mosquitto service to publish
to, and the processes and events to look for. See etc/ochlero.yaml for an example.

### Writing patterns

When ochlero is running, it will attempt to match log lines associated with a given
unit or command against patterns. A pattern is basically a regular expression.
Please refer to python's documentation for details on syntax, for example

Most of the time, you will want to pick some information from the log line and
publish it to MQTT. These elements of interest are defined in the pattern like
bash variables, ie "${ELEMENTNAME}. You must then define the regex matching for
each variable in the directive "where" of your event. For example:

- name: hello world
pattern: "hello, my name is ${PERSON}"
PERSON: [A-Za-z]+
publish: "Hi ${PERSON}!"

A log message like "Hello, my name is Mark" will publish the message "Hi Mark!".

### Predefined substitution types

To make it easier for you, some substitutions are included in ochlero so you don't
have to write annoying regular expressions:

* \_INT\_
* \_URL\_
* \_EMAIL\_
* \_IPv4\_

### Writing messages to publish

Variables can be reused as they are in publish messages (see previous example). Some
predefined "macros" can also be used:

* \_EPOCH\_ : the Unix Epoch timestamp at parsing time.

## Contributing

Ochlero is developped in **Software Factory** and contributions follow a review workflow.

To contribute:

1. Log in once to Software Factory at
2. Set up your ssh key in Gerrit's settings page
3. Clone the project:
git clone ssh://<your_username>
4. Set up git review
cd ochlero && git review -s
5. Work on your feature, make a commit, then send the review
git commit -m'my feature' && git review

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for ochlero, version 0.2.0
Filename, size File type Python version Upload date Hashes
Filename, size ochlero-0.2.0.tar.gz (13.0 kB) File type Source Python version None Upload date Hashes View

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring DigiCert DigiCert EV certificate Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page