]> git.ipfire.org Git - thirdparty/systemd.git/blob - man/systemd.journal-fields.xml
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
man: add version info
[thirdparty/systemd.git] / man / systemd.journal-fields.xml
1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
6 <refentry id="systemd.journal-fields" xmlns:xi="http://www.w3.org/2001/XInclude">
7
8 <refentryinfo>
9 <title>systemd.journal-fields</title>
10 <productname>systemd</productname>
11 </refentryinfo>
12
13 <refmeta>
14 <refentrytitle>systemd.journal-fields</refentrytitle>
15 <manvolnum>7</manvolnum>
16 </refmeta>
17
18 <refnamediv>
19 <refname>systemd.journal-fields</refname>
20 <refpurpose>Special journal fields</refpurpose>
21 </refnamediv>
22
23 <refsect1>
24 <title>Description</title>
25
26 <para>Entries in the journal (as written by
27 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
28 resemble a UNIX process environment block in syntax but with field values that may include binary data,
29 and with non-unique field names permitted. Primarily, field values are formatted UTF-8 text strings —
30 binary encoding is used only where formatting as UTF-8 text strings makes little sense. New fields may
31 freely be defined by applications, but a few fields have special meanings, which are listed
32 below. Typically, fields may only appear once per log entry, however there are special exceptions: some
33 fields may appear more than once per entry, in which case this is explicitly mentioned below. Even though
34 the logging subsystem makes no restrictions on which fields to accept non-unique values for, it is
35 strongly recommended to avoid relying on this for the fields listed below (except where listed otherwise,
36 as mentioned) in order to avoid unnecessary incompatibilities with other applications.</para>
37 </refsect1>
38
39 <refsect1>
40 <title>User Journal Fields</title>
41
42 <para>User fields are fields that are directly passed from clients
43 and stored in the journal.</para>
44
45 <variablelist class='journal-directives'>
46 <varlistentry>
47 <term><varname>MESSAGE=</varname></term>
48 <listitem>
49 <para>The human-readable message string for this entry. This is supposed to be the primary text
50 shown to the user. It is usually not translated (but might be in some cases), and is not supposed
51 to be parsed for metadata. In order to encode multiple lines in a single log entry, separate them
52 by newline characters (ASCII code 10), but encode them as a single <varname>MESSAGE=</varname>
53 field. Do not add multiple values of this field type to the same entry (also see above), as
54 consuming applications generally do not expect this and are unlikely to show all values in that
55 case.</para>
56 </listitem>
57 </varlistentry>
58
59 <varlistentry>
60 <term><varname>MESSAGE_ID=</varname></term>
61 <listitem>
62 <para>A 128-bit message identifier ID for recognizing certain message types, if this is desirable. This
63 should contain a 128-bit ID formatted as a lower-case hexadecimal string, without any separating dashes or
64 suchlike. This is recommended to be a UUID-compatible ID, but this is not enforced, and formatted
65 differently. Developers can generate a new ID for this purpose with <command>systemd-id128 new</command>.
66 </para>
67 </listitem>
68 </varlistentry>
69
70 <varlistentry>
71 <term><varname>PRIORITY=</varname></term>
72 <listitem>
73 <para>A priority value between 0 (<literal>emerg</literal>)
74 and 7 (<literal>debug</literal>) formatted as a decimal
75 string. This field is compatible with syslog's priority
76 concept.</para>
77 </listitem>
78 </varlistentry>
79
80 <varlistentry>
81 <term><varname>CODE_FILE=</varname></term>
82 <term><varname>CODE_LINE=</varname></term>
83 <term><varname>CODE_FUNC=</varname></term>
84 <listitem>
85 <para>The code location generating this message, if known.
