2 This file is part of systemd.
4 Copyright 2011 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
32 #include <sys/inotify.h>
37 #include "sd-journal.h"
40 #include "alloc-util.h"
41 #include "bus-error.h"
44 #include "chattr-util.h"
49 #include "glob-util.h"
50 #include "hostname-util.h"
52 #include "journal-def.h"
53 #include "journal-internal.h"
54 #include "journal-qrcode.h"
55 #include "journal-util.h"
56 #include "journal-vacuum.h"
57 #include "journal-verify.h"
58 #include "locale-util.h"
60 #include "logs-show.h"
63 #include "parse-util.h"
64 #include "path-util.h"
65 #include "rlimit-util.h"
69 #include "syslog-util.h"
70 #include "terminal-util.h"
72 #include "udev-util.h"
73 #include "unit-name.h"
74 #include "user-util.h"
76 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
79 /* Special values for arg_lines */
80 ARG_LINES_DEFAULT
= -2,
84 static OutputMode arg_output
= OUTPUT_SHORT
;
85 static bool arg_utc
= false;
86 static bool arg_pager_end
= false;
87 static bool arg_follow
= false;
88 static bool arg_full
= true;
89 static bool arg_all
= false;
90 static bool arg_no_pager
= false;
91 static int arg_lines
= ARG_LINES_DEFAULT
;
92 static bool arg_no_tail
= false;
93 static bool arg_quiet
= false;
94 static bool arg_merge
= false;
95 static bool arg_boot
= false;
96 static sd_id128_t arg_boot_id
= {};
97 static int arg_boot_offset
= 0;
98 static bool arg_dmesg
= false;
99 static bool arg_no_hostname
= false;
100 static const char *arg_cursor
= NULL
;
101 static const char *arg_after_cursor
= NULL
;
102 static bool arg_show_cursor
= false;
103 static const char *arg_directory
= NULL
;
104 static char **arg_file
= NULL
;
105 static bool arg_file_stdin
= false;
106 static int arg_priorities
= 0xFF;
107 static char *arg_verify_key
= NULL
;
109 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
110 static bool arg_force
= false;
112 static usec_t arg_since
, arg_until
;
113 static bool arg_since_set
= false, arg_until_set
= false;
114 static char **arg_syslog_identifier
= NULL
;
115 static char **arg_system_units
= NULL
;
116 static char **arg_user_units
= NULL
;
117 static const char *arg_field
= NULL
;
118 static bool arg_catalog
= false;
119 static bool arg_reverse
= false;
120 static int arg_journal_type
= 0;
121 static char *arg_root
= NULL
;
122 static const char *arg_machine
= NULL
;
123 static uint64_t arg_vacuum_size
= 0;
124 static uint64_t arg_vacuum_n_files
= 0;
125 static usec_t arg_vacuum_time
= 0;
126 static char **arg_output_fields
= NULL
;
137 ACTION_UPDATE_CATALOG
,
144 ACTION_LIST_FIELD_NAMES
,
145 } arg_action
= ACTION_SHOW
;
147 typedef struct BootId
{
151 LIST_FIELDS(struct BootId
, boot_list
);
154 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
156 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
157 _cleanup_udev_device_unref_
struct udev_device
*device
= NULL
;
158 struct udev_device
*d
= NULL
;
164 if (!path_startswith(devpath
, "/dev/")) {
165 log_error("Devpath does not start with /dev/");
173 r
= stat(devpath
, &st
);
175 log_error_errno(errno
, "Couldn't stat file: %m");
177 d
= device
= udev_device_new_from_devnum(udev
, S_ISBLK(st
.st_mode
) ? 'b' : 'c', st
.st_rdev
);
179 return log_error_errno(errno
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
182 _cleanup_free_
char *match
= NULL
;
183 const char *subsys
, *sysname
, *devnode
;
185 subsys
= udev_device_get_subsystem(d
);
187 d
= udev_device_get_parent(d
);
191 sysname
= udev_device_get_sysname(d
);
193 d
= udev_device_get_parent(d
);
197 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
201 r
= sd_journal_add_match(j
, match
, 0);
203 return log_error_errno(r
, "Failed to add match: %m");
205 devnode
= udev_device_get_devnode(d
);
207 _cleanup_free_
char *match1
= NULL
;
209 r
= stat(devnode
, &st
);
211 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
213 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
217 r
= sd_journal_add_match(j
, match1
, 0);
219 return log_error_errno(r
, "Failed to add match: %m");
222 d
= udev_device_get_parent(d
);
225 r
= add_match_this_boot(j
, arg_machine
);
227 return log_error_errno(r
, "Failed to add match for the current boot: %m");
232 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
235 return format_timestamp_utc(buf
, l
, t
);
237 return format_timestamp(buf
, l
, t
);
240 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
241 sd_id128_t id
= SD_ID128_NULL
;
244 if (strlen(x
) >= 32) {
248 r
= sd_id128_from_string(t
, &id
);
252 if (!IN_SET(*x
, 0, '-', '+'))
256 r
= safe_atoi(x
, &off
);
261 r
= safe_atoi(x
, &off
);
275 static void help(void) {
277 pager_open(arg_no_pager
, arg_pager_end
);
279 printf("%s [OPTIONS...] [MATCHES...]\n\n"
280 "Query the journal.\n\n"
282 " --system Show the system journal\n"
283 " --user Show the user journal for the current user\n"
284 " -M --machine=CONTAINER Operate on local container\n"
285 " -S --since=DATE Show entries not older than the specified date\n"
286 " -U --until=DATE Show entries not newer than the specified date\n"
287 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
288 " --after-cursor=CURSOR Show entries after the specified cursor\n"
289 " --show-cursor Print the cursor after all the entries\n"
290 " -b --boot[=ID] Show current boot or the specified boot\n"
291 " --list-boots Show terse information about recorded boots\n"
292 " -k --dmesg Show kernel message log from the current boot\n"
293 " -u --unit=UNIT Show logs from the specified unit\n"
294 " --user-unit=UNIT Show logs from the specified user unit\n"
295 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
296 " -p --priority=RANGE Show entries with the specified priority\n"
