1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2011 Lennart Poettering
20 #include <sys/inotify.h>
25 # define PCRE2_CODE_UNIT_WIDTH 8
30 #include "sd-journal.h"
33 #include "alloc-util.h"
34 #include "bus-error.h"
37 #include "chattr-util.h"
42 #include "glob-util.h"
43 #include "hostname-util.h"
45 #include "journal-def.h"
46 #include "journal-internal.h"
47 #include "journal-qrcode.h"
48 #include "journal-util.h"
49 #include "journal-vacuum.h"
50 #include "journal-verify.h"
51 #include "locale-util.h"
53 #include "logs-show.h"
56 #include "parse-util.h"
57 #include "path-util.h"
58 #include "rlimit-util.h"
61 #include "string-table.h"
63 #include "syslog-util.h"
64 #include "terminal-util.h"
65 #include "udev-util.h"
67 #include "unit-name.h"
68 #include "user-util.h"
70 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
72 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
75 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
76 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
78 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
80 PCRE2_SIZE erroroffset
;
83 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
84 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
86 unsigned char buf
[LINE_MAX
];
88 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
90 log_error("Bad pattern \"%s\": %s",
92 r
< 0 ? "unknown error" : (char*) buf
);
103 /* Special values for arg_lines */
104 ARG_LINES_DEFAULT
= -2,
108 static OutputMode arg_output
= OUTPUT_SHORT
;
109 static bool arg_utc
= false;
110 static bool arg_pager_end
= false;
111 static bool arg_follow
= false;
112 static bool arg_full
= true;
113 static bool arg_all
= false;
114 static bool arg_no_pager
= false;
115 static int arg_lines
= ARG_LINES_DEFAULT
;
116 static bool arg_no_tail
= false;
117 static bool arg_quiet
= false;
118 static bool arg_merge
= false;
119 static bool arg_boot
= false;
120 static sd_id128_t arg_boot_id
= {};
121 static int arg_boot_offset
= 0;
122 static bool arg_dmesg
= false;
123 static bool arg_no_hostname
= false;
124 static const char *arg_cursor
= NULL
;
125 static const char *arg_after_cursor
= NULL
;
126 static bool arg_show_cursor
= false;
127 static const char *arg_directory
= NULL
;
128 static char **arg_file
= NULL
;
129 static bool arg_file_stdin
= false;
130 static int arg_priorities
= 0xFF;
131 static char *arg_verify_key
= NULL
;
133 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
134 static bool arg_force
= false;
136 static usec_t arg_since
, arg_until
;
137 static bool arg_since_set
= false, arg_until_set
= false;
138 static char **arg_syslog_identifier
= NULL
;
139 static char **arg_system_units
= NULL
;
140 static char **arg_user_units
= NULL
;
141 static const char *arg_field
= NULL
;
142 static bool arg_catalog
= false;
143 static bool arg_reverse
= false;
144 static int arg_journal_type
= 0;
145 static char *arg_root
= NULL
;
146 static const char *arg_machine
= NULL
;
147 static uint64_t arg_vacuum_size
= 0;
148 static uint64_t arg_vacuum_n_files
= 0;
149 static usec_t arg_vacuum_time
= 0;
150 static char **arg_output_fields
= NULL
;
153 static const char *arg_pattern
= NULL
;
154 static pcre2_code
*arg_compiled_pattern
= NULL
;
155 static int arg_case_sensitive
= -1; /* -1 means be smart */
167 ACTION_UPDATE_CATALOG
,
174 ACTION_LIST_FIELD_NAMES
,
175 } arg_action
= ACTION_SHOW
;
177 typedef struct BootId
{
181 LIST_FIELDS(struct BootId
, boot_list
);
184 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
185 _cleanup_(udev_unrefp
) struct udev
*udev
= NULL
;
186 _cleanup_(udev_device_unrefp
) struct udev_device
*device
= NULL
;
187 struct udev_device
*d
= NULL
;
194 if (!path_startswith(devpath
, "/dev/")) {
195 log_error("Devpath does not start with /dev/");
203 if (stat(devpath
, &st
) < 0)
204 return log_error_errno(errno
, "Couldn't stat file: %m");
206 r
= udev_device_new_from_stat_rdev(udev
, &st
, &device
);
208 return log_error_errno(r
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
211 _cleanup_free_
char *match
= NULL
;
212 const char *subsys
, *sysname
, *devnode
;
214 subsys
= udev_device_get_subsystem(d
);
216 d
= udev_device_get_parent(d
);
220 sysname
= udev_device_get_sysname(d
);
222 d
= udev_device_get_parent(d
);
226 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
230 r
= sd_journal_add_match(j
, match
, 0);
232 return log_error_errno(r
, "Failed to add match: %m");
234 devnode
= udev_device_get_devnode(d
);
236 _cleanup_free_
char *match1
= NULL
;
238 r
= stat(devnode
, &st
);
240 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
242 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
246 r
= sd_journal_add_match(j
, match1
, 0);
248 return log_error_errno(r
, "Failed to add match: %m");
251 d
= udev_device_get_parent(d
);
254 r
= add_match_this_boot(j
, arg_machine
);
256 return log_error_errno(r
, "Failed to add match for the current boot: %m");
261 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
264 return format_timestamp_utc(buf
, l
, t
);
266 return format_timestamp(buf
, l
, t
);
269 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
270 sd_id128_t id
= SD_ID128_NULL
;
273 if (strlen(x
) >= 32) {
277 r
= sd_id128_from_string(t
, &id
);
281 if (!IN_SET(*x
, 0, '-', '+'))
285 r
= safe_atoi(x
, &off
);
290 r
= safe_atoi(x
, &off
);
304 static void help(void) {
306 (void) pager_open(arg_no_pager
, arg_pager_end
);
308 printf("%s [OPTIONS...] [MATCHES...]\n\n"
309 "Query the journal.\n\n"
311 " --system Show the system journal\n"
312 " --user Show the user journal for the current user\n"
313 " -M --machine=CONTAINER Operate on local container\n"
314 " -S --since=DATE Show entries not older than the specified date\n"
315 " -U --until=DATE Show entries not newer than the specified date\n"
316 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
317 " --after-cursor=CURSOR Show entries after the specified cursor\n"
318 " --show-cursor Print the cursor after all the entries\n"
319 " -b --boot[=ID] Show current boot or the specified boot\n"
320 " --list-boots Show terse information about recorded boots\n"
321 " -k --dmesg Show kernel message log from the current boot\n"
322 " -u --unit=UNIT Show logs from the specified unit\n"
