Merge pull request #277 from mnrkbys/journalctl

artif: new systemd journal artifacts
tclahr · Jan 7, 2025 · 19813bd · 19813bd
2 parents 59d9fc1 + b16a15f
commit 19813bd
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -25,6 +25,7 @@
 - live_response/storage/lsblk.yaml: Added JSON output format for listing block devices [linux] ([mnrkbys](https://github.com/mnrkbys)).
 - live_response/system/coredump.yaml: Added collection of core dump files information [linux] ([mnrkbys](https://github.com/mnrkbys)).
 - live_response/system/getcap.yaml: Added functionality to collect the list of files with associated process capabilities [linux] ([mnrkbys](https://github.com/mnrkbys)).
+- live_response/system/journalctl.yaml: Added collection of listing of time periods between boots [linux] ([mnrkbys](https://github.com/mnrkbys)).
 - live_response/system/ulimit.yaml: Added collection of all resource limits information [all] ([mnrkbys](https://github.com/mnrkbys)).
 - memory_dump/coredump.yaml: Added collection of core dump, ABRT, Apport, and kdump files [esxi, linux, netbsd] ([mnrkbys](https://github.com/mnrkbys)).
 

diff --git a/artifacts/files/logs/journal.yaml b/artifacts/files/logs/journal.yaml
@@ -1,8 +1,8 @@
-version: 1.0
+version: 1.1
 artifacts:
   -
     description: Collect journal log files.
     supported_os: [linux]
     collector: file
     path: /
-    name_pattern: ["*.journal"]
+    name_pattern: ["*.journal", "*.journal~"]
diff --git a/artifacts/live_response/system/journalctl.yaml b/artifacts/live_response/system/journalctl.yaml
@@ -0,0 +1,10 @@
+version: 1.0
+condition: command_exists "journalctl"
+output_directory: /live_response/system
+artifacts:
+  -
+    description: Show a listing of time periods between boots.
+    supported_os: [linux]
+    collector: command
+    command: journalctl --list-boots
+    output_file: journalctl_--list-boots.txt