297 " -e --pager-end Immediately jump to the end in the pager\n"
298 " -f --follow Follow the journal\n"
299 " -n --lines[=INTEGER] Number of journal entries to show\n"
300 " --no-tail Show all lines, even in follow mode\n"
301 " -r --reverse Show the newest entries first\n"
302 " -o --output=STRING Change journal output mode (short, short-precise,\n"
303 " short-iso, short-iso-precise, short-full,\n"
304 " short-monotonic, short-unix, verbose, export,\n"
305 " json, json-pretty, json-sse, cat)\n"
306 " --utc Express time in Coordinated Universal Time (UTC)\n"
307 " -x --catalog Add message explanations where available\n"
308 " --no-full Ellipsize fields\n"
309 " -a --all Show all fields, including long and unprintable\n"
310 " -q --quiet Do not show info messages and privilege warning\n"
311 " --no-pager Do not pipe output into a pager\n"
312 " --no-hostname Suppress output of hostname field\n"
313 " -m --merge Show entries from all available journals\n"
314 " -D --directory=PATH Show journal files from directory\n"
315 " --file=PATH Show journal file\n"
316 " --root=ROOT Operate on files below a root directory\n"
318 " --interval=TIME Time interval for changing the FSS sealing key\n"
319 " --verify-key=KEY Specify FSS verification key\n"
320 " --force Override of the FSS key pair with --setup-keys\n"
323 " -h --help Show this help text\n"
324 " --version Show package version\n"
325 " -N --fields List all field names currently used\n"
326 " -F --field=FIELD List all values that a specified field takes\n"
327 " --disk-usage Show total disk usage of all journal files\n"
328 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
329 " --vacuum-files=INT Leave only the specified number of journal files\n"
330 " --vacuum-time=TIME Remove journal files older than specified time\n"
331 " --verify Verify journal file consistency\n"
332 " --sync Synchronize unwritten journal messages to disk\n"
333 " --flush Flush all journal data from /run into /var\n"
334 " --rotate Request immediate rotation of the journal files\n"
335 " --header Show journal header information\n"
336 " --list-catalog Show all message IDs in the catalog\n"
337 " --dump-catalog Show entries in the message catalog\n"
338 " --update-catalog Update the message catalog database\n"
339 " --new-id128 Generate a new 128-bit ID\n"
341 " --setup-keys Generate a new FSS key pair\n"
343 , program_invocation_short_name
);
346 static int parse_argv(int argc
, char *argv
[]) {
384 static const struct option options
[] = {
385 { "help", no_argument
, NULL
, 'h' },
386 { "version" , no_argument
, NULL
, ARG_VERSION
},
387 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
388 { "pager-end", no_argument
, NULL
, 'e' },
389 { "follow", no_argument
, NULL
, 'f' },
390 { "force", no_argument
, NULL
, ARG_FORCE
},
391 { "output", required_argument
, NULL
, 'o' },
392 { "all", no_argument
, NULL
, 'a' },
393 { "full", no_argument
, NULL
, 'l' },
394 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
395 { "lines", optional_argument
, NULL
, 'n' },
396 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
397 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
398 { "quiet", no_argument
, NULL
, 'q' },
399 { "merge", no_argument
, NULL
, 'm' },
400 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
401 { "boot", optional_argument
, NULL
, 'b' },
402 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
403 { "dmesg", no_argument
, NULL
, 'k' },
404 { "system", no_argument
, NULL
, ARG_SYSTEM
},
405 { "user", no_argument
, NULL
, ARG_USER
},
406 { "directory", required_argument
, NULL
, 'D' },
407 { "file", required_argument
, NULL
, ARG_FILE
},
408 { "root", required_argument
, NULL
, ARG_ROOT
},
409 { "header", no_argument
, NULL
, ARG_HEADER
},
410 { "identifier", required_argument
, NULL
, 't' },
411 { "priority", required_argument
, NULL
, 'p' },
412 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
413 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
414 { "verify", no_argument
, NULL
, ARG_VERIFY
},
415 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
416 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
417 { "cursor", required_argument
, NULL
, 'c' },
418 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
419 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
420 { "since", required_argument
, NULL
, 'S' },
421 { "until", required_argument
, NULL
, 'U' },
422 { "unit", required_argument
, NULL
, 'u' },
423 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
424 { "field", required_argument
, NULL
, 'F' },
425 { "fields", no_argument
, NULL
, 'N' },
426 { "catalog", no_argument
, NULL
, 'x' },
427 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
428 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
429 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
430 { "reverse", no_argument
, NULL
, 'r' },
431 { "machine", required_argument
, NULL
, 'M' },
432 { "utc", no_argument
, NULL
, ARG_UTC
},
433 { "flush", no_argument
, NULL
, ARG_FLUSH
},
434 { "sync", no_argument
, NULL
, ARG_SYNC
},
435 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
436 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
437 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
438 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
439 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
440 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
449 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
465 arg_pager_end
= true;
467 if (arg_lines
== ARG_LINES_DEFAULT
)
477 arg_output
= output_mode_from_string(optarg
);
478 if (arg_output
< 0) {
479 log_error("Unknown output format '%s'.", optarg
);