323 " --user-unit=UNIT Show logs from the specified user unit\n"
324 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
325 " -p --priority=RANGE Show entries with the specified priority\n"
326 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
327 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
328 " -e --pager-end Immediately jump to the end in the pager\n"
329 " -f --follow Follow the journal\n"
330 " -n --lines[=INTEGER] Number of journal entries to show\n"
331 " --no-tail Show all lines, even in follow mode\n"
332 " -r --reverse Show the newest entries first\n"
333 " -o --output=STRING Change journal output mode (short, short-precise,\n"
334 " short-iso, short-iso-precise, short-full,\n"
335 " short-monotonic, short-unix, verbose, export,\n"
336 " json, json-pretty, json-sse, cat, with-unit)\n"
337 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
338 " --utc Express time in Coordinated Universal Time (UTC)\n"
339 " -x --catalog Add message explanations where available\n"
340 " --no-full Ellipsize fields\n"
341 " -a --all Show all fields, including long and unprintable\n"
342 " -q --quiet Do not show info messages and privilege warning\n"
343 " --no-pager Do not pipe output into a pager\n"
344 " --no-hostname Suppress output of hostname field\n"
345 " -m --merge Show entries from all available journals\n"
346 " -D --directory=PATH Show journal files from directory\n"
347 " --file=PATH Show journal file\n"
348 " --root=ROOT Operate on files below a root directory\n"
350 " --interval=TIME Time interval for changing the FSS sealing key\n"
351 " --verify-key=KEY Specify FSS verification key\n"
352 " --force Override of the FSS key pair with --setup-keys\n"
355 " -h --help Show this help text\n"
356 " --version Show package version\n"
357 " -N --fields List all field names currently used\n"
358 " -F --field=FIELD List all values that a specified field takes\n"
359 " --disk-usage Show total disk usage of all journal files\n"
360 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
361 " --vacuum-files=INT Leave only the specified number of journal files\n"
362 " --vacuum-time=TIME Remove journal files older than specified time\n"
363 " --verify Verify journal file consistency\n"
364 " --sync Synchronize unwritten journal messages to disk\n"
365 " --flush Flush all journal data from /run into /var\n"
366 " --rotate Request immediate rotation of the journal files\n"
367 " --header Show journal header information\n"
368 " --list-catalog Show all message IDs in the catalog\n"
369 " --dump-catalog Show entries in the message catalog\n"
370 " --update-catalog Update the message catalog database\n"
371 " --new-id128 Generate a new 128-bit ID\n"
373 " --setup-keys Generate a new FSS key pair\n"
375 , program_invocation_short_name
);
378 static int parse_argv(int argc
, char *argv
[]) {
417 static const struct option options
[] = {
418 { "help", no_argument
, NULL
, 'h' },
419 { "version" , no_argument
, NULL
, ARG_VERSION
},
420 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
421 { "pager-end", no_argument
, NULL
, 'e' },
422 { "follow", no_argument
, NULL
, 'f' },
423 { "force", no_argument
, NULL
, ARG_FORCE
},
424 { "output", required_argument
, NULL
, 'o' },
425 { "all", no_argument
, NULL
, 'a' },
426 { "full", no_argument
, NULL
, 'l' },
427 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
428 { "lines", optional_argument
, NULL
, 'n' },
429 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
430 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
431 { "quiet", no_argument
, NULL
, 'q' },
432 { "merge", no_argument
, NULL
, 'm' },
433 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
434 { "boot", optional_argument
, NULL
, 'b' },
435 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
436 { "dmesg", no_argument
, NULL
, 'k' },
437 { "system", no_argument
, NULL
, ARG_SYSTEM
},
438 { "user", no_argument
, NULL
, ARG_USER
},
439 { "directory", required_argument
, NULL
, 'D' },
440 { "file", required_argument
, NULL
, ARG_FILE
},
441 { "root", required_argument
, NULL
, ARG_ROOT
},
442 { "header", no_argument
, NULL
, ARG_HEADER
},
443 { "identifier", required_argument
, NULL
, 't' },
444 { "priority", required_argument
, NULL
, 'p' },
445 { "grep", required_argument
, NULL
, 'g' },
446 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
447 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
448 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
449 { "verify", no_argument
, NULL
, ARG_VERIFY
},
450 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
451 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
452 { "cursor", required_argument
, NULL
, 'c' },
453 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
454 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
455 { "since", required_argument
, NULL
, 'S' },
456 { "until", required_argument
, NULL
, 'U' },
457 { "unit", required_argument
, NULL
, 'u' },
458 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
459 { "field", required_argument
, NULL
, 'F' },
460 { "fields", no_argument
, NULL
, 'N' },
461 { "catalog", no_argument
, NULL
, 'x' },
462 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
463 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
464 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
465 { "reverse", no_argument
, NULL
, 'r' },
466 { "machine", required_argument
, NULL
, 'M' },
467 { "utc", no_argument
, NULL
, ARG_UTC
},
468 { "flush", no_argument
, NULL
, ARG_FLUSH
},
469 { "sync", no_argument
, NULL
, ARG_SYNC
},
470 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
471 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
472 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
473 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
474 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
475 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
484 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
500 arg_pager_end
= true;
502 if (arg_lines
== ARG_LINES_DEFAULT
)
512 if (streq(optarg
, "help")) {
513 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
517 arg_output
= output_mode_from_string(optarg
);
518 if (arg_output
