1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 Copyright 2011 Lennart Poettering
18 #include <sys/inotify.h>
23 # define PCRE2_CODE_UNIT_WIDTH 8
28 #include "sd-journal.h"
31 #include "alloc-util.h"
32 #include "bus-error.h"
35 #include "chattr-util.h"
40 #include "glob-util.h"
41 #include "hostname-util.h"
43 #include "journal-def.h"
44 #include "journal-internal.h"
45 #include "journal-qrcode.h"
46 #include "journal-util.h"
47 #include "journal-vacuum.h"
48 #include "journal-verify.h"
49 #include "locale-util.h"
51 #include "logs-show.h"
54 #include "parse-util.h"
55 #include "path-util.h"
56 #include "rlimit-util.h"
59 #include "string-table.h"
61 #include "syslog-util.h"
62 #include "terminal-util.h"
63 #include "udev-util.h"
65 #include "unit-name.h"
66 #include "user-util.h"
68 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
70 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
73 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
74 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
76 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
78 PCRE2_SIZE erroroffset
;
81 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
82 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
84 unsigned char buf
[LINE_MAX
];
86 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
88 log_error("Bad pattern \"%s\": %s",
90 r
< 0 ? "unknown error" : (char*) buf
);
101 /* Special values for arg_lines */
102 ARG_LINES_DEFAULT
= -2,
106 static OutputMode arg_output
= OUTPUT_SHORT
;
107 static bool arg_utc
= false;
108 static bool arg_pager_end
= false;
109 static bool arg_follow
= false;
110 static bool arg_full
= true;
111 static bool arg_all
= false;
112 static bool arg_no_pager
= false;
113 static int arg_lines
= ARG_LINES_DEFAULT
;
114 static bool arg_no_tail
= false;
115 static bool arg_quiet
= false;
116 static bool arg_merge
= false;
117 static bool arg_boot
= false;
118 static sd_id128_t arg_boot_id
= {};
119 static int arg_boot_offset
= 0;
120 static bool arg_dmesg
= false;
121 static bool arg_no_hostname
= false;
122 static const char *arg_cursor
= NULL
;
123 static const char *arg_after_cursor
= NULL
;
124 static bool arg_show_cursor
= false;
125 static const char *arg_directory
= NULL
;
126 static char **arg_file
= NULL
;
127 static bool arg_file_stdin
= false;
128 static int arg_priorities
= 0xFF;
129 static char *arg_verify_key
= NULL
;
131 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
132 static bool arg_force
= false;
134 static usec_t arg_since
, arg_until
;
135 static bool arg_since_set
= false, arg_until_set
= false;
136 static char **arg_syslog_identifier
= NULL
;
137 static char **arg_system_units
= NULL
;
138 static char **arg_user_units
= NULL
;
139 static const char *arg_field
= NULL
;
140 static bool arg_catalog
= false;
141 static bool arg_reverse
= false;
142 static int arg_journal_type
= 0;
143 static char *arg_root
= NULL
;
144 static const char *arg_machine
= NULL
;
145 static uint64_t arg_vacuum_size
= 0;
146 static uint64_t arg_vacuum_n_files
= 0;
147 static usec_t arg_vacuum_time
= 0;
148 static char **arg_output_fields
= NULL
;
151 static const char *arg_pattern
= NULL
;
152 static pcre2_code
*arg_compiled_pattern
= NULL
;
153 static int arg_case_sensitive
= -1; /* -1 means be smart */
165 ACTION_UPDATE_CATALOG
,
172 ACTION_LIST_FIELD_NAMES
,
173 } arg_action
= ACTION_SHOW
;
175 typedef struct BootId
{
179 LIST_FIELDS(struct BootId
, boot_list
);
182 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
183 _cleanup_(udev_unrefp
) struct udev
*udev
= NULL
;
184 _cleanup_(udev_device_unrefp
) struct udev_device
*device
= NULL
;
185 struct udev_device
*d
= NULL
;
192 if (!path_startswith(devpath
, "/dev/")) {
193 log_error("Devpath does not start with /dev/");
201 if (stat(devpath
, &st
) < 0)
202 return log_error_errno(errno
, "Couldn't stat file: %m");
204 r
= udev_device_new_from_stat_rdev(udev
, &st
, &device
);
206 return log_error_errno(r
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
210 _cleanup_free_
char *match
= NULL
;
211 const char *subsys
, *sysname
, *devnode
;
213 subsys
= udev_device_get_subsystem(d
);
215 d
= udev_device_get_parent(d
);
219 sysname
= udev_device_get_sysname(d
);
221 d
= udev_device_get_parent(d
);
225 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
229 r
= sd_journal_add_match(j
, match
, 0);
231 return log_error_errno(r
, "Failed to add match: %m");
233 devnode
= udev_device_get_devnode(d
);
235 _cleanup_free_
char *match1
= NULL
;
237 r
= stat(devnode
, &st
);
239 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
241 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
245 r
= sd_journal_add_match(j
, match1
, 0);
247 return log_error_errno(r
, "Failed to add match: %m");
250 d
= udev_device_get_parent(d
);
253 r
= add_match_this_boot(j
, arg_machine
);
255 return log_error_errno(r
, "Failed to add match for the current boot: %m");
260 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
263 return format_timestamp_utc(buf
, l
, t
);
265 return format_timestamp(buf
, l
, t
);
268 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
269 sd_id128_t id
= SD_ID128_NULL
;
272 if (strlen(x
) >= 32) {
276 r
= sd_id128_from_string(t
, &id
);
280 if (!IN_SET(*x
, 0, '-', '+'))
284 r
= safe_atoi(x
, &off
);
289 r
= safe_atoi(x
, &off
);
303 static void help(void) {
305 (void) pager_open(arg_no_pager
, arg_pager_end
);
307 printf("%s [OPTIONS...] [MATCHES...]\n\n"
308 "Query the journal.\n\n"
310 " --system Show the system journal\n"
311 " --user Show the user journal for the current user\n"
312 " -M --machine=CONTAINER Operate on local container\n"
313 " -S --since=DATE Show entries not older than the specified date\n"
314 " -U --until=DATE Show entries not newer than the specified date\n"
315 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
316 " --after-cursor=CURSOR Show entries after the specified cursor\n"
317 " --show-cursor Print the cursor after all the entries\n"
318 " -b --boot[=ID] Show current boot or the specified boot\n"
319 " --list-boots Show terse information about recorded boots\n"
320 " -k --dmesg Show kernel message log from the current boot\n"
