|
|
9ec60ea7ff
|
feat: syslog and dmesg parsers with graceful journald fallback
- Add syslog.py — RFC 3164 parser for /var/log/syslog, /var/log/messages,
auth.log, kern.log; ident prepended to message text for searchability
- Add dmesg_log.py — handles both relative [secs.usecs] and human-readable
[Dow Mon DD HH:MM:SS YYYY] formats; relative timestamps preserved as raw
- Wire both into pipeline.py auto-detection (before plaintext fallback)
- Update export_journal.sh: checks for journalctl availability, falls back
gracefully on non-systemd systems; adds dmesg -T export (falls back to
plain dmesg on older kernels)
- Add syslog entries (commented) + dmesg source to sources.yaml
- 30 tests covering both parsers (detection + parse correctness)
|
2026-05-11 06:57:38 -07:00 |
|
|
|
1b6482701c
|
feat: journald export + system failure patterns
- Add scripts/export_journal.sh — dumps recent journal (priority 0-5,
20min window) to /opt/turnstone/data/journal-export.jsonl; idempotent
via entry_id deduplication so overlap is safe
- Add system-journal source to sources.yaml pointing at the export file
- Add 9 system-level patterns to default.yaml:
systemd_fail, oom_kill, disk_hw_error, fs_error, kernel_error,
ssh_brute, container_crash, smart_error, nfs_error
|
2026-05-11 06:54:42 -07:00 |
|