< 0) {
519 log_error("Unknown output format '%s'.", optarg
);
523 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
542 if (streq(optarg
, "all"))
543 arg_lines
= ARG_LINES_ALL
;
545 r
= safe_atoi(optarg
, &arg_lines
);
546 if (r
< 0 || arg_lines
< 0) {
547 log_error("Failed to parse lines '%s'", optarg
);
554 /* Hmm, no argument? Maybe the next
555 * word on the command line is
556 * supposed to be the argument? Let's
557 * see if there is one, and is
561 if (streq(argv
[optind
], "all")) {
562 arg_lines
= ARG_LINES_ALL
;
564 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
578 arg_action
= ACTION_NEW_ID128
;
597 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
599 log_error("Failed to parse boot descriptor '%s'", optarg
);
604 /* Hmm, no argument? Maybe the next
605 * word on the command line is
606 * supposed to be the argument? Let's
607 * see if there is one and is parsable
608 * as a boot descriptor... */
611 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
618 arg_action
= ACTION_LIST_BOOTS
;
622 arg_boot
= arg_dmesg
= true;
626 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
630 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
634 arg_machine
= optarg
;
638 arg_directory
= optarg
;
642 if (streq(optarg
, "-"))
643 /* An undocumented feature: we can read journal files from STDIN. We don't document
644 * this though, since after all we only support this for mmap-able, seekable files, and
645 * not for example pipes which are probably the primary usecase for reading things from
646 * STDIN. To avoid confusion we hence don't document this feature. */
647 arg_file_stdin
= true;
649 r
= glob_extend(&arg_file
, optarg
);
651 return log_error_errno(r
, "Failed to add paths: %m");
656 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
665 case ARG_AFTER_CURSOR
:
666 arg_after_cursor
= optarg
;
669 case ARG_SHOW_CURSOR
:
670 arg_show_cursor
= true;
674 arg_action
= ACTION_PRINT_HEADER
;
678 arg_action
= ACTION_VERIFY
;
682 arg_action
= ACTION_DISK_USAGE
;
685 case ARG_VACUUM_SIZE
:
686 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
688 log_error("Failed to parse vacuum size: %s", optarg
);
692 arg_action
= ACTION_VACUUM
;
695 case ARG_VACUUM_FILES
:
696 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
698 log_error("Failed to parse vacuum files: %s", optarg
);
702 arg_action
= ACTION_VACUUM
;
705 case ARG_VACUUM_TIME
:
706 r
= parse_sec(optarg
, &arg_vacuum_time
);
708 log_error("Failed to parse vacuum time: %s", optarg
);
712 arg_action
= ACTION_VACUUM
;
721 arg_action
= ACTION_SETUP_KEYS
;
725 arg_action
= ACTION_VERIFY
;
726 r
= free_and_strdup(&arg_verify_key
, optarg
);
729 /* Use memset not string_erase so this doesn't look confusing
730 * in ps or htop output. */
731 memset(optarg
, 'x', strlen(optarg
));
737 r
= parse_sec(optarg
, &arg_interval
);
738 if (r
< 0 || arg_interval
<= 0) {
739 log_error("Failed to parse sealing key change interval: %s", optarg
);
748 log_error("Forward-secure sealing not available.");
755 dots
= strstr(optarg
, "..");
761 a
= strndup(optarg
, dots
- optarg
);
765 from
= log_level_from_string(a
);
766 to
= log_level_from_string(dots
+ 2);
769 if (from
< 0 || to
< 0) {
770 log_error("Failed to parse log level range %s", optarg
);
777 for (i
= from
; i
<= to
; i
++)
778 arg_priorities
|= 1 << i
;
780 for (i
= to
; i
<= from
; i
++)
781 arg_priorities
|= 1 << i
;
787 p
= log_level_from_string(optarg
);
789 log_error("Unknown log level %s", optarg
);
795 for (i
= 0; i
<= p
; i
++)
796 arg_priorities
|= 1 << i
;
804 arg_pattern
= optarg
;
807 case ARG_CASE_SENSITIVE
:
809 r
= parse_boolean(optarg
);
811 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
812 arg_case_sensitive
= r
;
814 arg_case_sensitive
= true;
819 case ARG_CASE_SENSITIVE
:
820 return log_error("Compiled without pattern matching support");
824 r
= parse_timestamp(optarg
, &arg_since
);
826 log_error("Failed to parse timestamp: %s", optarg
);
829 arg_since_set
= true;
833 r
= parse_timestamp(optarg
, &arg_until
);
835 log_error("Failed to parse timestamp: %s", optarg
);
838 arg_until_set
= true;
842 r
= strv_extend(&arg_syslog_identifier
, optarg
);
848 r
= strv_extend(&arg_system_units
, optarg
);
854 r
= strv_extend(&arg_user_units
, optarg
);
860 arg_action
= ACTION_LIST_FIELDS
;
865 arg_action
= ACTION_LIST_FIELD_NAMES
;
868 case ARG_NO_HOSTNAME
:
869 arg_no_hostname
= true;
876 case ARG_LIST_CATALOG
:
877 arg_action
= ACTION_LIST_CATALOG
;
880 case ARG_DUMP_CATALOG
:
881 arg_action
= ACTION_DUMP_CATALOG
;
884 case ARG_UPDATE_CATALOG
:
885 arg_action
= ACTION_UPDATE_CATALOG
;
897 arg_action
= ACTION_FLUSH
;
901 arg_action
= ACTION_ROTATE
;
905 arg_action
= ACTION_SYNC
;
908 case ARG_OUTPUT_FIELDS
: {
909 _cleanup_strv_free_
char **v
= NULL
;
911 v
= strv_split(optarg
, ",");
915 if (!arg_output_fields
)
916 arg_output_fields
= TAKE_PTR(v
);
918 r
= strv_extend_strv(&arg_output_fields
, v
, true);
929 assert_not_reached("Unhandled option");
932 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
935 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
936 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
940 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
941 log_error("--since= must be before --until=.");
945 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
946 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
950 if (arg_follow
&& arg_reverse
) {
951 log_error("Please specify either --reverse= or --follow=, not both.");
955 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
956 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
960 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
961 log_error("Using --boot or --list-boots with --merge is not supported.");
965 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
966 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
967 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
968 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
969 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
973 arg_system_units
= strv_free(arg_system_units
);
980 if (arg_case_sensitive
>= 0)
981 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