483 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
502 if (streq(optarg
, "all"))
503 arg_lines
= ARG_LINES_ALL
;
505 r
= safe_atoi(optarg
, &arg_lines
);
506 if (r
< 0 || arg_lines
< 0) {
507 log_error("Failed to parse lines '%s'", optarg
);
514 /* Hmm, no argument? Maybe the next
515 * word on the command line is
516 * supposed to be the argument? Let's
517 * see if there is one, and is
521 if (streq(argv
[optind
], "all")) {
522 arg_lines
= ARG_LINES_ALL
;
524 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
538 arg_action
= ACTION_NEW_ID128
;
557 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
559 log_error("Failed to parse boot descriptor '%s'", optarg
);
564 /* Hmm, no argument? Maybe the next
565 * word on the command line is
566 * supposed to be the argument? Let's
567 * see if there is one and is parsable
568 * as a boot descriptor... */
571 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
578 arg_action
= ACTION_LIST_BOOTS
;
582 arg_boot
= arg_dmesg
= true;
586 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
590 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
594 arg_machine
= optarg
;
598 arg_directory
= optarg
;
602 if (streq(optarg
, "-"))
603 /* An undocumented feature: we can read journal files from STDIN. We don't document
604 * this though, since after all we only support this for mmap-able, seekable files, and
605 * not for example pipes which are probably the primary usecase for reading things from
606 * STDIN. To avoid confusion we hence don't document this feature. */
607 arg_file_stdin
= true;
609 r
= glob_extend(&arg_file
, optarg
);
611 return log_error_errno(r
, "Failed to add paths: %m");
616 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
625 case ARG_AFTER_CURSOR
:
626 arg_after_cursor
= optarg
;
629 case ARG_SHOW_CURSOR
:
630 arg_show_cursor
= true;
634 arg_action
= ACTION_PRINT_HEADER
;
638 arg_action
= ACTION_VERIFY
;
642 arg_action
= ACTION_DISK_USAGE
;
645 case ARG_VACUUM_SIZE
:
646 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
648 log_error("Failed to parse vacuum size: %s", optarg
);
652 arg_action
= ACTION_VACUUM
;
655 case ARG_VACUUM_FILES
:
656 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
658 log_error("Failed to parse vacuum files: %s", optarg
);
662 arg_action
= ACTION_VACUUM
;
665 case ARG_VACUUM_TIME
:
666 r
= parse_sec(optarg
, &arg_vacuum_time
);
668 log_error("Failed to parse vacuum time: %s", optarg
);
672 arg_action
= ACTION_VACUUM
;
681 arg_action
= ACTION_SETUP_KEYS
;
686 arg_action
= ACTION_VERIFY
;
687 r
= free_and_strdup(&arg_verify_key
, optarg
);
690 /* Use memset not string_erase so this doesn't look confusing
691 * in ps or htop output. */
692 memset(optarg
, 'x', strlen(optarg
));
698 r
= parse_sec(optarg
, &arg_interval
);
699 if (r
< 0 || arg_interval
<= 0) {
700 log_error("Failed to parse sealing key change interval: %s", optarg
);
709 log_error("Forward-secure sealing not available.");
716 dots
= strstr(optarg
, "..");
722 a
= strndup(optarg
, dots
- optarg
);
726 from
= log_level_from_string(a
);
727 to
= log_level_from_string(dots
+ 2);
730 if (from
< 0 || to
< 0) {
731 log_error("Failed to parse log level range %s", optarg
);
738 for (i
= from
; i
<= to
; i
++)
739 arg_priorities
|= 1 << i
;
741 for (i
= to
; i
<= from
; i
++)
742 arg_priorities
|= 1 << i
;
748 p
= log_level_from_string(optarg
);
750 log_error("Unknown log level %s", optarg
);
756 for (i
= 0; i
<= p
; i
++)
757 arg_priorities
|= 1 << i
;
764 r
= parse_timestamp(optarg
, &arg_since
);
766 log_error("Failed to parse timestamp: %s", optarg
);
769 arg_since_set
= true;
773 r
= parse_timestamp(optarg
, &arg_until
);
775 log_error("Failed to parse timestamp: %s", optarg
);
778 arg_until_set
= true;
782 r
= strv_extend(&arg_syslog_identifier
, optarg
);
788 r
= strv_extend(&arg_system_units
, optarg
);
794 r
= strv_extend(&arg_user_units
, optarg
);
800 arg_action
= ACTION_LIST_FIELDS
;
805 arg_action
= ACTION_LIST_FIELD_NAMES
;
808 case ARG_NO_HOSTNAME
:
809 arg_no_hostname
= true;
816 case ARG_LIST_CATALOG
:
817 arg_action
= ACTION_LIST_CATALOG
;
820 case ARG_DUMP_CATALOG
:
821 arg_action
= ACTION_DUMP_CATALOG
;
824 case ARG_UPDATE_CATALOG
:
825 arg_action
= ACTION_UPDATE_CATALOG
;
837 arg_action
= ACTION_FLUSH
;
841 arg_action
= ACTION_ROTATE
;
845 arg_action
= ACTION_SYNC
;
848 case ARG_OUTPUT_FIELDS
: {
849 _cleanup_strv_free_
char **v
= NULL
;
851 v
= strv_split(optarg
, ",");
855 if (!arg_output_fields
) {
856 arg_output_fields
= v
;
859 r
= strv_extend_strv(&arg_output_fields
, v
, true);
870 assert_not_reached("Unhandled option");
873 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
876 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
877 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
881 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
882 log_error("--since= must be before --until=.");
886 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
887 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
891 if (arg_follow
&& arg_reverse
) {
892 log_error("Please specify either --reverse= or --follow=, not both.");
896 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
897 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
901 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
902 log_error("Using --boot or --list-boots with --merge is not supported.");
906 if (!strv_isempty(arg_system_units
) && (arg_journal_type
== SD_JOURNAL_CURRENT_USER
)) {
908 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
909 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
910 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
911 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