321 " -u --unit=UNIT Show logs from the specified unit\n"
322 " --user-unit=UNIT Show logs from the specified user unit\n"
323 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
324 " -p --priority=RANGE Show entries with the specified priority\n"
325 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
326 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
327 " -e --pager-end Immediately jump to the end in the pager\n"
328 " -f --follow Follow the journal\n"
329 " -n --lines[=INTEGER] Number of journal entries to show\n"
330 " --no-tail Show all lines, even in follow mode\n"
331 " -r --reverse Show the newest entries first\n"
332 " -o --output=STRING Change journal output mode (short, short-precise,\n"
333 " short-iso, short-iso-precise, short-full,\n"
334 " short-monotonic, short-unix, verbose, export,\n"
335 " json, json-pretty, json-sse, cat, with-unit)\n"
336 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
337 " --utc Express time in Coordinated Universal Time (UTC)\n"
338 " -x --catalog Add message explanations where available\n"
339 " --no-full Ellipsize fields\n"
340 " -a --all Show all fields, including long and unprintable\n"
341 " -q --quiet Do not show info messages and privilege warning\n"
342 " --no-pager Do not pipe output into a pager\n"
343 " --no-hostname Suppress output of hostname field\n"
344 " -m --merge Show entries from all available journals\n"
345 " -D --directory=PATH Show journal files from directory\n"
346 " --file=PATH Show journal file\n"
347 " --root=ROOT Operate on files below a root directory\n"
349 " --interval=TIME Time interval for changing the FSS sealing key\n"
350 " --verify-key=KEY Specify FSS verification key\n"
351 " --force Override of the FSS key pair with --setup-keys\n"
354 " -h --help Show this help text\n"
355 " --version Show package version\n"
356 " -N --fields List all field names currently used\n"
357 " -F --field=FIELD List all values that a specified field takes\n"
358 " --disk-usage Show total disk usage of all journal files\n"
359 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
360 " --vacuum-files=INT Leave only the specified number of journal files\n"
361 " --vacuum-time=TIME Remove journal files older than specified time\n"
362 " --verify Verify journal file consistency\n"
363 " --sync Synchronize unwritten journal messages to disk\n"
364 " --flush Flush all journal data from /run into /var\n"
365 " --rotate Request immediate rotation of the journal files\n"
366 " --header Show journal header information\n"
367 " --list-catalog Show all message IDs in the catalog\n"
368 " --dump-catalog Show entries in the message catalog\n"
369 " --update-catalog Update the message catalog database\n"
370 " --new-id128 Generate a new 128-bit ID\n"
372 " --setup-keys Generate a new FSS key pair\n"
374 , program_invocation_short_name
);
377 static int parse_argv(int argc
, char *argv
[]) {
416 static const struct option options
[] = {
417 { "help", no_argument
, NULL
, 'h' },
418 { "version" , no_argument
, NULL
, ARG_VERSION
},
419 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
420 { "pager-end", no_argument
, NULL
, 'e' },
421 { "follow", no_argument
, NULL
, 'f' },
422 { "force", no_argument
, NULL
, ARG_FORCE
},
423 { "output", required_argument
, NULL
, 'o' },
424 { "all", no_argument
, NULL
, 'a' },
425 { "full", no_argument
, NULL
, 'l' },
426 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
427 { "lines", optional_argument
, NULL
, 'n' },
428 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
429 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
430 { "quiet", no_argument
, NULL
, 'q' },
431 { "merge", no_argument
, NULL
, 'm' },
432 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
433 { "boot", optional_argument
, NULL
, 'b' },
434 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
435 { "dmesg", no_argument
, NULL
, 'k' },
436 { "system", no_argument
, NULL
, ARG_SYSTEM
},
437 { "user", no_argument
, NULL
, ARG_USER
},
438 { "directory", required_argument
, NULL
, 'D' },
439 { "file", required_argument
, NULL
, ARG_FILE
},
440 { "root", required_argument
, NULL
, ARG_ROOT
},
441 { "header", no_argument
, NULL
, ARG_HEADER
},
442 { "identifier", required_argument
, NULL
, 't' },
443 { "priority", required_argument
, NULL
, 'p' },
444 { "grep", required_argument
, NULL
, 'g' },
445 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
446 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
447 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
448 { "verify", no_argument
, NULL
, ARG_VERIFY
},
449 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
450 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
451 { "cursor", required_argument
, NULL
, 'c' },
452 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
453 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
454 { "since", required_argument
, NULL
, 'S' },
455 { "until", required_argument
, NULL
, 'U' },
456 { "unit", required_argument
, NULL
, 'u' },
457 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
458 { "field", required_argument
, NULL
, 'F' },
459 { "fields", no_argument
, NULL
, 'N' },
460 { "catalog", no_argument
, NULL
, 'x' },
461 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
462 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
463 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
464 { "reverse", no_argument
, NULL
, 'r' },
465 { "machine", required_argument
, NULL
, 'M' },
466 { "utc", no_argument
, NULL
, ARG_UTC
},
467 { "flush", no_argument
, NULL
, ARG_FLUSH
},
468 { "sync", no_argument
, NULL
, ARG_SYNC
},
469 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
470 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
471 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
472 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
473 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
474 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
483 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
499 arg_pager_end
= true;
501 if (arg_lines
== ARG_LINES_DEFAULT
)
511 if (streq(optarg
, "help")) {
512 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
516 arg_output
= output_mode_from_string(optarg
);
