Journald MCP Server

1STDIOregistry active

Summary

Gives Claude direct access to systemd journal logs for incident response and forensic analysis. Exposes tools to query journal entries with natural language datetime filtering (like "2 hours ago" or "yesterday at 3pm"), filter by systemd unit or syslog identifier, and search message content. Also provides resources to list all units and identifiers across time ranges, plus fetch the first entry datetime. Built on systemd-python and supports stdio, SSE, or HTTP transports. Reach for this when you need to troubleshoot Linux systems, correlate service failures, or hunt through logs without leaving your Claude conversation. Requires systemd-journal group access to run as non-root.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Journald MCP Server

An MCP server for accessing systemd journal logs.

Features

List systemd units from journal logs
List syslog identifiers from journal logs
Get datetime of first journal entry
Filter journal entries by datetime range (since/until)
Filter by systemd unit or syslog identifier
Filter by message content (case-insensitive substring matching)
Natural language datetime parsing (e.g., "2 hours ago", "yesterday at 3pm")
List units and identifiers within specific time ranges

Installation

# Install dependencies
uv sync

Usage

Run as non-root: Give the user systemd-journal group access usermod -aG systemd-journal $USER

Run the server with:

uv run server.py [OPTIONS]

CLI Options

--transport: Transport protocol to use (stdio, sse, or streamable-http). Default: stdio
--port: Port to listen on for HTTP transport (ignored for stdio transport). Default: 3002
--log-level: Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL). Default: INFO

Examples

Run with stdio transport (default, for MCP clients that communicate via stdin/stdout):
```
python server.py
```

Run with HTTP transport on custom port:

python server.py --transport streamable-http --port 8080

Run with SSE transport:

python server.py --transport sse --port 3000

Run with debug logging:
```
python server.py --log-level DEBUG
```

MCP Integration

The server provides the following MCP resources and tools:

Resources

journal://units: List unique systemd units from journal logs (all accessible time)
journal://syslog-identifiers: List unique syslog identifiers from journal logs (all accessible time)
journal://first-entry-datetime: Get the datetime of the first entry in the journal
journal://units/{since}/{until}: List unique systemd units within a specified time range
journal://syslog-identifiers/{since}/{until}: List unique syslog identifiers within a specified time range

Tools

get_journal_entries: Get journal entries with datetime filtering
- Parameters: since (optional), until (optional), unit (optional), identifier (optional), message_contains (optional), limit (default: 100)
- Returns: List of entries with timestamp, unit, identifier, and message
- Example: Get logs from last 2 hours containing "error": since="2 hours ago", message_contains="error"
get_recent_logs: Get recent journal logs from the last N minutes
- Parameters: minutes (default: 60), unit (optional), limit (default: 50)
- Returns: Formatted string of recent log messages

Datetime Input Format

The server uses natural language datetime parsing via the dateparser library. Supported formats include:

Relative times: "2 hours ago", "yesterday at 3pm", "last week", "now"
Absolute times: "2024-01-15 14:30", "2024-01-15T14:30:00"
Mixed: "today at 9am", "tomorrow 3pm"

All times are interpreted as UTC and returned in human-readable format: "YYYY-MM-DD HH:MM:SS UTC"

Development

This project uses:

Python 3.12+
MCP FastMCP
systemd-python for journal access
Click for CLI interface
dateparser for natural language datetime parsing

Project Structure

journald-mcp-server/
├── journald_mcp_server/     # Main package
│   ├── __init__.py
│   ├── server.py           # MCP server implementation
│   └── datetime_utils.py   # Datetime parsing and formatting utilities
├── tests/                  # Test suite
│   ├── __init__.py
│   └── test_server.py
├── server.py              # Entry point wrapper
├── pyproject.toml
└── README.md

Running Tests

python -m pytest tests/

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Journald MCP Server

An MCP server for accessing systemd journal logs.

Features

List systemd units from journal logs
List syslog identifiers from journal logs
Get datetime of first journal entry
Filter journal entries by datetime range (since/until)
Filter by systemd unit or syslog identifier
Filter by message content (case-insensitive substring matching)
Natural language datetime parsing (e.g., "2 hours ago", "yesterday at 3pm")
List units and identifiers within specific time ranges

Installation

# Install dependencies
uv sync

Usage

Run as non-root: Give the user systemd-journal group access usermod -aG systemd-journal $USER

Run the server with:

uv run server.py [OPTIONS]

CLI Options

--transport: Transport protocol to use (stdio, sse, or streamable-http). Default: stdio
--port: Port to listen on for HTTP transport (ignored for stdio transport). Default: 3002
--log-level: Logging level (DEBUG, INFO, WARNING, ERROR, CRITICAL). Default: INFO

Examples

Run with stdio transport (default, for MCP clients that communicate via stdin/stdout):
```
python server.py
```

Run with HTTP transport on custom port:

python server.py --transport streamable-http --port 8080

Run with SSE transport:

python server.py --transport sse --port 3000

Run with debug logging:
```
python server.py --log-level DEBUG
```

MCP Integration

The server provides the following MCP resources and tools:

Resources

journal://units: List unique systemd units from journal logs (all accessible time)
journal://syslog-identifiers: List unique syslog identifiers from journal logs (all accessible time)
journal://first-entry-datetime: Get the datetime of the first entry in the journal
journal://units/{since}/{until}: List unique systemd units within a specified time range
journal://syslog-identifiers/{since}/{until}: List unique syslog identifiers within a specified time range

Tools

get_journal_entries: Get journal entries with datetime filtering
- Parameters: since (optional), until (optional), unit (optional), identifier (optional), message_contains (optional), limit (default: 100)
- Returns: List of entries with timestamp, unit, identifier, and message
- Example: Get logs from last 2 hours containing "error": since="2 hours ago", message_contains="error"
get_recent_logs: Get recent journal logs from the last N minutes
- Parameters: minutes (default: 60), unit (optional), limit (default: 50)
- Returns: Formatted string of recent log messages

Datetime Input Format

The server uses natural language datetime parsing via the dateparser library. Supported formats include:

Relative times: "2 hours ago", "yesterday at 3pm", "last week", "now"
Absolute times: "2024-01-15 14:30", "2024-01-15T14:30:00"
Mixed: "today at 9am", "tomorrow 3pm"

All times are interpreted as UTC and returned in human-readable format: "YYYY-MM-DD HH:MM:SS UTC"

Development

This project uses:

Python 3.12+
MCP FastMCP
systemd-python for journal access
Click for CLI interface
dateparser for natural language datetime parsing

Project Structure

journald-mcp-server/
├── journald_mcp_server/     # Main package
│   ├── __init__.py
│   ├── server.py           # MCP server implementation
│   └── datetime_utils.py   # Datetime parsing and formatting utilities
├── tests/                  # Test suite
│   ├── __init__.py
│   └── test_server.py
├── server.py              # Entry point wrapper
├── pyproject.toml
└── README.md

Running Tests

python -m pytest tests/

Journald MCP Server

Journald MCP Server

Features

Installation

Usage

CLI Options

Examples

MCP Integration

Resources

Tools

Datetime Input Format

Development

Project Structure

Running Tests

Journald MCP Server

Journald MCP Server

Features

Installation

Usage

CLI Options

Examples

MCP Integration

Resources

Tools

Datetime Input Format

Development

Project Structure

Running Tests

Related Monitoring & Observability MCP Servers

Related Monitoring & Observability MCP Servers