1 /* SPDX-License-Identifier: LGPL-2.1+ */
15 #include <sys/inotify.h>
20 # define PCRE2_CODE_UNIT_WIDTH 8
25 #include "sd-device.h"
26 #include "sd-journal.h"
29 #include "alloc-util.h"
30 #include "bus-error.h"
33 #include "chattr-util.h"
35 #include "device-private.h"
40 #include "glob-util.h"
41 #include "hostname-util.h"
42 #include "id128-print.h"
44 #include "journal-def.h"
45 #include "journal-internal.h"
46 #include "journal-qrcode.h"
47 #include "journal-util.h"
48 #include "journal-vacuum.h"
49 #include "journal-verify.h"
50 #include "locale-util.h"
52 #include "logs-show.h"
55 #include "parse-util.h"
56 #include "path-util.h"
57 #include "pretty-print.h"
58 #include "rlimit-util.h"
61 #include "string-table.h"
63 #include "syslog-util.h"
64 #include "terminal-util.h"
65 #include "tmpfile-util.h"
66 #include "unit-name.h"
67 #include "user-util.h"
69 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
71 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
74 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
75 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
77 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
79 PCRE2_SIZE erroroffset
;
82 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
83 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
85 unsigned char buf
[LINE_MAX
];
87 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
89 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
90 "Bad pattern \"%s\": %s", pattern
,
91 r
< 0 ? "unknown error" : (char *)buf
);
101 /* Special values for arg_lines */
102 ARG_LINES_DEFAULT
= -2,
106 static OutputMode arg_output
= OUTPUT_SHORT
;
107 static bool arg_utc
= false;
108 static bool arg_follow
= false;
109 static bool arg_full
= true;
110 static bool arg_all
= false;
111 static PagerFlags arg_pager_flags
= 0;
112 static int arg_lines
= ARG_LINES_DEFAULT
;
113 static bool arg_no_tail
= false;
114 static bool arg_quiet
= false;
115 static bool arg_merge
= false;
116 static bool arg_boot
= false;
117 static sd_id128_t arg_boot_id
= {};
118 static int arg_boot_offset
= 0;
119 static bool arg_dmesg
= false;
120 static bool arg_no_hostname
= false;
121 static const char *arg_cursor
= NULL
;
122 static const char *arg_after_cursor
= NULL
;
123 static bool arg_show_cursor
= false;
124 static const char *arg_directory
= NULL
;
125 static char **arg_file
= NULL
;
126 static bool arg_file_stdin
= false;
127 static int arg_priorities
= 0xFF;
128 static char *arg_verify_key
= NULL
;
130 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
131 static bool arg_force
= false;
133 static usec_t arg_since
, arg_until
;
134 static bool arg_since_set
= false, arg_until_set
= false;
135 static char **arg_syslog_identifier
= NULL
;
136 static char **arg_system_units
= NULL
;
137 static char **arg_user_units
= NULL
;
138 static const char *arg_field
= NULL
;
139 static bool arg_catalog
= false;
140 static bool arg_reverse
= false;
141 static int arg_journal_type
= 0;
142 static char *arg_root
= NULL
;
143 static const char *arg_machine
= NULL
;
144 static uint64_t arg_vacuum_size
= 0;
145 static uint64_t arg_vacuum_n_files
= 0;
146 static usec_t arg_vacuum_time
= 0;
147 static char **arg_output_fields
= NULL
;
150 static const char *arg_pattern
= NULL
;
151 static pcre2_code
*arg_compiled_pattern
= NULL
;
152 static int arg_case_sensitive
= -1; /* -1 means be smart */
164 ACTION_UPDATE_CATALOG
,
170 ACTION_ROTATE_AND_VACUUM
,
172 ACTION_LIST_FIELD_NAMES
,
173 } arg_action
= ACTION_SHOW
;
175 typedef struct BootId
{
179 LIST_FIELDS(struct BootId
, boot_list
);
182 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
183 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
191 if (!path_startswith(devpath
, "/dev/")) {
192 log_error("Devpath does not start with /dev/");
196 if (stat(devpath
, &st
) < 0)
197 return log_error_errno(errno
, "Couldn't stat file: %m");
199 r
= device_new_from_stat_rdev(&device
, &st
);
201 return log_error_errno(r
, "Failed to get device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
203 for (d
= device
; d
; ) {
204 _cleanup_free_
char *match
= NULL
;
205 const char *subsys
, *sysname
, *devnode
;
208 r
= sd_device_get_subsystem(d
, &subsys
);
212 r
= sd_device_get_sysname(d
, &sysname
);
216 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
220 r
= sd_journal_add_match(j
, match
, 0);
222 return log_error_errno(r
, "Failed to add match: %m");
224 if (sd_device_get_devname(d