983 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
985 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
987 md
= pcre2_match_data_create(1, NULL
);
991 r
= pattern_compile("[[:upper:]]", 0, &cs
);
995 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
998 flags
= !has_case
* PCRE2_CASELESS
;
1001 log_debug("Doing case %s matching based on %s",
1002 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1003 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1005 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1014 static int generate_new_id128(void) {
1019 r
= sd_id128_randomize(&id
);
1021 return log_error_errno(r
, "Failed to generate ID: %m");
1023 printf("As string:\n"
1024 SD_ID128_FORMAT_STR
"\n\n"
1026 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
1027 "As man:sd-id128(3) macro:\n"
1028 "#define MESSAGE_XYZ SD_ID128_MAKE(",
1029 SD_ID128_FORMAT_VAL(id
),
1030 SD_ID128_FORMAT_VAL(id
));
1031 for (i
= 0; i
< 16; i
++)
1032 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
1033 fputs(")\n\n", stdout
);
1035 printf("As Python constant:\n"
1037 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
1038 SD_ID128_FORMAT_VAL(id
));
1043 static int add_matches(sd_journal
*j
, char **args
) {
1045 bool have_term
= false;
1049 STRV_FOREACH(i
, args
) {
1052 if (streq(*i
, "+")) {
1055 r
= sd_journal_add_disjunction(j
);
1058 } else if (path_is_absolute(*i
)) {
1059 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1062 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1064 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1066 if (lstat(p
, &st
) < 0)
1067 return log_error_errno(errno
, "Couldn't stat file: %m");
1069 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1070 if (executable_is_script(p
, &interpreter
) > 0) {
1071 _cleanup_free_
char *comm
;
1073 comm
= strndup(basename(p
), 15);
1077 t
= strappend("_COMM=", comm
);
1081 /* Append _EXE only if the interpreter is not a link.
1082 Otherwise, it might be outdated often. */
1083 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1084 t2
= strappend("_EXE=", interpreter
);
1089 t
= strappend("_EXE=", p
);
1094 r
= sd_journal_add_match(j
, t
, 0);
1097 r
= sd_journal_add_match(j
, t2
, 0);
1099 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1100 r
= add_matches_for_device(j
, p
);
1104 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
1110 r
= sd_journal_add_match(j
, *i
, 0);
1115 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1118 if (!strv_isempty(args
) && !have_term
) {
1119 log_error("\"+\" can only be used between terms");
1126 static void boot_id_free_all(BootId
*l
) {
1130 LIST_REMOVE(boot_list
, l
, i
);
1135 static int discover_next_boot(sd_journal
*j
,
1136 sd_id128_t previous_boot_id
,
1140 _cleanup_free_ BootId
*next_boot
= NULL
;
1141 char match
[9+32+1] = "_BOOT_ID=";
1148 /* We expect the journal to be on the last position of a boot
1149 * (in relation to the direction we are going), so that the next
1150 * invocation of sd_journal_next/previous will be from a different
1151 * boot. We then collect any information we desire and then jump
1152 * to the last location of the new boot by using a _BOOT_ID match
1153 * coming from the other journal direction. */
1155 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1156 * we can actually advance to a *different* boot. */
1157 sd_journal_flush_matches(j
);
1161 r
= sd_journal_previous(j
);
1163 r
= sd_journal_next(j
);
1167 return 0; /* End of journal, yay. */
1169 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1173 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1174 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1175 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1176 * complete than the main entry array, and hence might reference an entry that's not actually the last
1177 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1178 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1181 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1183 next_boot
= new0(BootId
, 1);
1187 next_boot
->id
= boot_id
;
1189 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1193 /* Now seek to the last occurrence of this boot ID. */
1194 sd_id128_to_string(next_boot
->id
, match
+ 9);
1195 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1200 r
= sd_journal_seek_head(j
);
1202 r
= sd_journal_seek_tail(j
);
1207 r
= sd_journal_next(j
);
1209 r
= sd_journal_previous(j
);
1213 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1214 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1217 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1221 *ret
= TAKE_PTR(next_boot
);
1226 static int get_boots(
1229 sd_id128_t
*boot_id
,
1234 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1235 const bool advance_older
= boot_id
&& offset
<= 0;
1236 sd_id128_t previous_boot_id
;
1240 /* Adjust for the asymmetry that offset 0 is
1241 * the last (and current) boot, while 1 is considered the
1242 * (chronological) first boot in the journal. */
1243 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1245 /* Advance to the earliest/latest occurrence of our reference
1246 * boot ID (taking our lookup direction into account), so that
1247 * discover_next_boot() can do its job.
1248 * If no reference is given, the journal head/tail will do,
1249 * they're "virtual" boots after all. */
1250 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1251 char match
[9+32+1] = "_BOOT_ID=";
1253 sd_journal_flush_matches(j
);
1255 sd_id128_to_string(*boot_id
, match
+ 9);
1256 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1261 r
= sd_journal_seek_head(j
); /* seek to oldest */
1263 r
= sd_journal_seek_tail(j
); /* seek to newest */
1268 r
= sd_journal_next(j
); /* read the oldest entry */
1270 r
= sd_journal_previous(j
); /* read the most recently added entry */
1275 else if (offset
== 0) {
1280 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1281 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1282 * the following entry, which must then have an older/newer boot ID */
1286 r
= sd_journal_seek_tail(j
); /* seek to newest */
1288 r
= sd_journal_seek_head(j
); /* seek to oldest */
1292 /* No sd_journal_next()/_previous() here.