915 arg_system_units
= strv_free(arg_system_units
);
921 static int generate_new_id128(void) {
926 r
= sd_id128_randomize(&id
);
928 return log_error_errno(r
, "Failed to generate ID: %m");
930 printf("As string:\n"
931 SD_ID128_FORMAT_STR
"\n\n"
933 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
934 "As man:sd-id128(3) macro:\n"
935 "#define MESSAGE_XYZ SD_ID128_MAKE(",
936 SD_ID128_FORMAT_VAL(id
),
937 SD_ID128_FORMAT_VAL(id
));
938 for (i
= 0; i
< 16; i
++)
939 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
940 fputs(")\n\n", stdout
);
942 printf("As Python constant:\n"
944 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
945 SD_ID128_FORMAT_VAL(id
));
950 static int add_matches(sd_journal
*j
, char **args
) {
952 bool have_term
= false;
956 STRV_FOREACH(i
, args
) {
959 if (streq(*i
, "+")) {
962 r
= sd_journal_add_disjunction(j
);
965 } else if (path_is_absolute(*i
)) {
966 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
969 r
= chase_symlinks(*i
, NULL
, 0, &p
);
971 return log_error_errno(r
, "Couldn't canonicalize path: %m");
973 if (lstat(p
, &st
) < 0)
974 return log_error_errno(errno
, "Couldn't stat file: %m");
976 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
977 if (executable_is_script(p
, &interpreter
) > 0) {
978 _cleanup_free_
char *comm
;
980 comm
= strndup(basename(p
), 15);
984 t
= strappend("_COMM=", comm
);
988 /* Append _EXE only if the interpreter is not a link.
989 Otherwise, it might be outdated often. */
990 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
991 t2
= strappend("_EXE=", interpreter
);
996 t
= strappend("_EXE=", p
);
1001 r
= sd_journal_add_match(j
, t
, 0);
1004 r
= sd_journal_add_match(j
, t2
, 0);
1006 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1007 r
= add_matches_for_device(j
, p
);
1011 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
1017 r
= sd_journal_add_match(j
, *i
, 0);
1022 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1025 if (!strv_isempty(args
) && !have_term
) {
1026 log_error("\"+\" can only be used between terms");
1033 static void boot_id_free_all(BootId
*l
) {
1037 LIST_REMOVE(boot_list
, l
, i
);
1042 static int discover_next_boot(sd_journal
*j
,
1043 sd_id128_t previous_boot_id
,
1047 _cleanup_free_ BootId
*next_boot
= NULL
;
1048 char match
[9+32+1] = "_BOOT_ID=";
1055 /* We expect the journal to be on the last position of a boot
1056 * (in relation to the direction we are going), so that the next
1057 * invocation of sd_journal_next/previous will be from a different
1058 * boot. We then collect any information we desire and then jump
1059 * to the last location of the new boot by using a _BOOT_ID match
1060 * coming from the other journal direction. */
1062 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1063 * we can actually advance to a *different* boot. */
1064 sd_journal_flush_matches(j
);
1068 r
= sd_journal_previous(j
);
1070 r
= sd_journal_next(j
);
1074 return 0; /* End of journal, yay. */
1076 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1080 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1081 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1082 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1083 * complete than the main entry array, and hence might reference an entry that's not actually the last
1084 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1085 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1088 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1090 next_boot
= new0(BootId
, 1);
1094 next_boot
->id
= boot_id
;
1096 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1100 /* Now seek to the last occurrence of this boot ID. */
1101 sd_id128_to_string(next_boot
->id
, match
+ 9);
1102 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1107 r
= sd_journal_seek_head(j
);
1109 r
= sd_journal_seek_tail(j
);
1114 r
= sd_journal_next(j
);
1116 r
= sd_journal_previous(j
);
1120 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1121 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1124 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1134 static int get_boots(
1137 sd_id128_t
*boot_id
,
1142 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1143 const bool advance_older
= boot_id
&& offset
<= 0;
1144 sd_id128_t previous_boot_id
;
1148 /* Adjust for the asymmetry that offset 0 is
1149 * the last (and current) boot, while 1 is considered the
1150 * (chronological) first boot in the journal. */
1151 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1153 /* Advance to the earliest/latest occurrence of our reference
1154 * boot ID (taking our lookup direction into account), so that
1155 * discover_next_boot() can do its job.
1156 * If no reference is given, the journal head/tail will do,
1157 * they're "virtual" boots after all. */
1158 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1159 char match
[9+32+1] = "_BOOT_ID=";
1161 sd_journal_flush_matches(j
);
1163 sd_id128_to_string(*boot_id
, match
+ 9);
1164 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1169 r
= sd_journal_seek_head(j
); /* seek to oldest */
1171 r
= sd_journal_seek_tail(j
); /* seek to newest */
1176 r
= sd_journal_next(j
); /* read the oldest entry */
1178 r
= sd_journal_previous(j
); /* read the most recently added entry */
1183 else if (offset
== 0) {
1188 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1189 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1190 * the following entry, which must then have an older/newer boot ID */
1194 r
= sd_journal_seek_tail(j
); /* seek to newest */
1196 r
= sd_journal_seek_head(j
); /* seek to oldest */
1200 /* No sd_journal_next()/_previous() here.