517 if (arg_output
< 0) {
518 log_error("Unknown output format '%s'.", optarg
);
522 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
541 if (streq(optarg
, "all"))
542 arg_lines
= ARG_LINES_ALL
;
544 r
= safe_atoi(optarg
, &arg_lines
);
545 if (r
< 0 || arg_lines
< 0) {
546 log_error("Failed to parse lines '%s'", optarg
);
553 /* Hmm, no argument? Maybe the next
554 * word on the command line is
555 * supposed to be the argument? Let's
556 * see if there is one, and is
560 if (streq(argv
[optind
], "all")) {
561 arg_lines
= ARG_LINES_ALL
;
563 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
577 arg_action
= ACTION_NEW_ID128
;
596 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
598 log_error("Failed to parse boot descriptor '%s'", optarg
);
603 /* Hmm, no argument? Maybe the next
604 * word on the command line is
605 * supposed to be the argument? Let's
606 * see if there is one and is parsable
607 * as a boot descriptor... */
610 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
617 arg_action
= ACTION_LIST_BOOTS
;
621 arg_boot
= arg_dmesg
= true;
625 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
629 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
633 arg_machine
= optarg
;
637 arg_directory
= optarg
;
641 if (streq(optarg
, "-"))
642 /* An undocumented feature: we can read journal files from STDIN. We don't document
643 * this though, since after all we only support this for mmap-able, seekable files, and
644 * not for example pipes which are probably the primary usecase for reading things from
645 * STDIN. To avoid confusion we hence don't document this feature. */
646 arg_file_stdin
= true;
648 r
= glob_extend(&arg_file
, optarg
);
650 return log_error_errno(r
, "Failed to add paths: %m");
655 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
664 case ARG_AFTER_CURSOR
:
665 arg_after_cursor
= optarg
;
668 case ARG_SHOW_CURSOR
:
669 arg_show_cursor
= true;
673 arg_action
= ACTION_PRINT_HEADER
;
677 arg_action
= ACTION_VERIFY
;
681 arg_action
= ACTION_DISK_USAGE
;
684 case ARG_VACUUM_SIZE
:
685 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
687 log_error("Failed to parse vacuum size: %s", optarg
);
691 arg_action
= ACTION_VACUUM
;
694 case ARG_VACUUM_FILES
:
695 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
697 log_error("Failed to parse vacuum files: %s", optarg
);
701 arg_action
= ACTION_VACUUM
;
704 case ARG_VACUUM_TIME
:
705 r
= parse_sec(optarg
, &arg_vacuum_time
);
707 log_error("Failed to parse vacuum time: %s", optarg
);
711 arg_action
= ACTION_VACUUM
;
720 arg_action
= ACTION_SETUP_KEYS
;
724 arg_action
= ACTION_VERIFY
;
725 r
= free_and_strdup(&arg_verify_key
, optarg
);
728 /* Use memset not string_erase so this doesn't look confusing
729 * in ps or htop output. */
730 memset(optarg
, 'x', strlen(optarg
));
736 r
= parse_sec(optarg
, &arg_interval
);
737 if (r
< 0 || arg_interval
<= 0) {
738 log_error("Failed to parse sealing key change interval: %s", optarg
);
747 log_error("Forward-secure sealing not available.");
754 dots
= strstr(optarg
, "..");
760 a
= strndup(optarg
, dots
- optarg
);
764 from
= log_level_from_string(a
);
765 to
= log_level_from_string(dots
+ 2);
768 if (from
< 0 || to
< 0) {
769 log_error("Failed to parse log level range %s", optarg
);
776 for (i
= from
; i
<= to
; i
++)
777 arg_priorities
|= 1 << i
;
779 for (i
= to
; i
<= from
; i
++)
780 arg_priorities
|= 1 << i
;
786 p
= log_level_from_string(optarg
);
788 log_error("Unknown log level %s", optarg
);
794 for (i
= 0; i
<= p
; i
++)
795 arg_priorities
|= 1 << i
;
803 arg_pattern
= optarg
;
806 case ARG_CASE_SENSITIVE
:
808 r
= parse_boolean(optarg
);
810 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
811 arg_case_sensitive
= r
;
813 arg_case_sensitive
= true;
818 case ARG_CASE_SENSITIVE
:
819 return log_error("Compiled without pattern matching support");
823 r
= parse_timestamp(optarg
, &arg_since
);
825 log_error("Failed to parse timestamp: %s", optarg
);
828 arg_since_set
= true;
832 r
= parse_timestamp(optarg
, &arg_until
);
834 log_error("Failed to parse timestamp: %s", optarg
);
837 arg_until_set
= true;
841 r
= strv_extend(&arg_syslog_identifier
, optarg
);
847 r
= strv_extend(&arg_system_units
, optarg
);
853 r
= strv_extend(&arg_user_units
, optarg
);
859 arg_action
= ACTION_LIST_FIELDS
;
864 arg_action
= ACTION_LIST_FIELD_NAMES
;
867 case ARG_NO_HOSTNAME
:
868 arg_no_hostname
= true;
875 case ARG_LIST_CATALOG
:
876 arg_action
= ACTION_LIST_CATALOG
;
879 case ARG_DUMP_CATALOG
:
880 arg_action
= ACTION_DUMP_CATALOG
;
883 case ARG_UPDATE_CATALOG
:
884 arg_action
= ACTION_UPDATE_CATALOG
;
896 arg_action
= ACTION_FLUSH
;
900 arg_action
= ACTION_ROTATE
;
904 arg_action
= ACTION_SYNC
;
907 case ARG_OUTPUT_FIELDS
: {
908 _cleanup_strv_free_
char **v
= NULL
;
910 v
= strv_split(optarg
, ",");
914 if (!arg_output_fields
)
915 arg_output_fields
= TAKE_PTR(v
);
917 r
= strv_extend_strv(&arg_output_fields
, v
, true);
928 assert_not_reached("Unhandled option");
931 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
934 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
935 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
939 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
940 log_error("--since= must be before --until=.");
944 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
945 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
949 if (arg_follow
&& arg_reverse
) {
950 log_error("Please specify either --reverse= or --follow=, not both.");
954 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
955 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
959 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
960 log_error("Using --boot or --list-boots with --merge is not supported.");
964 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
965 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
966 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
967 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
968 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
972 arg_system_units
= strv_free(arg_system_units
);
979 if (arg_case_sensitive
>= 0)
980 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