1294 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1295 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1299 previous_boot_id
= SD_ID128_NULL
;
1301 _cleanup_free_ BootId
*current
= NULL
;
1303 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1305 boot_id_free_all(head
);
1312 previous_boot_id
= current
->id
;
1316 offset
+= advance_older
? 1 : -1;
1321 *boot_id
= current
->id
;
1325 LIST_FOREACH(boot_list
, id
, head
) {
1326 if (sd_id128_equal(id
->id
, current
->id
)) {
1327 /* boot id already stored, something wrong with the journal files */
1328 /* exiting as otherwise this problem would cause forever loop */
1332 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1333 tail
= TAKE_PTR(current
);
1342 sd_journal_flush_matches(j
);
1347 static int list_boots(sd_journal
*j
) {
1349 BootId
*id
, *all_ids
;
1353 count
= get_boots(j
, &all_ids
, NULL
, 0);
1355 return log_error_errno(count
, "Failed to determine boots: %m");
1359 (void) pager_open(arg_no_pager
, arg_pager_end
);
1361 /* numbers are one less, but we need an extra char for the sign */
1362 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1365 LIST_FOREACH(boot_list
, id
, all_ids
) {
1366 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1368 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1370 SD_ID128_FORMAT_VAL(id
->id
),
1371 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1372 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1376 boot_id_free_all(all_ids
);
1381 static int add_boot(sd_journal
*j
) {
1382 char match
[9+32+1] = "_BOOT_ID=";
1391 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1392 * We can do this only when we logs are coming from the current machine,
1393 * so take the slow path if log location is specified. */
1394 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1395 !arg_directory
&& !arg_file
&& !arg_root
)
1397 return add_match_this_boot(j
, arg_machine
);
1399 boot_id
= arg_boot_id
;
1400 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1403 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1405 if (sd_id128_is_null(arg_boot_id
))
1406 log_error("Data from the specified boot (%+i) is not available: %s",
1407 arg_boot_offset
, reason
);
1409 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1410 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1412 return r
== 0 ? -ENODATA
: r
;
1415 sd_id128_to_string(boot_id
, match
+ 9);
1417 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1419 return log_error_errno(r
, "Failed to add match: %m");
1421 r
= sd_journal_add_conjunction(j
);
1423 return log_error_errno(r
, "Failed to add conjunction: %m");
1428 static int add_dmesg(sd_journal
*j
) {
1435 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1436 STRLEN("_TRANSPORT=kernel"));
1438 return log_error_errno(r
, "Failed to add match: %m");
1440 r
= sd_journal_add_conjunction(j
);
1442 return log_error_errno(r
, "Failed to add conjunction: %m");
1447 static int get_possible_units(
1453 _cleanup_set_free_free_ Set
*found
;
1457 found
= set_new(&string_hash_ops
);
1461 NULSTR_FOREACH(field
, fields
) {
1465 r
= sd_journal_query_unique(j
, field
);
1469 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1470 char **pattern
, *eq
;
1472 _cleanup_free_
char *u
= NULL
;
1474 eq
= memchr(data
, '=', size
);
1476 prefix
= eq
- (char*) data
+ 1;
1480 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1484 STRV_FOREACH(pattern
, patterns
)
1485 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1486 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1488 r
= set_consume(found
, u
);
1490 if (r
< 0 && r
!= -EEXIST
)
1498 *units
= TAKE_PTR(found
);
1503 /* This list is supposed to return the superset of unit names
1504 * possibly matched by rules added with add_matches_for_unit... */
1505 #define SYSTEM_UNITS \
1509 "OBJECT_SYSTEMD_UNIT\0" \
1512 /* ... and add_matches_for_user_unit */
1513 #define USER_UNITS \
1514 "_SYSTEMD_USER_UNIT\0" \
1516 "COREDUMP_USER_UNIT\0" \
1517 "OBJECT_SYSTEMD_USER_UNIT\0"
1519 static int add_units(sd_journal
*j
) {
1520 _cleanup_strv_free_
char **patterns
= NULL
;
1526 STRV_FOREACH(i
, arg_system_units
) {
1527 _cleanup_free_
char *u
= NULL
;
1529 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1533 if (string_is_glob(u
)) {
1534 r
= strv_push(&patterns
, u
);
1539 r
= add_matches_for_unit(j
, u
);
1542 r
= sd_journal_add_disjunction(j
);
1549 if (!strv_isempty(patterns
)) {
1550 _cleanup_set_free_free_ Set
*units
= NULL
;
1554 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1558 SET_FOREACH(u
, units
, it
) {
1559 r
= add_matches_for_unit(j
, u
);
1562 r
= sd_journal_add_disjunction(j
);
1569 patterns
= strv_free(patterns
);
1571 STRV_FOREACH(i
, arg_user_units
) {
1572 _cleanup_free_
char *u
= NULL
;
1574 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1578 if (string_is_glob(u
)) {
1579 r
= strv_push(&patterns
, u
);
1584 r
= add_matches_for_user_unit(j
, u
, getuid());
1587 r
= sd_journal_add_disjunction(j
);
1594 if (!strv_isempty(patterns
)) {
1595 _cleanup_set_free_free_ Set
*units
= NULL
;
1599 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1603 SET_FOREACH(u
, units
, it
) {
1604 r
= add_matches_for_user_unit(j
, u
, getuid());
1607 r
= sd_journal_add_disjunction(j
);
1614 /* Complain if the user request matches but nothing whatsoever was
1615 * found, since otherwise everything would be matched. */
1616 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1619 r
= sd_journal_add_conjunction(j
);
1626 static int add_priorities(sd_journal
*j
) {
1627 char match
[] = "PRIORITY=0";
1631 if (arg_priorities
== 0xFF)
1634 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1635 if (arg_priorities
& (1 << i
)) {
1636 match
[sizeof(match
)-2] = '0' + i
;
1638 r
= sd_journal_add_match(j
, match
, strlen(match
));
1640 return log_error_errno(r
, "Failed to add match: %m");
1643 r
= sd_journal_add_conjunction(j
);
1645 return log_error_errno(r
, "Failed to add conjunction: %m");
1650 static int add_syslog_identifier(sd_journal
*j
) {
1656 STRV_FOREACH(i
, arg_syslog_identifier
) {
1659 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1660 r
= sd_journal_add_match(j
, u
, 0);
1663 r
= sd_journal_add_disjunction(j
);
1668 r
= sd_journal_add_conjunction(j
);
1675 static int setup_keys(void) {
1677 size_t mpk_size
, seed_size
, state_size
, i
;
1678 uint8_t *mpk
, *seed
, *state
;
1680 sd_id128_t machine
, boot
;
1681 char *p
= NULL
, *k
= NULL
;
1686 r
= stat("/var/log/journal", &st
);