1202 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1203 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1207 previous_boot_id
= SD_ID128_NULL
;
1209 _cleanup_free_ BootId
*current
= NULL
;
1211 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1213 boot_id_free_all(head
);
1220 previous_boot_id
= current
->id
;
1224 offset
+= advance_older
? 1 : -1;
1229 *boot_id
= current
->id
;
1233 LIST_FOREACH(boot_list
, id
, head
) {
1234 if (sd_id128_equal(id
->id
, current
->id
)) {
1235 /* boot id already stored, something wrong with the journal files */
1236 /* exiting as otherwise this problem would cause forever loop */
1240 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1251 sd_journal_flush_matches(j
);
1256 static int list_boots(sd_journal
*j
) {
1258 BootId
*id
, *all_ids
;
1262 count
= get_boots(j
, &all_ids
, NULL
, 0);
1264 return log_error_errno(count
, "Failed to determine boots: %m");
1268 pager_open(arg_no_pager
, arg_pager_end
);
1270 /* numbers are one less, but we need an extra char for the sign */
1271 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1274 LIST_FOREACH(boot_list
, id
, all_ids
) {
1275 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1277 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1279 SD_ID128_FORMAT_VAL(id
->id
),
1280 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1281 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1285 boot_id_free_all(all_ids
);
1290 static int add_boot(sd_journal
*j
) {
1291 char match
[9+32+1] = "_BOOT_ID=";
1300 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1301 * We can do this only when we logs are coming from the current machine,
1302 * so take the slow path if log location is specified. */
1303 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1304 !arg_directory
&& !arg_file
&& !arg_root
)
1306 return add_match_this_boot(j
, arg_machine
);
1308 boot_id
= arg_boot_id
;
1309 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1312 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1314 if (sd_id128_is_null(arg_boot_id
))
1315 log_error("Data from the specified boot (%+i) is not available: %s",
1316 arg_boot_offset
, reason
);
1318 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1319 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1321 return r
== 0 ? -ENODATA
: r
;
1324 sd_id128_to_string(boot_id
, match
+ 9);
1326 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1328 return log_error_errno(r
, "Failed to add match: %m");
1330 r
= sd_journal_add_conjunction(j
);
1332 return log_error_errno(r
, "Failed to add conjunction: %m");
1337 static int add_dmesg(sd_journal
*j
) {
1344 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1346 return log_error_errno(r
, "Failed to add match: %m");
1348 r
= sd_journal_add_conjunction(j
);
1350 return log_error_errno(r
, "Failed to add conjunction: %m");
1355 static int get_possible_units(
1361 _cleanup_set_free_free_ Set
*found
;
1365 found
= set_new(&string_hash_ops
);
1369 NULSTR_FOREACH(field
, fields
) {
1373 r
= sd_journal_query_unique(j
, field
);
1377 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1378 char **pattern
, *eq
;
1380 _cleanup_free_
char *u
= NULL
;
1382 eq
= memchr(data
, '=', size
);
1384 prefix
= eq
- (char*) data
+ 1;
1388 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1392 STRV_FOREACH(pattern
, patterns
)
1393 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1394 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1396 r
= set_consume(found
, u
);
1398 if (r
< 0 && r
!= -EEXIST
)
1411 /* This list is supposed to return the superset of unit names
1412 * possibly matched by rules added with add_matches_for_unit... */
1413 #define SYSTEM_UNITS \
1417 "OBJECT_SYSTEMD_UNIT\0" \
1420 /* ... and add_matches_for_user_unit */
1421 #define USER_UNITS \
1422 "_SYSTEMD_USER_UNIT\0" \
1424 "COREDUMP_USER_UNIT\0" \
1425 "OBJECT_SYSTEMD_USER_UNIT\0"
1427 static int add_units(sd_journal
*j
) {
1428 _cleanup_strv_free_
char **patterns
= NULL
;
1434 STRV_FOREACH(i
, arg_system_units
) {
1435 _cleanup_free_
char *u
= NULL
;
1437 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1441 if (string_is_glob(u
)) {
1442 r
= strv_push(&patterns
, u
);
1447 r
= add_matches_for_unit(j
, u
);
1450 r
= sd_journal_add_disjunction(j
);
1457 if (!strv_isempty(patterns
)) {
1458 _cleanup_set_free_free_ Set
*units
= NULL
;
1462 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1466 SET_FOREACH(u
, units
, it
) {
1467 r
= add_matches_for_unit(j
, u
);
1470 r
= sd_journal_add_disjunction(j
);
1477 patterns
= strv_free(patterns
);
1479 STRV_FOREACH(i
, arg_user_units
) {
1480 _cleanup_free_
char *u
= NULL
;
1482 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1486 if (string_is_glob(u
)) {
1487 r
= strv_push(&patterns
, u
);
1492 r
= add_matches_for_user_unit(j
, u
, getuid());
1495 r
= sd_journal_add_disjunction(j
);
1502 if (!strv_isempty(patterns
)) {
1503 _cleanup_set_free_free_ Set
*units
= NULL
;
1507 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1511 SET_FOREACH(u
, units
, it
) {
1512 r
= add_matches_for_user_unit(j
, u
, getuid());
1515 r
= sd_journal_add_disjunction(j
);
1522 /* Complain if the user request matches but nothing whatsoever was
1523 * found, since otherwise everything would be matched. */
1524 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1527 r
= sd_journal_add_conjunction(j
);
1534 static int add_priorities(sd_journal
*j
) {
1535 char match
[] = "PRIORITY=0";
1539 if (arg_priorities
== 0xFF)
1542 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1543 if (arg_priorities
& (1 << i
)) {
1544 match
[sizeof(match
)-2] = '0' + i
;
1546 r
= sd_journal_add_match(j
, match
, strlen(match
));
1548 return log_error_errno(r
, "Failed to add match: %m");
1551 r
= sd_journal_add_conjunction(j
);
1553 return log_error_errno(r
, "Failed to add conjunction: %m");
1559 static int add_syslog_identifier(sd_journal
*j
) {
1565 STRV_FOREACH(i
, arg_syslog_identifier
) {
1568 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1569 r
= sd_journal_add_match(j
, u
, 0);
1572 r
= sd_journal_add_disjunction(j
);
1577 r
= sd_journal_add_conjunction(j
);
1584 static int setup_keys(void) {
1586 size_t mpk_size
, seed_size
, state_size
, i
;
1587 uint8_t *mpk
, *seed
, *state
;
1589 sd_id128_t machine
, boot
;
1590 char *p
= NULL
, *k
= NULL
;
1595 r
= stat("/var/log/journal", &st
);