86 Contains the source filename, the line number and the
87 function name.</para>
88 </listitem>
89 </varlistentry>
90
91 <varlistentry>
92 <term><varname>ERRNO=</varname></term>
93 <listitem>
94 <para>The low-level Unix error number causing this entry, if
95 any. Contains the numeric value of
96 <citerefentry project='man-pages'><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>
97 formatted as a decimal string.</para>
98
99 <xi:include href="version-info.xml" xpointer="v188"/>
100 </listitem>
101 </varlistentry>
102
103 <varlistentry>
104 <term><varname>INVOCATION_ID=</varname></term>
105 <term><varname>USER_INVOCATION_ID=</varname></term>
106 <listitem>
107 <para>A randomized, unique 128-bit ID identifying each runtime cycle of the unit. This is different from
108 <varname>_SYSTEMD_INVOCATION_ID</varname> in that it is only used for messages coming from systemd code
109 (e.g. logs from the system/user manager or from forked processes performing systemd-related setup).</para>
110
111 <xi:include href="version-info.xml" xpointer="v245"/>
112 </listitem>
113 </varlistentry>
114
115 <varlistentry>
116 <term><varname>SYSLOG_FACILITY=</varname></term>
117 <term><varname>SYSLOG_IDENTIFIER=</varname></term>
118 <term><varname>SYSLOG_PID=</varname></term>
119 <term><varname>SYSLOG_TIMESTAMP=</varname></term>
120 <listitem>
121 <para>Syslog compatibility fields containing the facility (formatted as
122 decimal string), the identifier string (i.e. "tag"), the client PID, and
123 the timestamp as specified in the original datagram. (Note that the tag is
124 usually derived from glibc's
125 <varname>program_invocation_short_name</varname> variable, see
126 <citerefentry project='die-net'><refentrytitle>program_invocation_short_name</refentrytitle><manvolnum>3</manvolnum></citerefentry>.)</para>
127 <para>Note that the journal service does not validate the values of any structured
128 journal fields whose name is not prefixed with an underscore, and this includes any
129 syslog related fields such as these. Hence, applications that supply a facility, PID,
130 or log level are expected to do so properly formatted, i.e. as numeric integers formatted
131 as decimal strings.</para>
132 </listitem>
133 </varlistentry>
134
135 <varlistentry>
136 <term><varname>SYSLOG_RAW=</varname></term>
137 <listitem>
138 <para>The original contents of the syslog line as received in the syslog
139 datagram. This field is only included if the <varname>MESSAGE=</varname>
140 field was modified compared to the original payload or the timestamp could
141 not be located properly and is not included in
142 <varname>SYSLOG_TIMESTAMP=</varname>. Message truncation occurs when
143 the message contains leading or trailing whitespace (trailing and leading
144 whitespace is stripped), or it contains an embedded
145 <constant>NUL</constant> byte (the <constant>NUL</constant> byte and
146 anything after it is not included). Thus, the original syslog line is
147 either stored as <varname>SYSLOG_RAW=</varname> or it can be recreated
148 based on the stored priority and facility, timestamp, identifier, and the
149 message payload in <varname>MESSAGE=</varname>.
150 </para>
151
152 <xi:include href="version-info.xml" xpointer="v240"/>
153 </listitem>
154 </varlistentry>
155
156 <varlistentry>
157 <term><varname>DOCUMENTATION=</varname></term>
158 <listitem>
159 <para>A documentation URL with further information about the topic of the log message. Tools such
160 as <command>journalctl</command> will include a hyperlink to a URL specified this way in their
161 output. Should be an <literal>http://</literal>, <literal>https://</literal>,
162 <literal>file:/</literal>, <literal>man:</literal> or <literal>info:</literal> URL.</para>
163
164 <xi:include href="version-info.xml" xpointer="v246"/>
165 </listitem>
166 </varlistentry>
167
168 <varlistentry>
169 <term><varname>TID=</varname></term>
170 <listitem>
171 <para>The numeric thread ID (TID) the log message originates from.</para>
172
173 <xi:include href="version-info.xml" xpointer="v247"/>
174 </listitem>
175 </varlistentry>
176
177 <varlistentry>
178 <term><varname>UNIT=</varname></term>
179 <term><varname>USER_UNIT=</varname></term>
180 <listitem>
181 <para>The name of a unit. Used by the system and user managers when logging about specific
182 units.</para>
183
184 <para>When <option>--unit=<replaceable>name</replaceable></option> or
185 <option>--user-unit=<replaceable>name</replaceable></option> are used with
186 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, a
187 match pattern that includes <literal>UNIT=<replaceable>name</replaceable>.service</literal> or
188 <literal>USER_UNIT=<replaceable>name</replaceable>.service</literal> will be generated.</para>
189
190 <xi:include href="version-info.xml" xpointer="v251"/>
191 </listitem>
192 </varlistentry>
193 </variablelist>
194 </refsect1>
195
196 <refsect1>
197 <title>Trusted Journal Fields</title>
198
199 <para>Fields prefixed with an underscore are trusted fields, i.e.