1687 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1688 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1690 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1691 log_error("%s is not a directory, must be using persistent logging for FSS.",
1692 "/var/log/journal");
1693 return r
< 0 ? -errno
: -ENOTDIR
;
1696 r
= sd_id128_get_machine(&machine
);
1698 return log_error_errno(r
, "Failed to get machine ID: %m");
1700 r
= sd_id128_get_boot(&boot
);
1702 return log_error_errno(r
, "Failed to get boot ID: %m");
1704 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1705 SD_ID128_FORMAT_VAL(machine
)) < 0)
1710 if (r
< 0 && errno
!= ENOENT
) {
1711 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1714 } else if (access(p
, F_OK
) >= 0) {
1715 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1720 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1721 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1726 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1727 mpk
= alloca(mpk_size
);
1729 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1730 seed
= alloca(seed_size
);
1732 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1733 state
= alloca(state_size
);
1735 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1737 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1741 log_info("Generating seed...");
1742 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1744 log_error_errno(r
, "Failed to read random seed: %m");
1748 log_info("Generating key pair...");
1749 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1751 log_info("Generating sealing key...");
1752 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1754 assert(arg_interval
> 0);
1756 n
= now(CLOCK_REALTIME
);
1760 fd
= mkostemp_safe(k
);
1762 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1766 /* Enable secure remove, exclusion from dump, synchronous
1767 * writing and in-place updating */
1768 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1770 log_warning_errno(r
, "Failed to set file attributes: %m");
1773 memcpy(h
.signature
, "KSHHRHLP", 8);
1774 h
.machine_id
= machine
;
1776 h
.header_size
= htole64(sizeof(h
));
1777 h
.start_usec
= htole64(n
* arg_interval
);
1778 h
.interval_usec
= htole64(arg_interval
);
1779 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1780 h
.fsprg_state_size
= htole64(state_size
);
1782 r
= loop_write(fd
, &h
, sizeof(h
), false);
1784 log_error_errno(r
, "Failed to write header: %m");
1788 r
= loop_write(fd
, state
, state_size
, false);
1790 log_error_errno(r
, "Failed to write state: %m");
1794 if (link(k
, p
) < 0) {
1795 r
= log_error_errno(errno
, "Failed to link file: %m");
1802 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1803 "the following local file. This key file is automatically updated when the\n"
1804 "sealing key is advanced. It should not be used on multiple hosts.\n"
1808 "Please write down the following %ssecret verification key%s. It should be stored\n"
1809 "at a safe location and should not be saved locally on disk.\n"
1811 ansi_highlight(), ansi_normal(),
1813 ansi_highlight(), ansi_normal(),
1814 ansi_highlight_red());
1817 for (i
= 0; i
< seed_size
; i
++) {
1818 if (i
> 0 && i
% 3 == 0)
1820 printf("%02x", ((uint8_t*) seed
)[i
]);
1823 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1826 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1830 "The sealing key is automatically changed every %s.\n",
1832 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1834 hn
= gethostname_malloc();
1837 hostname_cleanup(hn
);
1838 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1840 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1843 /* If this is not an UTF-8 system don't print any QR codes */
1844 if (is_locale_utf8()) {
1845 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1846 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1866 log_error("Forward-secure sealing not available.");
1871 static int verify(sd_journal
*j
) {
1878 log_show_color(true);
1880 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1882 usec_t first
= 0, validated
= 0, last
= 0;
1885 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1886 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1889 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1891 /* If the key was invalid give up right-away. */
1894 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1897 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1898 log_info("PASS: %s", f
->path
);
1900 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1901 if (validated
> 0) {
1902 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1903 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1904 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1905 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1906 } else if (last
> 0)
1907 log_info("=> No sealing yet, %s of entries not sealed.",
1908 format_timespan(c
, sizeof(c
), last
- first
, 0));
1910 log_info("=> No sealing yet, no entries in file.");
1918 static int flush_to_var(void) {
1919 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1920 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1921 _cleanup_close_
int watch_fd
= -1;
1925 log_error("--flush is not supported in conjunction with --machine=.");
1930 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1933 /* OK, let's actually do the full logic, send SIGUSR1 to the
1934 * daemon and set up inotify to wait for the flushed file to appear */
1935 r
= bus_connect_system_systemd(&bus
);
1937 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1939 r
= sd_bus_call_method(
1941 "org.freedesktop.systemd1",
1942 "/org/freedesktop/systemd1",
1943 "org.freedesktop.systemd1.Manager",
1947 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1949 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1951 mkdir_p("/run/systemd/journal", 0755);
1953 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1955 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1957 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1959 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1962 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1965 if (errno
!= ENOENT
)
1966 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1968 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1970 return log_error_errno(r
, "Failed to wait for event: %m");
1972 r
= flush_fd(watch_fd
);
1974 return log_error_errno(r
, "Failed to flush inotify events: %m");