1596 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1597 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1599 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1600 log_error("%s is not a directory, must be using persistent logging for FSS.",
1601 "/var/log/journal");
1602 return r
< 0 ? -errno
: -ENOTDIR
;
1605 r
= sd_id128_get_machine(&machine
);
1607 return log_error_errno(r
, "Failed to get machine ID: %m");
1609 r
= sd_id128_get_boot(&boot
);
1611 return log_error_errno(r
, "Failed to get boot ID: %m");
1613 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1614 SD_ID128_FORMAT_VAL(machine
)) < 0)
1619 if (r
< 0 && errno
!= ENOENT
) {
1620 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1623 } else if (access(p
, F_OK
) >= 0) {
1624 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1629 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1630 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1635 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1636 mpk
= alloca(mpk_size
);
1638 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1639 seed
= alloca(seed_size
);
1641 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1642 state
= alloca(state_size
);
1644 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1646 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1650 log_info("Generating seed...");
1651 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1653 log_error_errno(r
, "Failed to read random seed: %m");
1657 log_info("Generating key pair...");
1658 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1660 log_info("Generating sealing key...");
1661 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1663 assert(arg_interval
> 0);
1665 n
= now(CLOCK_REALTIME
);
1669 fd
= mkostemp_safe(k
);
1671 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1675 /* Enable secure remove, exclusion from dump, synchronous
1676 * writing and in-place updating */
1677 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1679 log_warning_errno(r
, "Failed to set file attributes: %m");
1682 memcpy(h
.signature
, "KSHHRHLP", 8);
1683 h
.machine_id
= machine
;
1685 h
.header_size
= htole64(sizeof(h
));
1686 h
.start_usec
= htole64(n
* arg_interval
);
1687 h
.interval_usec
= htole64(arg_interval
);
1688 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1689 h
.fsprg_state_size
= htole64(state_size
);
1691 r
= loop_write(fd
, &h
, sizeof(h
), false);
1693 log_error_errno(r
, "Failed to write header: %m");
1697 r
= loop_write(fd
, state
, state_size
, false);
1699 log_error_errno(r
, "Failed to write state: %m");
1703 if (link(k
, p
) < 0) {
1704 r
= log_error_errno(errno
, "Failed to link file: %m");
1711 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1712 "the following local file. This key file is automatically updated when the\n"
1713 "sealing key is advanced. It should not be used on multiple hosts.\n"
1717 "Please write down the following %ssecret verification key%s. It should be stored\n"
1718 "at a safe location and should not be saved locally on disk.\n"
1720 ansi_highlight(), ansi_normal(),
1722 ansi_highlight(), ansi_normal(),
1723 ansi_highlight_red());
1726 for (i
= 0; i
< seed_size
; i
++) {
1727 if (i
> 0 && i
% 3 == 0)
1729 printf("%02x", ((uint8_t*) seed
)[i
]);
1732 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1735 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1739 "The sealing key is automatically changed every %s.\n",
1741 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1743 hn
= gethostname_malloc();
1746 hostname_cleanup(hn
);
1747 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1749 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1752 /* If this is not an UTF-8 system don't print any QR codes */
1753 if (is_locale_utf8()) {
1754 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1755 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1775 log_error("Forward-secure sealing not available.");
1780 static int verify(sd_journal
*j
) {
1787 log_show_color(true);
1789 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1791 usec_t first
= 0, validated
= 0, last
= 0;
1794 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1795 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1798 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1800 /* If the key was invalid give up right-away. */
1803 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1806 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1807 log_info("PASS: %s", f
->path
);
1809 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1810 if (validated
> 0) {
1811 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1812 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1813 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1814 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1815 } else if (last
> 0)
1816 log_info("=> No sealing yet, %s of entries not sealed.",
1817 format_timespan(c
, sizeof(c
), last
- first
, 0));
1819 log_info("=> No sealing yet, no entries in file.");
1827 static int flush_to_var(void) {
1828 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1829 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1830 _cleanup_close_
int watch_fd
= -1;
1834 log_error("--flush is not supported in conjunction with --machine=.");
1839 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1842 /* OK, let's actually do the full logic, send SIGUSR1 to the
1843 * daemon and set up inotify to wait for the flushed file to appear */
1844 r
= bus_connect_system_systemd(&bus
);
1846 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1848 r
= sd_bus_call_method(
1850 "org.freedesktop.systemd1",
1851 "/org/freedesktop/systemd1",
1852 "org.freedesktop.systemd1.Manager",
1856 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1858 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1860 mkdir_p("/run/systemd/journal", 0755);
1862 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1864 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1866 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1868 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1871 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1874 if (errno
!= ENOENT
)
1875 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1877 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1879 return log_error_errno(r
, "Failed to wait for event: %m");
1881 r
= flush_fd(watch_fd
);
1883 return log_error_errno(r
, "Failed to flush inotify events: %m");