982 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
984 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
986 md
= pcre2_match_data_create(1, NULL
);
990 r
= pattern_compile("[[:upper:]]", 0, &cs
);
994 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
997 flags
= !has_case
* PCRE2_CASELESS
;
1000 log_debug("Doing case %s matching based on %s",
1001 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1002 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1004 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1013 static int generate_new_id128(void) {
1018 r
= sd_id128_randomize(&id
);
1020 return log_error_errno(r
, "Failed to generate ID: %m");
1022 printf("As string:\n"
1023 SD_ID128_FORMAT_STR
"\n\n"
1025 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
1026 "As man:sd-id128(3) macro:\n"
1027 "#define MESSAGE_XYZ SD_ID128_MAKE(",
1028 SD_ID128_FORMAT_VAL(id
),
1029 SD_ID128_FORMAT_VAL(id
));
1030 for (i
= 0; i
< 16; i
++)
1031 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
1032 fputs(")\n\n", stdout
);
1034 printf("As Python constant:\n"
1036 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
1037 SD_ID128_FORMAT_VAL(id
));
1042 static int add_matches(sd_journal
*j
, char **args
) {
1044 bool have_term
= false;
1048 STRV_FOREACH(i
, args
) {
1051 if (streq(*i
, "+")) {
1054 r
= sd_journal_add_disjunction(j
);
1057 } else if (path_is_absolute(*i
)) {
1058 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1061 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1063 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1065 if (lstat(p
, &st
) < 0)
1066 return log_error_errno(errno
, "Couldn't stat file: %m");
1068 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1069 if (executable_is_script(p
, &interpreter
) > 0) {
1070 _cleanup_free_
char *comm
;
1072 comm
= strndup(basename(p
), 15);
1076 t
= strappend("_COMM=", comm
);
1080 /* Append _EXE only if the interpreter is not a link.
1081 Otherwise, it might be outdated often. */
1082 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1083 t2
= strappend("_EXE=", interpreter
);
1088 t
= strappend("_EXE=", p
);
1093 r
= sd_journal_add_match(j
, t
, 0);
1096 r
= sd_journal_add_match(j
, t2
, 0);
1098 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1099 r
= add_matches_for_device(j
, p
);
1103 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
1109 r
= sd_journal_add_match(j
, *i
, 0);
1114 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1117 if (!strv_isempty(args
) && !have_term
) {
1118 log_error("\"+\" can only be used between terms");
1125 static void boot_id_free_all(BootId
*l
) {
1129 LIST_REMOVE(boot_list
, l
, i
);
1134 static int discover_next_boot(sd_journal
*j
,
1135 sd_id128_t previous_boot_id
,
1139 _cleanup_free_ BootId
*next_boot
= NULL
;
1140 char match
[9+32+1] = "_BOOT_ID=";
1147 /* We expect the journal to be on the last position of a boot
1148 * (in relation to the direction we are going), so that the next
1149 * invocation of sd_journal_next/previous will be from a different
1150 * boot. We then collect any information we desire and then jump
1151 * to the last location of the new boot by using a _BOOT_ID match
1152 * coming from the other journal direction. */
1154 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1155 * we can actually advance to a *different* boot. */
1156 sd_journal_flush_matches(j
);
1160 r
= sd_journal_previous(j
);
1162 r
= sd_journal_next(j
);
1166 return 0; /* End of journal, yay. */
1168 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1172 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1173 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1174 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1175 * complete than the main entry array, and hence might reference an entry that's not actually the last
1176 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1177 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1180 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1182 next_boot
= new0(BootId
, 1);
1186 next_boot
->id
= boot_id
;
1188 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1192 /* Now seek to the last occurrence of this boot ID. */
1193 sd_id128_to_string(next_boot
->id
, match
+ 9);
1194 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1199 r
= sd_journal_seek_head(j
);
1201 r
= sd_journal_seek_tail(j
);
1206 r
= sd_journal_next(j
);
1208 r
= sd_journal_previous(j
);
1212 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1213 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1216 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1220 *ret
= TAKE_PTR(next_boot
);
1225 static int get_boots(
1228 sd_id128_t
*boot_id
,
1233 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1234 const bool advance_older
= boot_id
&& offset
<= 0;
1235 sd_id128_t previous_boot_id
;
1239 /* Adjust for the asymmetry that offset 0 is
1240 * the last (and current) boot, while 1 is considered the
1241 * (chronological) first boot in the journal. */
1242 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1244 /* Advance to the earliest/latest occurrence of our reference
1245 * boot ID (taking our lookup direction into account), so that
1246 * discover_next_boot() can do its job.
1247 * If no reference is given, the journal head/tail will do,
1248 * they're "virtual" boots after all. */
1249 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1250 char match
[9+32+1] = "_BOOT_ID=";
1252 sd_journal_flush_matches(j
);
1254 sd_id128_to_string(*boot_id
, match
+ 9);
1255 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1260 r
= sd_journal_seek_head(j
); /* seek to oldest */
1262 r
= sd_journal_seek_tail(j
); /* seek to newest */
1267 r
= sd_journal_next(j
); /* read the oldest entry */
1269 r
= sd_journal_previous(j
); /* read the most recently added entry */
1274 else if (offset
== 0) {
1279 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1280 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1281 * the following entry, which must then have an older/newer boot ID */
1285 r
= sd_journal_seek_tail(j
); /* seek to newest */
1287 r
= sd_journal_seek_head(j
); /* seek to oldest */
1291 /* No sd_journal_next()/_previous() here.