1980 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1981 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1982 _cleanup_close_
int watch_fd
= -1;
1987 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1991 start
= now(CLOCK_MONOTONIC
);
1993 /* This call sends the specified signal to journald, and waits
1994 * for acknowledgment by watching the mtime of the specified
1995 * flag file. This is used to trigger syncing or rotation and
1996 * then wait for the operation to complete. */
2001 /* See if a sync happened by now. */
2002 r
= read_timestamp_file(watch_path
, &tstamp
);
2003 if (r
< 0 && r
!= -ENOENT
)
2004 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
2005 if (r
>= 0 && tstamp
>= start
)
2008 /* Let's ask for a sync, but only once. */
2010 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2012 r
= bus_connect_system_systemd(&bus
);
2014 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
2016 r
= sd_bus_call_method(
2018 "org.freedesktop.systemd1",
2019 "/org/freedesktop/systemd1",
2020 "org.freedesktop.systemd1.Manager",
2024 "ssi", "systemd-journald.service", "main", sig
);
2026 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
2031 /* Let's install the inotify watch, if we didn't do that yet. */
2034 mkdir_p("/run/systemd/journal", 0755);
2036 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2038 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2040 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2042 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2044 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2048 /* OK, all preparatory steps done, let's wait until
2049 * inotify reports an event. */
2051 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2053 return log_error_errno(r
, "Failed to wait for event: %m");
2055 r
= flush_fd(watch_fd
);
2057 return log_error_errno(r
, "Failed to flush inotify events: %m");
2063 static int rotate(void) {
2064 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2067 static int sync_journal(void) {
2068 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2071 int main(int argc
, char *argv
[]) {
2073 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2074 bool need_seek
= false;
2075 sd_id128_t previous_boot_id
;
2076 bool previous_boot_id_valid
= false, first_line
= true;
2078 bool ellipsized
= false;
2080 setlocale(LC_ALL
, "");
2081 log_parse_environment();
2084 r
= parse_argv(argc
, argv
);
2088 signal(SIGWINCH
, columns_lines_cache_reset
);
2091 /* Increase max number of open files to 16K if we can, we
2092 * might needs this when browsing journal files, which might
2093 * be split up into many files. */
2094 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2096 switch (arg_action
) {
2098 case ACTION_NEW_ID128
:
2099 r
= generate_new_id128();
2102 case ACTION_SETUP_KEYS
:
2106 case ACTION_LIST_CATALOG
:
2107 case ACTION_DUMP_CATALOG
:
2108 case ACTION_UPDATE_CATALOG
: {
2109 _cleanup_free_
char *database
;
2111 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2117 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2118 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2120 log_error_errno(r
, "Failed to list catalog: %m");
2122 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2124 (void) pager_open(arg_no_pager
, arg_pager_end
);
2127 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2129 r
= catalog_list(stdout
, database
, oneline
);
2131 log_error_errno(r
, "Failed to list catalog: %m");
2150 case ACTION_PRINT_HEADER
:
2152 case ACTION_DISK_USAGE
:
2153 case ACTION_LIST_BOOTS
:
2155 case ACTION_LIST_FIELDS
:
2156 case ACTION_LIST_FIELD_NAMES
:
2157 /* These ones require access to the journal files, continue below. */
2161 assert_not_reached("Unknown action");
2165 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2167 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2168 else if (arg_file_stdin
) {
2169 int ifd
= STDIN_FILENO
;
2170 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2171 } else if (arg_file
)
2172 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2173 else if (arg_machine
) {
2174 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2175 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2176 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2179 if (geteuid() != 0) {
2180 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2181 * the container, thus we need root privileges to override them. */
2182 log_error("Using the --machine= switch requires root privileges.");
2187 r
= sd_bus_open_system(&bus
);
2189 log_error_errno(r
, "Failed to open system bus: %m");
2193 r
= sd_bus_call_method(
2195 "org.freedesktop.machine1",
2196 "/org/freedesktop/machine1",
2197 "org.freedesktop.machine1.Manager",
2198 "OpenMachineRootDirectory",
2203 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2207 r
= sd_bus_message_read(reply
, "h", &fd
);
2209 bus_log_parse_error(r
);
2213 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2215 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2219 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2223 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2225 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2229 r
= journal_access_check_and_warn(j
, arg_quiet
,
2230 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2234 switch (arg_action
) {
2236 case ACTION_NEW_ID128
:
2237 case ACTION_SETUP_KEYS
:
2238 case ACTION_LIST_CATALOG
:
2239 case ACTION_DUMP_CATALOG
:
2240 case ACTION_UPDATE_CATALOG
:
2244 assert_not_reached("Unexpected action.");
2246 case ACTION_PRINT_HEADER
:
2247 journal_print_header(j
);
2255 case ACTION_DISK_USAGE
: {
2257 char sbytes
[FORMAT_BYTES_MAX
];
2259 r
= sd_journal_get_usage(j
, &bytes
);
2263 printf("Archived and active journals take up %s in the file system.\n",
2264 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2268 case ACTION_LIST_BOOTS
:
2272 case ACTION_VACUUM
: {
2276 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2282 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2284 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2292 case ACTION_LIST_FIELD_NAMES
: {
2295 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2296 printf("%s\n", field
);
2305 case ACTION_LIST_FIELDS
:
2309 assert_not_reached("Unknown action");
2312 if (arg_boot_offset
!= 0 &&
2313 sd_journal_has_runtime_files(j
) > 0 &&
2314 sd_journal_has_persistent_files(j
) == 0) {
2315 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2319 /* add_boot() must be called first!