200 fields that are implicitly added by the journal and cannot be
201 altered by client code.</para>
202
203 <variablelist class='journal-directives'>
204 <varlistentry>
205 <term><varname>_PID=</varname></term>
206 <term><varname>_UID=</varname></term>
207 <term><varname>_GID=</varname></term>
208 <listitem>
209 <para>The process, user, and group ID of the process the
210 journal entry originates from formatted as a decimal
211 string. Note that entries obtained via <literal>stdout</literal> or
212 <literal>stderr</literal> of forked processes will contain credentials valid for a parent
213 process (that initiated the connection to <command>systemd-journald</command>).</para>
214 </listitem>
215 </varlistentry>
216
217 <varlistentry>
218 <term><varname>_COMM=</varname></term>
219 <term><varname>_EXE=</varname></term>
220 <term><varname>_CMDLINE=</varname></term>
221 <listitem>
222 <para>The name, the executable path, and the command line of
223 the process the journal entry originates from.</para>
224 </listitem>
225 </varlistentry>
226
227 <varlistentry>
228 <term><varname>_CAP_EFFECTIVE=</varname></term>
229 <listitem>
230 <para>The effective
231 <citerefentry project='man-pages'><refentrytitle>capabilities</refentrytitle><manvolnum>7</manvolnum></citerefentry>
232 of the process the journal entry originates from.</para>
233
234 <xi:include href="version-info.xml" xpointer="v206"/>
235 </listitem>
236 </varlistentry>
237
238 <varlistentry>
239 <term><varname>_AUDIT_SESSION=</varname></term>
240 <term><varname>_AUDIT_LOGINUID=</varname></term>
241 <listitem>
242 <para>The session and login UID of the process the journal
243 entry originates from, as maintained by the kernel audit
244 subsystem.</para>
245 </listitem>
246 </varlistentry>
247
248 <varlistentry>
249 <term><varname>_SYSTEMD_CGROUP=</varname></term>
250 <term><varname>_SYSTEMD_SLICE=</varname></term>
251 <term><varname>_SYSTEMD_UNIT=</varname></term>
252 <term><varname>_SYSTEMD_USER_UNIT=</varname></term>
253 <term><varname>_SYSTEMD_USER_SLICE=</varname></term>
254 <term><varname>_SYSTEMD_SESSION=</varname></term>
255 <term><varname>_SYSTEMD_OWNER_UID=</varname></term>
256
257 <listitem>
258 <para>The control group path in the systemd hierarchy, the systemd slice unit name, the systemd
259 unit name, the unit name in the systemd user manager (if any), the systemd session ID (if any), and
260 the owner UID of the systemd user unit or systemd session (if any) of the process the journal entry
261 originates from.</para>
262 </listitem>
263 </varlistentry>
264
265 <varlistentry>
266 <term><varname>_SELINUX_CONTEXT=</varname></term>
267 <listitem>
268 <para>The SELinux security context (label) of the process
269 the journal entry originates from.</para>
270 </listitem>
271 </varlistentry>
272
273 <varlistentry>
274 <term><varname>_SOURCE_REALTIME_TIMESTAMP=</varname></term>
275 <listitem>
276 <para>The earliest trusted timestamp of the message, if any
277 is known that is different from the reception time of the
278 journal. This is the time in microseconds since the epoch
279 UTC, formatted as a decimal string.</para>
280 </listitem>
281 </varlistentry>
282
283 <varlistentry>
284 <term><varname>_BOOT_ID=</varname></term>
285 <listitem>
286 <para>The kernel boot ID for the boot the message was
287 generated in, formatted as a 128-bit hexadecimal
288 string.</para>
289 </listitem>
290 </varlistentry>
291
292 <varlistentry>
293 <term><varname>_MACHINE_ID=</varname></term>
294 <listitem>
295 <para>The machine ID of the originating host, as available
296 in
297 <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
298 </listitem>
299 </varlistentry>
300
301 <varlistentry>
302 <term><varname>_SYSTEMD_INVOCATION_ID=</varname></term>
303 <listitem>
304 <para>The invocation ID for the runtime cycle of the unit
305 the message was generated in, as available to processes
306 of the unit in <varname>$INVOCATION_ID</varname> (see
307 <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry>).</para>
308
309 <xi:include href="version-info.xml" xpointer="v233"/>
310 </listitem>
311 </varlistentry>
312
313 <varlistentry>
314 <term><varname>_HOSTNAME=</varname></term>
315 <listitem>
316 <para>The name of the originating host.</para>
317 </listitem>
318 </varlistentry>
319
320 <varlistentry>
321 <term><varname>_TRANSPORT=</varname></term>
322 <listitem>
323 <para>How the entry was received by the journal service.