, &devnode
) >= 0) {
225 _cleanup_free_
char *match1
= NULL
;
227 r
= stat(devnode
, &st
);
229 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
231 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
235 r
= sd_journal_add_match(j
, match1
, 0);
237 return log_error_errno(r
, "Failed to add match: %m");
241 if (sd_device_get_parent(d
, &parent
) < 0)
247 r
= add_match_this_boot(j
, arg_machine
);
249 return log_error_errno(r
, "Failed to add match for the current boot: %m");
254 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
257 return format_timestamp_utc(buf
, l
, t
);
259 return format_timestamp(buf
, l
, t
);
262 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
263 sd_id128_t id
= SD_ID128_NULL
;
266 if (strlen(x
) >= 32) {
270 r
= sd_id128_from_string(t
, &id
);
274 if (!IN_SET(*x
, 0, '-', '+'))
278 r
= safe_atoi(x
, &off
);
283 r
= safe_atoi(x
, &off
);
297 static int help(void) {
298 _cleanup_free_
char *link
= NULL
;
301 (void) pager_open(arg_pager_flags
);
303 r
= terminal_urlify_man("journalctl", "1", &link
);
307 printf("%s [OPTIONS...] [MATCHES...]\n\n"
308 "Query the journal.\n\n"
310 " --system Show the system journal\n"
311 " --user Show the user journal for the current user\n"
312 " -M --machine=CONTAINER Operate on local container\n"
313 " -S --since=DATE Show entries not older than the specified date\n"
314 " -U --until=DATE Show entries not newer than the specified date\n"
315 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
316 " --after-cursor=CURSOR Show entries after the specified cursor\n"
317 " --show-cursor Print the cursor after all the entries\n"
318 " -b --boot[=ID] Show current boot or the specified boot\n"
319 " --list-boots Show terse information about recorded boots\n"
320 " -k --dmesg Show kernel message log from the current boot\n"
321 " -u --unit=UNIT Show logs from the specified unit\n"
322 " --user-unit=UNIT Show logs from the specified user unit\n"
323 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
324 " -p --priority=RANGE Show entries with the specified priority\n"
325 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
326 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
327 " -e --pager-end Immediately jump to the end in the pager\n"
328 " -f --follow Follow the journal\n"
329 " -n --lines[=INTEGER] Number of journal entries to show\n"
330 " --no-tail Show all lines, even in follow mode\n"
331 " -r --reverse Show the newest entries first\n"
332 " -o --output=STRING Change journal output mode (short, short-precise,\n"
333 " short-iso, short-iso-precise, short-full,\n"
334 " short-monotonic, short-unix, verbose, export,\n"
335 " json, json-pretty, json-sse, json-seq, cat,\n"
337 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
338 " --utc Express time in Coordinated Universal Time (UTC)\n"
339 " -x --catalog Add message explanations where available\n"
340 " --no-full Ellipsize fields\n"
341 " -a --all Show all fields, including long and unprintable\n"
342 " -q --quiet Do not show info messages and privilege warning\n"
343 " --no-pager Do not pipe output into a pager\n"
344 " --no-hostname Suppress output of hostname field\n"
345 " -m --merge Show entries from all available journals\n"
346 " -D --directory=PATH Show journal files from directory\n"
347 " --file=PATH Show journal file\n"
348 " --root=ROOT Operate on files below a root directory\n"
349 " --interval=TIME Time interval for changing the FSS sealing key\n"
350 " --verify-key=KEY Specify FSS verification key\n"
351 " --force Override of the FSS key pair with --setup-keys\n"
353 " -h --help Show this help text\n"
354 " --version Show package version\n"
355 " -N --fields List all field names currently used\n"
356 " -F --field=FIELD List all values that a specified field takes\n"
357 " --disk-usage Show total disk usage of all journal files\n"
358 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
359 " --vacuum-files=INT Leave only the specified number of journal files\n"
360 " --vacuum-time=TIME Remove journal files older than specified time\n"
361 " --verify Verify journal file consistency\n"
362 " --sync Synchronize unwritten journal messages to disk\n"
363 " --flush Flush all journal data from /run into /var\n"
364 " --rotate Request immediate rotation of the journal files\n"
365 " --header Show journal header information\n"
366 " --list-catalog Show all message IDs in the catalog\n"
367 " --dump-catalog Show entries in the message catalog\n"