1293 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1294 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1298 previous_boot_id
= SD_ID128_NULL
;
1300 _cleanup_free_ BootId
*current
= NULL
;
1302 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1304 boot_id_free_all(head
);
1311 previous_boot_id
= current
->id
;
1315 offset
+= advance_older
? 1 : -1;
1320 *boot_id
= current
->id
;
1324 LIST_FOREACH(boot_list
, id
, head
) {
1325 if (sd_id128_equal(id
->id
, current
->id
)) {
1326 /* boot id already stored, something wrong with the journal files */
1327 /* exiting as otherwise this problem would cause forever loop */
1331 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1332 tail
= TAKE_PTR(current
);
1341 sd_journal_flush_matches(j
);
1346 static int list_boots(sd_journal
*j
) {
1348 BootId
*id
, *all_ids
;
1352 count
= get_boots(j
, &all_ids
, NULL
, 0);
1354 return log_error_errno(count
, "Failed to determine boots: %m");
1358 (void) pager_open(arg_no_pager
, arg_pager_end
);
1360 /* numbers are one less, but we need an extra char for the sign */
1361 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1364 LIST_FOREACH(boot_list
, id
, all_ids
) {
1365 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1367 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1369 SD_ID128_FORMAT_VAL(id
->id
),
1370 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1371 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1375 boot_id_free_all(all_ids
);
1380 static int add_boot(sd_journal
*j
) {
1381 char match
[9+32+1] = "_BOOT_ID=";
1390 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1391 * We can do this only when we logs are coming from the current machine,
1392 * so take the slow path if log location is specified. */
1393 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1394 !arg_directory
&& !arg_file
&& !arg_root
)
1396 return add_match_this_boot(j
, arg_machine
);
1398 boot_id
= arg_boot_id
;
1399 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1402 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1404 if (sd_id128_is_null(arg_boot_id
))
1405 log_error("Data from the specified boot (%+i) is not available: %s",
1406 arg_boot_offset
, reason
);
1408 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1409 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1411 return r
== 0 ? -ENODATA
: r
;
1414 sd_id128_to_string(boot_id
, match
+ 9);
1416 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1418 return log_error_errno(r
, "Failed to add match: %m");
1420 r
= sd_journal_add_conjunction(j
);
1422 return log_error_errno(r
, "Failed to add conjunction: %m");
1427 static int add_dmesg(sd_journal
*j
) {
1434 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1435 STRLEN("_TRANSPORT=kernel"));
1437 return log_error_errno(r
, "Failed to add match: %m");
1439 r
= sd_journal_add_conjunction(j
);
1441 return log_error_errno(r
, "Failed to add conjunction: %m");
1446 static int get_possible_units(
1452 _cleanup_set_free_free_ Set
*found
;
1456 found
= set_new(&string_hash_ops
);
1460 NULSTR_FOREACH(field
, fields
) {
1464 r
= sd_journal_query_unique(j
, field
);
1468 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1469 char **pattern
, *eq
;
1471 _cleanup_free_
char *u
= NULL
;
1473 eq
= memchr(data
, '=', size
);
1475 prefix
= eq
- (char*) data
+ 1;
1479 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1483 STRV_FOREACH(pattern
, patterns
)
1484 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1485 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1487 r
= set_consume(found
, u
);
1489 if (r
< 0 && r
!= -EEXIST
)
1497 *units
= TAKE_PTR(found
);
1502 /* This list is supposed to return the superset of unit names
1503 * possibly matched by rules added with add_matches_for_unit... */
1504 #define SYSTEM_UNITS \
1508 "OBJECT_SYSTEMD_UNIT\0" \
1511 /* ... and add_matches_for_user_unit */
1512 #define USER_UNITS \
1513 "_SYSTEMD_USER_UNIT\0" \
1515 "COREDUMP_USER_UNIT\0" \
1516 "OBJECT_SYSTEMD_USER_UNIT\0"
1518 static int add_units(sd_journal
*j
) {
1519 _cleanup_strv_free_
char **patterns
= NULL
;
1525 STRV_FOREACH(i
, arg_system_units
) {
1526 _cleanup_free_
char *u
= NULL
;
1528 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1532 if (string_is_glob(u
)) {
1533 r
= strv_push(&patterns
, u
);
1538 r
= add_matches_for_unit(j
, u
);
1541 r
= sd_journal_add_disjunction(j
);
1548 if (!strv_isempty(patterns
)) {
1549 _cleanup_set_free_free_ Set
*units
= NULL
;
1553 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1557 SET_FOREACH(u
, units
, it
) {
1558 r
= add_matches_for_unit(j
, u
);
1561 r
= sd_journal_add_disjunction(j
);
1568 patterns
= strv_free(patterns
);
1570 STRV_FOREACH(i
, arg_user_units
) {
1571 _cleanup_free_
char *u
= NULL
;
1573 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1577 if (string_is_glob(u
)) {
1578 r
= strv_push(&patterns
, u
);
1583 r
= add_matches_for_user_unit(j
, u
, getuid());
1586 r
= sd_journal_add_disjunction(j
);
1593 if (!strv_isempty(patterns
)) {
1594 _cleanup_set_free_free_ Set
*units
= NULL
;
1598 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1602 SET_FOREACH(u
, units
, it
) {
1603 r
= add_matches_for_user_unit(j
, u
, getuid());
1606 r
= sd_journal_add_disjunction(j
);
1613 /* Complain if the user request matches but nothing whatsoever was
1614 * found, since otherwise everything would be matched. */
1615 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1618 r
= sd_journal_add_conjunction(j
);
1625 static int add_priorities(sd_journal
*j
) {
1626 char match
[] = "PRIORITY=0";
1630 if (arg_priorities
== 0xFF)
1633 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1634 if (arg_priorities
& (1 << i
)) {
1635 match
[sizeof(match
)-2] = '0' + i
;
1637 r
= sd_journal_add_match(j
, match
, strlen(match
));
1639 return log_error_errno(r
, "Failed to add match: %m");
1642 r
= sd_journal_add_conjunction(j
);
1644 return log_error_errno(r
, "Failed to add conjunction: %m");
1649 static int add_syslog_identifier(sd_journal
*j
) {
1655 STRV_FOREACH(i
, arg_syslog_identifier
) {
1658 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1659 r
= sd_journal_add_match(j
, u
, 0);
1662 r
= sd_journal_add_disjunction(j
);
1667 r
= sd_journal_add_conjunction(j
);
1674 static int setup_keys(void) {
1676 size_t mpk_size
, seed_size
, state_size
, i
;
1677 uint8_t *mpk
, *seed
, *state
;
1679 sd_id128_t machine
, boot
;
1680 char *p
= NULL
, *k
= NULL
;
1685 r
= stat("/var/log/journal", &st
);