324 Valid transports are:
325 </para>
326 <variablelist>
327 <varlistentry>
328 <term>
329 <option>audit</option>
330 </term>
331 <listitem>
332 <para>for those read from the kernel audit subsystem
333 </para>
334
335 <xi:include href="version-info.xml" xpointer="v227"/>
336 </listitem>
337 </varlistentry>
338
339 <varlistentry>
340 <term>
341 <option>driver</option>
342 </term>
343 <listitem>
344 <para>for internally generated messages
345 </para>
346
347 <xi:include href="version-info.xml" xpointer="v205"/>
348 </listitem>
349 </varlistentry>
350
351 <varlistentry>
352 <term>
353 <option>syslog</option>
354 </term>
355 <listitem>
356 <para>for those received via the local syslog socket
357 with the syslog protocol
358 </para>
359
360 <xi:include href="version-info.xml" xpointer="v205"/>
361 </listitem>
362 </varlistentry>
363
364 <varlistentry>
365 <term>
366 <option>journal</option>
367 </term>
368 <listitem>
369 <para>for those received via the native journal
370 protocol
371 </para>
372
373 <xi:include href="version-info.xml" xpointer="v205"/>
374 </listitem>
375 </varlistentry>
376
377 <varlistentry>
378 <term>
379 <option>stdout</option>
380 </term>
381 <listitem>
382 <para>for those read from a service's standard output
383 or error output
384 </para>
385
386 <xi:include href="version-info.xml" xpointer="v205"/>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry>
391 <term>
392 <option>kernel</option>
393 </term>
394 <listitem>
395 <para>for those read from the kernel
396 </para>
397
398 <xi:include href="version-info.xml" xpointer="v205"/>
399 </listitem>
400 </varlistentry>
401 </variablelist>
402 </listitem>
403 </varlistentry>
404 <varlistentry>
405 <term><varname>_STREAM_ID=</varname></term>
406 <listitem>
407 <para>Only applies to <literal>_TRANSPORT=stdout</literal> records: specifies a randomized 128-bit ID assigned
408 to the stream connection when it was first created. This ID is useful to reconstruct individual log streams
409 from the log records: all log records carrying the same stream ID originate from the same stream.</para>
410
411 <xi:include href="version-info.xml" xpointer="v235"/>
412 </listitem>
413 </varlistentry>
414 <varlistentry>
415 <term><varname>_LINE_BREAK=</varname></term>
416 <listitem>
417 <para>Only applies to <literal>_TRANSPORT=stdout</literal> records: indicates that the log message
418 in the standard output/error stream was not terminated with a normal newline character
419 (<literal>\n</literal>, i.e. ASCII 10). Specifically, when set this field is one of
420 <option>nul</option> (in case the line was terminated by a <constant>NUL</constant> byte), <option>line-max</option> (in
421 case the maximum log line length was reached, as configured with <varname>LineMax=</varname> in
422 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>),
423 <option>eof</option> (if this was the last log record of a stream and the stream ended without a
424 final newline character), or <option>pid-change</option> (if the process which generated the log
425 output changed in the middle of a line). Note that this record is not generated when a normal
426 newline character was used for marking the log line end.</para>
427
428 <xi:include href="version-info.xml" xpointer="v235"/>
429 </listitem>
430 </varlistentry>
431 <varlistentry>
432 <term><varname>_NAMESPACE=</varname></term>
433
434 <listitem><para>If this file was written by a <command>systemd-journald</command> instance managing a
435 journal namespace that is not the default, this field contains the namespace identifier. See
436 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
437 for details about journal namespaces.</para>
438
439 <xi:include href="version-info.xml" xpointer="v245"/>
440 </listitem>
441 </varlistentry>
442 <varlistentry>
443 <term><varname>_RUNTIME_SCOPE=</varname></term>
444