1889 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1890 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1891 _cleanup_close_
int watch_fd
= -1;
1896 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1900 start
= now(CLOCK_MONOTONIC
);
1902 /* This call sends the specified signal to journald, and waits
1903 * for acknowledgment by watching the mtime of the specified
1904 * flag file. This is used to trigger syncing or rotation and
1905 * then wait for the operation to complete. */
1910 /* See if a sync happened by now. */
1911 r
= read_timestamp_file(watch_path
, &tstamp
);
1912 if (r
< 0 && r
!= -ENOENT
)
1913 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
1914 if (r
>= 0 && tstamp
>= start
)
1917 /* Let's ask for a sync, but only once. */
1919 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1921 r
= bus_connect_system_systemd(&bus
);
1923 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1925 r
= sd_bus_call_method(
1927 "org.freedesktop.systemd1",
1928 "/org/freedesktop/systemd1",
1929 "org.freedesktop.systemd1.Manager",
1933 "ssi", "systemd-journald.service", "main", sig
);
1935 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1940 /* Let's install the inotify watch, if we didn't do that yet. */
1943 mkdir_p("/run/systemd/journal", 0755);
1945 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1947 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1949 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1951 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1953 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
1957 /* OK, all preparatory steps done, let's wait until
1958 * inotify reports an event. */
1960 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1962 return log_error_errno(r
, "Failed to wait for event: %m");
1964 r
= flush_fd(watch_fd
);
1966 return log_error_errno(r
, "Failed to flush inotify events: %m");
1972 static int rotate(void) {
1973 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
1976 static int sync_journal(void) {
1977 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
1980 int main(int argc
, char *argv
[]) {
1982 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
1983 bool need_seek
= false;
1984 sd_id128_t previous_boot_id
;
1985 bool previous_boot_id_valid
= false, first_line
= true;
1987 bool ellipsized
= false;
1989 setlocale(LC_ALL
, "");
1990 log_parse_environment();
1993 r
= parse_argv(argc
, argv
);
1997 signal(SIGWINCH
, columns_lines_cache_reset
);
2000 /* Increase max number of open files to 16K if we can, we
2001 * might needs this when browsing journal files, which might
2002 * be split up into many files. */
2003 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2005 switch (arg_action
) {
2007 case ACTION_NEW_ID128
:
2008 r
= generate_new_id128();
2011 case ACTION_SETUP_KEYS
:
2015 case ACTION_LIST_CATALOG
:
2016 case ACTION_DUMP_CATALOG
:
2017 case ACTION_UPDATE_CATALOG
: {
2018 _cleanup_free_
char *database
;
2020 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2026 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2027 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2029 log_error_errno(r
, "Failed to list catalog: %m");
2031 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2033 pager_open(arg_no_pager
, arg_pager_end
);
2036 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2038 r
= catalog_list(stdout
, database
, oneline
);
2040 log_error_errno(r
, "Failed to list catalog: %m");
2059 case ACTION_PRINT_HEADER
:
2061 case ACTION_DISK_USAGE
:
2062 case ACTION_LIST_BOOTS
:
2064 case ACTION_LIST_FIELDS
:
2065 case ACTION_LIST_FIELD_NAMES
:
2066 /* These ones require access to the journal files, continue below. */
2070 assert_not_reached("Unknown action");
2074 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2076 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2077 else if (arg_file_stdin
) {
2078 int ifd
= STDIN_FILENO
;
2079 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2080 } else if (arg_file
)
2081 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2082 else if (arg_machine
) {
2083 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2084 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2085 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2088 if (geteuid() != 0) {
2089 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2090 * the container, thus we need root privileges to override them. */
2091 log_error("Using the --machine= switch requires root privileges.");
2096 r
= sd_bus_open_system(&bus
);
2098 log_error_errno(r
, "Failed to open system bus: %m");
2102 r
= sd_bus_call_method(
2104 "org.freedesktop.machine1",
2105 "/org/freedesktop/machine1",
2106 "org.freedesktop.machine1.Manager",
2107 "OpenMachineRootDirectory",
2112 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2116 r
= sd_bus_message_read(reply
, "h", &fd
);
2118 bus_log_parse_error(r
);
2122 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2124 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2128 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2132 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2134 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2138 r
= journal_access_check_and_warn(j
, arg_quiet
);
2142 switch (arg_action
) {
2144 case ACTION_NEW_ID128
:
2145 case ACTION_SETUP_KEYS
:
2146 case ACTION_LIST_CATALOG
:
2147 case ACTION_DUMP_CATALOG
:
2148 case ACTION_UPDATE_CATALOG
:
2152 assert_not_reached("Unexpected action.");
2154 case ACTION_PRINT_HEADER
:
2155 journal_print_header(j
);
2163 case ACTION_DISK_USAGE
: {
2165 char sbytes
[FORMAT_BYTES_MAX
];
2167 r
= sd_journal_get_usage(j
, &bytes
);
2171 printf("Archived and active journals take up %s in the file system.\n",
2172 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2176 case ACTION_LIST_BOOTS
:
2180 case ACTION_VACUUM
: {
2184 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2190 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2192 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2200 case ACTION_LIST_FIELD_NAMES
: {
2203 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2204 printf("%s\n", field
);
2213 case ACTION_LIST_FIELDS
:
2217 assert_not_reached("Unknown action");
2220 if (arg_boot_offset
!= 0 &&
2221 sd_journal_has_runtime_files(j
) > 0 &&
2222 sd_journal_has_persistent_files(j
) == 0) {
2223 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2227 /* add_boot() must be called first!