2320 * It may need to seek the journal to find parent boot IDs. */
2331 log_error_errno(r
, "Failed to add filter for units: %m");
2335 r
= add_syslog_identifier(j
);
2337 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2341 r
= add_priorities(j
);
2345 r
= add_matches(j
, argv
+ optind
);
2349 if (DEBUG_LOGGING
) {
2350 _cleanup_free_
char *filter
;
2352 filter
= journal_make_match_string(j
);
2356 log_debug("Journal filter: %s", filter
);
2359 if (arg_action
== ACTION_LIST_FIELDS
) {
2365 r
= sd_journal_set_data_threshold(j
, 0);
2367 log_error_errno(r
, "Failed to unset data size threshold: %m");
2371 r
= sd_journal_query_unique(j
, arg_field
);
2373 log_error_errno(r
, "Failed to query unique data objects: %m");
2377 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2380 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2383 eq
= memchr(data
, '=', size
);
2385 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2387 printf("%.*s\n", (int) size
, (const char*) data
);
2396 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2398 r
= sd_journal_get_fd(j
);
2399 if (r
== -EMEDIUMTYPE
) {
2400 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2404 log_error_errno(r
, "Failed to get journal fd: %m");
2409 if (arg_cursor
|| arg_after_cursor
) {
2410 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2412 log_error_errno(r
, "Failed to seek to cursor: %m");
2417 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2419 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2421 if (arg_after_cursor
&& r
< 2) {
2422 /* We couldn't find the next entry after the cursor. */
2429 } else if (arg_since_set
&& !arg_reverse
) {
2430 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2432 log_error_errno(r
, "Failed to seek to date: %m");
2435 r
= sd_journal_next(j
);
2437 } else if (arg_until_set
&& arg_reverse
) {
2438 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2440 log_error_errno(r
, "Failed to seek to date: %m");
2443 r
= sd_journal_previous(j
);
2445 } else if (arg_lines
>= 0) {
2446 r
= sd_journal_seek_tail(j
);
2448 log_error_errno(r
, "Failed to seek to tail: %m");
2452 r
= sd_journal_previous_skip(j
, arg_lines
);
2454 } else if (arg_reverse
) {
2455 r
= sd_journal_seek_tail(j
);
2457 log_error_errno(r
, "Failed to seek to tail: %m");
2461 r
= sd_journal_previous(j
);
2464 r
= sd_journal_seek_head(j
);
2466 log_error_errno(r
, "Failed to seek to head: %m");
2470 r
= sd_journal_next(j
);
2474 log_error_errno(r
, "Failed to iterate through journal: %m");
2481 (void) pager_open(arg_no_pager
, arg_pager_end
);
2483 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2485 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2487 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2489 log_error_errno(r
, "Failed to get cutoff: %m");
2495 printf("-- Logs begin at %s. --\n",
2496 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2498 printf("-- Logs begin at %s, end at %s. --\n",
2499 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2500 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2505 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2507 size_t highlight
[2] = {};
2511 r
= sd_journal_next(j
);
2513 r
= sd_journal_previous(j
);
2515 log_error_errno(r
, "Failed to iterate through journal: %m");
2522 if (arg_until_set
&& !arg_reverse
) {
2525 r
= sd_journal_get_realtime_usec(j
, &usec
);
2527 log_error_errno(r
, "Failed to determine timestamp: %m");
2530 if (usec
> arg_until
)
2534 if (arg_since_set
&& arg_reverse
) {
2537 r
= sd_journal_get_realtime_usec(j
, &usec
);
2539 log_error_errno(r
, "Failed to determine timestamp: %m");
2542 if (usec
< arg_since
)
2546 if (!arg_merge
&& !arg_quiet
) {
2549 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2551 if (previous_boot_id_valid
&&
2552 !sd_id128_equal(boot_id
, previous_boot_id
))
2553 printf("%s-- Reboot --%s\n",
2554 ansi_highlight(), ansi_normal());
2556 previous_boot_id
= boot_id
;
2557 previous_boot_id_valid
= true;
2562 if (arg_compiled_pattern
) {
2563 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2564 const void *message
;
2568 md
= pcre2_match_data_create(1, NULL
);
2572 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2579 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2583 assert_se(message
= startswith(message
, "MESSAGE="));
2585 r
= pcre2_match(arg_compiled_pattern
,
2587 len
- strlen("MESSAGE="),
2588 0, /* start at offset 0 in the subject */
2589 0, /* default options */
2592 if (r
== PCRE2_ERROR_NOMATCH
) {
2597 unsigned char buf
[LINE_MAX
];
2600 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2601 log_error("Pattern matching failed: %s",
2602 r2
< 0 ? "unknown error" : (char*) buf
);
2607 ovec
= pcre2_get_ovector_pointer(md
);
2608 highlight
[0] = ovec
[0];
2609 highlight
[1] = ovec
[1];
2614 arg_all
* OUTPUT_SHOW_ALL
|
2615 arg_full
* OUTPUT_FULL_WIDTH
|
2616 colors_enabled() * OUTPUT_COLOR
|
2617 arg_catalog
* OUTPUT_CATALOG
|
2618 arg_utc
* OUTPUT_UTC
|
2619 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2621 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2622 arg_output_fields
, highlight
, &ellipsized
);
2624 if (r
== -EADDRNOTAVAIL
)
2626 else if (r
< 0 || ferror(stdout
))
2631 /* If journalctl take a long time to process messages, and during that time journal file
2632 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2633 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2634 * in the "following" case. By periodically calling sd_journal_process() during the processing
2635 * loop we shrink the window of time a client instance has open file descriptors for rotated
2636 * (deleted) journal files. */
2637 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2638 r
= sd_journal_process(j
);
2640 log_error_errno(r
, "Failed to process inotify events: %m");
2647 if (n_shown
== 0 && !arg_quiet
)
2648 printf("-- No entries --\n");
2650 if (arg_show_cursor
) {
2651 _cleanup_free_
char *cursor
= NULL
;
2653 r
= sd_journal_get_cursor(j
, &cursor
);
2654 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2655 log_error_errno(r
, "Failed to get cursor: %m");
2657 printf("-- cursor: %s\n", cursor
);
2664 r
= sd_journal_wait(j
, (uint64_t) -1);
2666 log_error_errno(r
, "Couldn't wait for journal event: %m");
2677 strv_free(arg_file
);
2679 strv_free(arg_syslog_identifier
);
2680 strv_free(arg_system_units
);
2681 strv_free(arg_user_units
);
2682 strv_free(arg_output_fields
);
2685 free(arg_verify_key
);
2688 if (arg_compiled_pattern
)
2689 pcre2_code_free(arg_compiled_pattern
);
2692 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;