445 <listitem><para>A string field that specifies the runtime scope in which the message was logged. If
446 <literal>initrd</literal>, the log message was processed while the system was running inside the
447 initrd. If <literal>system</literal>, the log message was generated after the system switched
448 execution to the host root filesystem.</para>
449
450 <xi:include href="version-info.xml" xpointer="v252"/></listitem>
451 </varlistentry>
452 </variablelist>
453 </refsect1>
454
455 <refsect1>
456 <title>Kernel Journal Fields</title>
457
458 <para>Kernel fields are fields that are used by messages
459 originating in the kernel and stored in the journal.</para>
460
461 <variablelist class='journal-directives'>
462 <varlistentry>
463 <term><varname>_KERNEL_DEVICE=</varname></term>
464 <listitem>
465 <para>The kernel device name. If the entry is associated to a block device, contains the major and
466 minor numbers of the device node, separated by <literal>:</literal> and prefixed by
467 <literal>b</literal>. Similarly for character devices, but prefixed by <literal>c</literal>. For
468 network devices, this is the interface index prefixed by <literal>n</literal>. For all other
469 devices, this is the subsystem name prefixed by <literal>+</literal>, followed by
470 <literal>:</literal>, followed by the kernel device name.</para>
471
472 <xi:include href="version-info.xml" xpointer="v189"/>
473 </listitem>
474 </varlistentry>
475 <varlistentry>
476 <term><varname>_KERNEL_SUBSYSTEM=</varname></term>
477 <listitem>
478 <para>The kernel subsystem name.</para>
479
480 <xi:include href="version-info.xml" xpointer="v189"/>
481 </listitem>
482 </varlistentry>
483 <varlistentry>
484 <term><varname>_UDEV_SYSNAME=</varname></term>
485 <listitem>
486 <para>The kernel device name as it shows up in the device
487 tree below <filename>/sys/</filename>.</para>
488
489 <xi:include href="version-info.xml" xpointer="v189"/>
490 </listitem>
491 </varlistentry>
492 <varlistentry>
493 <term><varname>_UDEV_DEVNODE=</varname></term>
494 <listitem>
495 <para>The device node path of this device in
496 <filename>/dev/</filename>.</para>
497
498 <xi:include href="version-info.xml" xpointer="v189"/>
499 </listitem>
500 </varlistentry>
501 <varlistentry>
502 <term><varname>_UDEV_DEVLINK=</varname></term>
503 <listitem>
504 <para>Additional symlink names pointing to the device node
505 in <filename>/dev/</filename>. This field is frequently set
506 more than once per entry.</para>
507
508 <xi:include href="version-info.xml" xpointer="v189"/>
509 </listitem>
510 </varlistentry>
511 </variablelist>
512 </refsect1>
513
514 <refsect1>
515 <title>Fields to log on behalf of a different program</title>
516
517 <para>Fields in this section are used by programs to specify that
518 they are logging on behalf of another program or unit.
519 </para>
520
521 <para>Fields used by the <command>systemd-coredump</command>
522 coredump kernel helper:
523 </para>
524
525 <variablelist class='journal-directives'>
526 <varlistentry>
527 <term><varname>COREDUMP_UNIT=</varname></term>
528 <term><varname>COREDUMP_USER_UNIT=</varname></term>
529 <listitem>
530 <para>Used to annotate messages containing coredumps from
531 system and session units. See
532 <citerefentry><refentrytitle>coredumpctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
533 </para>
534 </listitem>
535 </varlistentry>
536 </variablelist>
537
538 <para>Privileged programs (currently UID 0) may attach
539 <varname>OBJECT_PID=</varname> to a message. This will instruct
540 <command>systemd-journald</command> to attach additional fields on
541 behalf of the caller:</para>
542
543 <variablelist class='journal-directives'>
544 <varlistentry>
545 <term><varname>OBJECT_PID=<replaceable>PID</replaceable></varname></term>
546 <listitem>
547 <para>PID of the program that this message pertains to.