1686 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1687 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1689 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1690 log_error("%s is not a directory, must be using persistent logging for FSS.",
1691 "/var/log/journal");
1692 return r
< 0 ? -errno
: -ENOTDIR
;
1695 r
= sd_id128_get_machine(&machine
);
1697 return log_error_errno(r
, "Failed to get machine ID: %m");
1699 r
= sd_id128_get_boot(&boot
);
1701 return log_error_errno(r
, "Failed to get boot ID: %m");
1703 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1704 SD_ID128_FORMAT_VAL(machine
)) < 0)
1709 if (r
< 0 && errno
!= ENOENT
) {
1710 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1713 } else if (access(p
, F_OK
) >= 0) {
1714 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1719 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1720 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1725 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1726 mpk
= alloca(mpk_size
);
1728 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1729 seed
= alloca(seed_size
);
1731 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1732 state
= alloca(state_size
);
1734 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1736 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1740 log_info("Generating seed...");
1741 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1743 log_error_errno(r
, "Failed to read random seed: %m");
1747 log_info("Generating key pair...");
1748 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1750 log_info("Generating sealing key...");
1751 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1753 assert(arg_interval
> 0);
1755 n
= now(CLOCK_REALTIME
);
1759 fd
= mkostemp_safe(k
);
1761 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1765 /* Enable secure remove, exclusion from dump, synchronous
1766 * writing and in-place updating */
1767 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1769 log_warning_errno(r
, "Failed to set file attributes: %m");
1772 memcpy(h
.signature
, "KSHHRHLP", 8);
1773 h
.machine_id
= machine
;
1775 h
.header_size
= htole64(sizeof(h
));
1776 h
.start_usec
= htole64(n
* arg_interval
);
1777 h
.interval_usec
= htole64(arg_interval
);
1778 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1779 h
.fsprg_state_size
= htole64(state_size
);
1781 r
= loop_write(fd
, &h
, sizeof(h
), false);
1783 log_error_errno(r
, "Failed to write header: %m");
1787 r
= loop_write(fd
, state
, state_size
, false);
1789 log_error_errno(r
, "Failed to write state: %m");
1793 if (link(k
, p
) < 0) {
1794 r
= log_error_errno(errno
, "Failed to link file: %m");
1801 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1802 "the following local file. This key file is automatically updated when the\n"
1803 "sealing key is advanced. It should not be used on multiple hosts.\n"
1807 "Please write down the following %ssecret verification key%s. It should be stored\n"
1808 "at a safe location and should not be saved locally on disk.\n"
1810 ansi_highlight(), ansi_normal(),
1812 ansi_highlight(), ansi_normal(),
1813 ansi_highlight_red());
1816 for (i
= 0; i
< seed_size
; i
++) {
1817 if (i
> 0 && i
% 3 == 0)
1819 printf("%02x", ((uint8_t*) seed
)[i
]);
1822 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1825 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1829 "The sealing key is automatically changed every %s.\n",
1831 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1833 hn
= gethostname_malloc();
1836 hostname_cleanup(hn
);
1837 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1839 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1842 /* If this is not an UTF-8 system don't print any QR codes */
1843 if (is_locale_utf8()) {
1844 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1845 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1865 log_error("Forward-secure sealing not available.");
1870 static int verify(sd_journal
*j
) {
1877 log_show_color(true);
1879 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1881 usec_t first
= 0, validated
= 0, last
= 0;
1884 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1885 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1888 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1890 /* If the key was invalid give up right-away. */
1893 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1896 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1897 log_info("PASS: %s", f
->path
);
1899 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1900 if (validated
> 0) {
1901 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1902 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1903 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1904 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1905 } else if (last
> 0)
1906 log_info("=> No sealing yet, %s of entries not sealed.",
1907 format_timespan(c
, sizeof(c
), last
- first
, 0));
1909 log_info("=> No sealing yet, no entries in file.");
1917 static int flush_to_var(void) {
1918 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1919 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1920 _cleanup_close_
int watch_fd
= -1;
1924 log_error("--flush is not supported in conjunction with --machine=.");
1929 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1932 /* OK, let's actually do the full logic, send SIGUSR1 to the
1933 * daemon and set up inotify to wait for the flushed file to appear */
1934 r
= bus_connect_system_systemd(&bus
);
1936 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1938 r
= sd_bus_call_method(
1940 "org.freedesktop.systemd1",
1941 "/org/freedesktop/systemd1",
1942 "org.freedesktop.systemd1.Manager",
1946 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1948 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1950 mkdir_p("/run/systemd/journal", 0755);
1952 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1954 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1956 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1958 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1961 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1964 if (errno
!= ENOENT
)
1965 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1967 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1969 return log_error_errno(r
, "Failed to wait for event: %m");
1971 r
= flush_fd(watch_fd
);
1973 return log_error_errno(r
, "Failed to flush inotify events: %m");