2228 * It may need to seek the journal to find parent boot IDs. */
2239 log_error_errno(r
, "Failed to add filter for units: %m");
2243 r
= add_syslog_identifier(j
);
2245 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2249 r
= add_priorities(j
);
2253 r
= add_matches(j
, argv
+ optind
);
2257 if (_unlikely_(log_get_max_level() >= LOG_DEBUG
)) {
2258 _cleanup_free_
char *filter
;
2260 filter
= journal_make_match_string(j
);
2264 log_debug("Journal filter: %s", filter
);
2267 if (arg_action
== ACTION_LIST_FIELDS
) {
2273 r
= sd_journal_set_data_threshold(j
, 0);
2275 log_error_errno(r
, "Failed to unset data size threshold: %m");
2279 r
= sd_journal_query_unique(j
, arg_field
);
2281 log_error_errno(r
, "Failed to query unique data objects: %m");
2285 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2288 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2291 eq
= memchr(data
, '=', size
);
2293 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2295 printf("%.*s\n", (int) size
, (const char*) data
);
2304 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2306 r
= sd_journal_get_fd(j
);
2307 if (r
== -EMEDIUMTYPE
) {
2308 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2312 log_error_errno(r
, "Failed to get journal fd: %m");
2317 if (arg_cursor
|| arg_after_cursor
) {
2318 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2320 log_error_errno(r
, "Failed to seek to cursor: %m");
2325 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2327 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2329 if (arg_after_cursor
&& r
< 2) {
2330 /* We couldn't find the next entry after the cursor. */
2337 } else if (arg_since_set
&& !arg_reverse
) {
2338 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2340 log_error_errno(r
, "Failed to seek to date: %m");
2343 r
= sd_journal_next(j
);
2345 } else if (arg_until_set
&& arg_reverse
) {
2346 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2348 log_error_errno(r
, "Failed to seek to date: %m");
2351 r
= sd_journal_previous(j
);
2353 } else if (arg_lines
>= 0) {
2354 r
= sd_journal_seek_tail(j
);
2356 log_error_errno(r
, "Failed to seek to tail: %m");
2360 r
= sd_journal_previous_skip(j
, arg_lines
);
2362 } else if (arg_reverse
) {
2363 r
= sd_journal_seek_tail(j
);
2365 log_error_errno(r
, "Failed to seek to tail: %m");
2369 r
= sd_journal_previous(j
);
2372 r
= sd_journal_seek_head(j
);
2374 log_error_errno(r
, "Failed to seek to head: %m");
2378 r
= sd_journal_next(j
);
2382 log_error_errno(r
, "Failed to iterate through journal: %m");
2389 pager_open(arg_no_pager
, arg_pager_end
);
2391 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2393 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2395 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2397 log_error_errno(r
, "Failed to get cutoff: %m");
2403 printf("-- Logs begin at %s. --\n",
2404 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2406 printf("-- Logs begin at %s, end at %s. --\n",
2407 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2408 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2413 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2418 r
= sd_journal_next(j
);
2420 r
= sd_journal_previous(j
);
2422 log_error_errno(r
, "Failed to iterate through journal: %m");
2429 if (arg_until_set
&& !arg_reverse
) {
2432 r
= sd_journal_get_realtime_usec(j
, &usec
);
2434 log_error_errno(r
, "Failed to determine timestamp: %m");
2437 if (usec
> arg_until
)
2441 if (arg_since_set
&& arg_reverse
) {
2444 r
= sd_journal_get_realtime_usec(j
, &usec
);
2446 log_error_errno(r
, "Failed to determine timestamp: %m");
2449 if (usec
< arg_since
)
2453 if (!arg_merge
&& !arg_quiet
) {
2456 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2458 if (previous_boot_id_valid
&&
2459 !sd_id128_equal(boot_id
, previous_boot_id
))
2460 printf("%s-- Reboot --%s\n",
2461 ansi_highlight(), ansi_normal());
2463 previous_boot_id
= boot_id
;
2464 previous_boot_id_valid
= true;
2469 arg_all
* OUTPUT_SHOW_ALL
|
2470 arg_full
* OUTPUT_FULL_WIDTH
|
2471 colors_enabled() * OUTPUT_COLOR
|
2472 arg_catalog
* OUTPUT_CATALOG
|
2473 arg_utc
* OUTPUT_UTC
|
2474 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2476 r
= output_journal(stdout
, j
, arg_output
, 0, flags
, arg_output_fields
, &ellipsized
);
2478 if (r
== -EADDRNOTAVAIL
)
2480 else if (r
< 0 || ferror(stdout
))
2487 if (n_shown
== 0 && !arg_quiet
)
2488 printf("-- No entries --\n");
2490 if (arg_show_cursor
) {
2491 _cleanup_free_
char *cursor
= NULL
;
2493 r
= sd_journal_get_cursor(j
, &cursor
);
2494 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2495 log_error_errno(r
, "Failed to get cursor: %m");
2497 printf("-- cursor: %s\n", cursor
);
2504 r
= sd_journal_wait(j
, (uint64_t) -1);
2506 log_error_errno(r
, "Couldn't wait for journal event: %m");
2517 strv_free(arg_file
);
2519 strv_free(arg_syslog_identifier
);
2520 strv_free(arg_system_units
);
2521 strv_free(arg_user_units
);
2522 strv_free(arg_output_fields
);
2525 free(arg_verify_key
);
2527 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;