548 </para>
549
550 <xi:include href="version-info.xml" xpointer="v205"/>
551 </listitem>
552 </varlistentry>
553
554 <varlistentry>
555 <term><varname>OBJECT_UID=</varname></term>
556 <term><varname>OBJECT_GID=</varname></term>
557 <term><varname>OBJECT_COMM=</varname></term>
558 <term><varname>OBJECT_EXE=</varname></term>
559 <term><varname>OBJECT_CMDLINE=</varname></term>
560 <term><varname>OBJECT_AUDIT_SESSION=</varname></term>
561 <term><varname>OBJECT_AUDIT_LOGINUID=</varname></term>
562 <term><varname>OBJECT_SYSTEMD_CGROUP=</varname></term>
563 <term><varname>OBJECT_SYSTEMD_SESSION=</varname></term>
564 <term><varname>OBJECT_SYSTEMD_OWNER_UID=</varname></term>
565 <term><varname>OBJECT_SYSTEMD_UNIT=</varname></term>
566 <term><varname>OBJECT_SYSTEMD_USER_UNIT=</varname></term>
567 <listitem>
568 <para>These are additional fields added automatically by
569 <command>systemd-journald</command>. Their meaning is the
570 same as
571 <varname>_UID=</varname>,
572 <varname>_GID=</varname>,
573 <varname>_COMM=</varname>,
574 <varname>_EXE=</varname>,
575 <varname>_CMDLINE=</varname>,
576 <varname>_AUDIT_SESSION=</varname>,
577 <varname>_AUDIT_LOGINUID=</varname>,
578 <varname>_SYSTEMD_CGROUP=</varname>,
579 <varname>_SYSTEMD_SESSION=</varname>,
580 <varname>_SYSTEMD_UNIT=</varname>,
581 <varname>_SYSTEMD_USER_UNIT=</varname>, and
582 <varname>_SYSTEMD_OWNER_UID=</varname>
583 as described above, except that the process identified by
584 <replaceable>PID</replaceable> is described, instead of the
585 process which logged the message.</para>
586
587 <xi:include href="version-info.xml" xpointer="v205"/>
588 </listitem>
589 </varlistentry>
590 </variablelist>
591
592 </refsect1>
593
594 <refsect1>
595 <title>Address Fields</title>
596
597 <para>During serialization into external formats, such as the
598 <ulink url="https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format">Journal Export Format</ulink>
599 or the
600 <ulink url="https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-json-format">Journal JSON Format</ulink>,
601 the addresses of journal entries are
602 serialized into fields prefixed with double underscores. Note that
603 these are not proper fields when stored in the journal but for
604 addressing metadata of entries. They cannot be written as part of
605 structured log entries via calls such as
606 <citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
607 They may also not be used as matches for
608 <citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
609 </para>
610
611 <variablelist class='journal-directives'>
612 <varlistentry>
613 <term><varname>__CURSOR=</varname></term>
614 <listitem>
615 <para>The cursor for the entry. A cursor is an opaque text
616 string that uniquely describes the position of an entry in
617 the journal and is portable across machines, platforms and
618 journal files.
619 </para>
620 </listitem>
621 </varlistentry>
622
623 <varlistentry>
624 <term><varname>__REALTIME_TIMESTAMP=</varname></term>
625 <listitem>
626 <para>The wallclock time
627 (<constant>CLOCK_REALTIME</constant>) at the point in time
628 the entry was received by the journal, in microseconds since
629 the epoch UTC, formatted as a decimal string. This has
630 different properties from
631 <literal>_SOURCE_REALTIME_TIMESTAMP=</literal>, as it is
632 usually a bit later but more likely to be monotonic.
633 </para>
634 </listitem>
635 </varlistentry>
636
637 <varlistentry>
638 <term><varname>__MONOTONIC_TIMESTAMP=</varname></term>
639 <listitem>
640 <para>The monotonic time
641 (<constant>CLOCK_MONOTONIC</constant>) at the point in time
642 the entry was received by the journal in microseconds,
643 formatted as a decimal string. To be useful as an address
644 for the entry, this should be combined with the boot ID in
645 <literal>_BOOT_ID=</literal>.
646 </para>
647 </listitem>
648 </varlistentry>
649
650 <varlistentry>
651 <term><varname>__SEQNUM=</varname></term>
652 <term><varname>__SEQNUM_ID=</varname></term>
653
654 <listitem><para>The sequence number (and associated sequence number ID) of this journal entry in the
655 journal file it originates from. See
656 <citerefentry><refentrytitle>sd_journal_get_seqnum</refentrytitle><manvolnum>3</manvolnum></citerefentry>
657 for details.</para>
658
659 <xi:include href="version-info.xml" xpointer="v254"/></listitem>
660 </varlistentry>
661 </variablelist>
662 </refsect1>
663
664 <refsect1>
665 <title>See Also</title>
666 <para>
667 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
668 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
669 <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
670 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
671 <citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
672 <citerefentry><refentrytitle>coredumpctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
673 <citerefentry><refentrytitle>systemd.directives</refentrytitle><manvolnum>7</manvolnum></citerefentry>
674 </para>
675 </refsect1>
676
677 </refentry>
Unnamed repository; edit this file 'description' to name the repository.