1979 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1980 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1981 _cleanup_close_
int watch_fd
= -1;
1986 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1990 start
= now(CLOCK_MONOTONIC
);
1992 /* This call sends the specified signal to journald, and waits
1993 * for acknowledgment by watching the mtime of the specified
1994 * flag file. This is used to trigger syncing or rotation and
1995 * then wait for the operation to complete. */
2000 /* See if a sync happened by now. */
2001 r
= read_timestamp_file(watch_path
, &tstamp
);
2002 if (r
< 0 && r
!= -ENOENT
)
2003 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
2004 if (r
>= 0 && tstamp
>= start
)
2007 /* Let's ask for a sync, but only once. */
2009 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2011 r
= bus_connect_system_systemd(&bus
);
2013 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
2015 r
= sd_bus_call_method(
2017 "org.freedesktop.systemd1",
2018 "/org/freedesktop/systemd1",
2019 "org.freedesktop.systemd1.Manager",
2023 "ssi", "systemd-journald.service", "main", sig
);
2025 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
2030 /* Let's install the inotify watch, if we didn't do that yet. */
2033 mkdir_p("/run/systemd/journal", 0755);
2035 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2037 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2039 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2041 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2043 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2047 /* OK, all preparatory steps done, let's wait until
2048 * inotify reports an event. */
2050 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2052 return log_error_errno(r
, "Failed to wait for event: %m");
2054 r
= flush_fd(watch_fd
);
2056 return log_error_errno(r
, "Failed to flush inotify events: %m");
2062 static int rotate(void) {
2063 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2066 static int sync_journal(void) {
2067 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2070 int main(int argc
, char *argv
[]) {
2072 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2073 bool need_seek
= false;
2074 sd_id128_t previous_boot_id
;
2075 bool previous_boot_id_valid
= false, first_line
= true;
2077 bool ellipsized
= false;
2079 setlocale(LC_ALL
, "");
2080 log_parse_environment();
2083 r
= parse_argv(argc
, argv
);
2087 signal(SIGWINCH
, columns_lines_cache_reset
);
2090 /* Increase max number of open files to 16K if we can, we
2091 * might needs this when browsing journal files, which might
2092 * be split up into many files. */
2093 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2095 switch (arg_action
) {
2097 case ACTION_NEW_ID128
:
2098 r
= generate_new_id128();
2101 case ACTION_SETUP_KEYS
:
2105 case ACTION_LIST_CATALOG
:
2106 case ACTION_DUMP_CATALOG
:
2107 case ACTION_UPDATE_CATALOG
: {
2108 _cleanup_free_
char *database
;
2110 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2116 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2117 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2119 log_error_errno(r
, "Failed to list catalog: %m");
2121 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2123 (void) pager_open(arg_no_pager
, arg_pager_end
);
2126 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2128 r
= catalog_list(stdout
, database
, oneline
);
2130 log_error_errno(r
, "Failed to list catalog: %m");
2149 case ACTION_PRINT_HEADER
:
2151 case ACTION_DISK_USAGE
:
2152 case ACTION_LIST_BOOTS
:
2154 case ACTION_LIST_FIELDS
:
2155 case ACTION_LIST_FIELD_NAMES
:
2156 /* These ones require access to the journal files, continue below. */
2160 assert_not_reached("Unknown action");
2164 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2166 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2167 else if (arg_file_stdin
) {
2168 int ifd
= STDIN_FILENO
;
2169 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2170 } else if (arg_file
)
2171 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2172 else if (arg_machine
) {
2173 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2174 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2175 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2178 if (geteuid() != 0) {
2179 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2180 * the container, thus we need root privileges to override them. */
2181 log_error("Using the --machine= switch requires root privileges.");
2186 r
= sd_bus_open_system(&bus
);
2188 log_error_errno(r
, "Failed to open system bus: %m");
2192 r
= sd_bus_call_method(
2194 "org.freedesktop.machine1",
2195 "/org/freedesktop/machine1",
2196 "org.freedesktop.machine1.Manager",
2197 "OpenMachineRootDirectory",
2202 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2206 r
= sd_bus_message_read(reply
, "h", &fd
);
2208 bus_log_parse_error(r
);
2212 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2214 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2218 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2222 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2224 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2228 r
= journal_access_check_and_warn(j
, arg_quiet
,
2229 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2233 switch (arg_action
) {
2235 case ACTION_NEW_ID128
:
2236 case ACTION_SETUP_KEYS
:
2237 case ACTION_LIST_CATALOG
:
2238 case ACTION_DUMP_CATALOG
:
2239 case ACTION_UPDATE_CATALOG
:
2243 assert_not_reached("Unexpected action.");
2245 case ACTION_PRINT_HEADER
:
2246 journal_print_header(j
);
2254 case ACTION_DISK_USAGE
: {
2256 char sbytes
[FORMAT_BYTES_MAX
];
2258 r
= sd_journal_get_usage(j
, &bytes
);
2262 printf("Archived and active journals take up %s in the file system.\n",
2263 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2267 case ACTION_LIST_BOOTS
:
2271 case ACTION_VACUUM
: {
2275 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2281 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2283 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2291 case ACTION_LIST_FIELD_NAMES
: {
2294 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2295 printf("%s\n", field
);
2304 case ACTION_LIST_FIELDS
:
2308 assert_not_reached("Unknown action");
2311 if (arg_boot_offset
!= 0 &&
2312 sd_journal_has_runtime_files(j
) > 0 &&
2313 sd_journal_has_persistent_files(j
) == 0) {
2314 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2318 /* add_boot() must be called first!
2319 * It may need to seek the journal to find parent boot IDs. */
2330 log_error_errno(r
, "Failed to add filter for units: %m");
2334 r
= add_syslog_identifier(j
);
2336 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2340 r
= add_priorities(j
);
2344 r
= add_matches(j
, argv
+ optind
);
2348 if (DEBUG_LOGGING
) {
2349 _cleanup_free_
char *filter
;
2351 filter
= journal_make_match_string(j
);
2355 log_debug("Journal filter: %s", filter
);
2358 if (arg_action
== ACTION_LIST_FIELDS
) {
2364 r
= sd_journal_set_data_threshold(j
, 0);
2366 log_error_errno(r
, "Failed to unset data size threshold: %m");
2370 r
= sd_journal_query_unique(j
, arg_field
);
2372 log_error_errno(r
, "Failed to query unique data objects: %m");
2376 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2379 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2382 eq
= memchr(data
, '=', size
);
2384 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2386 printf("%.*s\n", (int) size
, (const char*) data
);
2395 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2397 r
= sd_journal_get_fd(j
);
2398 if (r
== -EMEDIUMTYPE
) {
2399 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2403 log_error_errno(r
, "Failed to get journal fd: %m");
2408 if (arg_cursor
|| arg_after_cursor
) {
2409 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2411 log_error_errno(r
, "Failed to seek to cursor: %m");
2416 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2418 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2420 if (arg_after_cursor
&& r
< 2) {
2421 /* We couldn't find the next entry after the cursor. */
2428 } else if (arg_since_set
&& !arg_reverse
) {
2429 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2431 log_error_errno(r
, "Failed to seek to date: %m");
2434 r
= sd_journal_next(j
);
2436 } else if (arg_until_set
&& arg_reverse
) {
2437 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2439 log_error_errno(r
, "Failed to seek to date: %m");
2442 r
= sd_journal_previous(j
);
2444 } else if (arg_lines
>= 0) {
2445 r
= sd_journal_seek_tail(j
);
2447 log_error_errno(r
, "Failed to seek to tail: %m");
2451 r
= sd_journal_previous_skip(j
, arg_lines
);
2453 } else if (arg_reverse
) {
2454 r
= sd_journal_seek_tail(j
);
2456 log_error_errno(r
, "Failed to seek to tail: %m");
2460 r
= sd_journal_previous(j
);
2463 r
= sd_journal_seek_head(j
);
2465 log_error_errno(r
, "Failed to seek to head: %m");
2469 r
= sd_journal_next(j
);
2473 log_error_errno(r
, "Failed to iterate through journal: %m");
2480 (void) pager_open(arg_no_pager
, arg_pager_end
);
2482 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2484 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2486 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2488 log_error_errno(r
, "Failed to get cutoff: %m");
2494 printf("-- Logs begin at %s. --\n",
2495 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2497 printf("-- Logs begin at %s, end at %s. --\n",
2498 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2499 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2504 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2506 size_t highlight
[2] = {};
2510 r
= sd_journal_next(j
);
2512 r
= sd_journal_previous(j
);
2514 log_error_errno(r
, "Failed to iterate through journal: %m");
2521 if (arg_until_set
&& !arg_reverse
) {
2524 r
= sd_journal_get_realtime_usec(j
, &usec
);
2526 log_error_errno(r
, "Failed to determine timestamp: %m");
2529 if (usec
> arg_until
)
2533 if (arg_since_set
&& arg_reverse
) {
2536 r
= sd_journal_get_realtime_usec(j
, &usec
);
2538 log_error_errno(r
, "Failed to determine timestamp: %m");
2541 if (usec
< arg_since
)
2545 if (!arg_merge
&& !arg_quiet
) {
2548 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2550 if (previous_boot_id_valid
&&
2551 !sd_id128_equal(boot_id
, previous_boot_id
))
2552 printf("%s-- Reboot --%s\n",
2553 ansi_highlight(), ansi_normal());
2555 previous_boot_id
= boot_id
;
2556 previous_boot_id_valid
= true;
2561 if (arg_compiled_pattern
) {
2562 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2563 const void *message
;
2567 md
= pcre2_match_data_create(1, NULL
);
2571 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2578 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2582 assert_se(message
= startswith(message
, "MESSAGE="));
2584 r
= pcre2_match(arg_compiled_pattern
,
2586 len
- strlen("MESSAGE="),
2587 0, /* start at offset 0 in the subject */
2588 0, /* default options */
2591 if (r
== PCRE2_ERROR_NOMATCH
) {
2596 unsigned char buf
[LINE_MAX
];
2599 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2600 log_error("Pattern matching failed: %s",
2601 r2
< 0 ? "unknown error" : (char*) buf
);
2606 ovec
= pcre2_get_ovector_pointer(md
);
2607 highlight
[0] = ovec
[0];
2608 highlight
[1] = ovec
[1];
2613 arg_all
* OUTPUT_SHOW_ALL
|
2614 arg_full
* OUTPUT_FULL_WIDTH
|
2615 colors_enabled() * OUTPUT_COLOR
|
2616 arg_catalog
* OUTPUT_CATALOG
|
2617 arg_utc
* OUTPUT_UTC
|
2618 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2620 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2621 arg_output_fields
, highlight
, &ellipsized
);
2623 if (r
== -EADDRNOTAVAIL
)
2625 else if (r
< 0 || ferror(stdout
))
2630 /* If journalctl take a long time to process messages, and during that time journal file
2631 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2632 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2633 * in the "following" case. By periodically calling sd_journal_process() during the processing
2634 * loop we shrink the window of time a client instance has open file descriptors for rotated
2635 * (deleted) journal files. */
2636 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2637 r
= sd_journal_process(j
);
2639 log_error_errno(r
, "Failed to process inotify events: %m");
2646 if (n_shown
== 0 && !arg_quiet
)
2647 printf("-- No entries --\n");
2649 if (arg_show_cursor
) {
2650 _cleanup_free_
char *cursor
= NULL
;
2652 r
= sd_journal_get_cursor(j
, &cursor
);
2653 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2654 log_error_errno(r
, "Failed to get cursor: %m");
2656 printf("-- cursor: %s\n", cursor
);
2663 r
= sd_journal_wait(j
, (uint64_t) -1);
2665 log_error_errno(r
, "Couldn't wait for journal event: %m");
2676 strv_free(arg_file
);
2678 strv_free(arg_syslog_identifier
);
2679 strv_free(arg_system_units
);
2680 strv_free(arg_user_units
);
2681 strv_free(arg_output_fields
);
2684 free(arg_verify_key
);
2687 if (arg_compiled_pattern
)
2688 pcre2_code_free(arg_compiled_pattern
);
2691 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;