368 " --update-catalog Update the message catalog database\n"
369 " --setup-keys Generate a new FSS key pair\n"
370 "\nSee the %s for details.\n"
371 , program_invocation_short_name
378 static int parse_argv(int argc
, char *argv
[]) {
417 static const struct option options
[] = {
418 { "help", no_argument
, NULL
, 'h' },
419 { "version" , no_argument
, NULL
, ARG_VERSION
},
420 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
421 { "pager-end", no_argument
, NULL
, 'e' },
422 { "follow", no_argument
, NULL
, 'f' },
423 { "force", no_argument
, NULL
, ARG_FORCE
},
424 { "output", required_argument
, NULL
, 'o' },
425 { "all", no_argument
, NULL
, 'a' },
426 { "full", no_argument
, NULL
, 'l' },
427 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
428 { "lines", optional_argument
, NULL
, 'n' },
429 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
430 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
}, /* deprecated */
431 { "quiet", no_argument
, NULL
, 'q' },
432 { "merge", no_argument
, NULL
, 'm' },
433 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
434 { "boot", optional_argument
, NULL
, 'b' },
435 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
436 { "dmesg", no_argument
, NULL
, 'k' },
437 { "system", no_argument
, NULL
, ARG_SYSTEM
},
438 { "user", no_argument
, NULL
, ARG_USER
},
439 { "directory", required_argument
, NULL
, 'D' },
440 { "file", required_argument
, NULL
, ARG_FILE
},
441 { "root", required_argument
, NULL
, ARG_ROOT
},
442 { "header", no_argument
, NULL
, ARG_HEADER
},
443 { "identifier", required_argument
, NULL
, 't' },
444 { "priority", required_argument
, NULL
, 'p' },
445 { "grep", required_argument
, NULL
, 'g' },
446 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
447 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
448 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
449 { "verify", no_argument
, NULL
, ARG_VERIFY
},
450 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
451 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
452 { "cursor", required_argument
, NULL
, 'c' },
453 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
454 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
455 { "since", required_argument
, NULL
, 'S' },
456 { "until", required_argument
, NULL
, 'U' },
457 { "unit", required_argument
, NULL
, 'u' },
458 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
459 { "field", required_argument
, NULL
, 'F' },
460 { "fields", no_argument
, NULL
, 'N' },
461 { "catalog", no_argument
, NULL
, 'x' },
462 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
463 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
464 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
465 { "reverse", no_argument
, NULL
, 'r' },
466 { "machine", required_argument
, NULL
, 'M' },
467 { "utc", no_argument
, NULL
, ARG_UTC
},
468 { "flush", no_argument
, NULL
, ARG_FLUSH
},
469 { "sync", no_argument
, NULL
, ARG_SYNC
},
470 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
471 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
472 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
473 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
474 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
475 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
484 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
495 arg_pager_flags
|= PAGER_DISABLE
;
499 arg_pager_flags
|= PAGER_JUMP_TO_END
;
501 if (arg_lines
== ARG_LINES_DEFAULT
)
511 if (streq(optarg
, "help")) {
512 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
516 arg_output
= output_mode_from_string(optarg
);
517 if (arg_output
< 0) {
518 log_error("Unknown output format '%s'.", optarg
);
522 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_JSON_SEQ
, OUTPUT_CAT
))
541 if (streq(optarg
, "all"))
542 arg_lines
= ARG_LINES_ALL
;
544 r
= safe_atoi(optarg
, &arg_lines
);
545 if (r
< 0 || arg_lines
< 0) {
546 log_error("Failed to parse lines '%s'", optarg
);
553 /* Hmm, no argument? Maybe the next
554 * word on the command line is
555 * supposed to be the argument? Let's
556 * see if there is one, and is
560 if (streq(argv
[optind
], "all")) {
561 arg_lines
= ARG_LINES_ALL
;
563 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
577 arg_action
= ACTION_NEW_ID128
;
596 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
598 log_error("Failed to parse boot descriptor '%s'", optarg
);
603 /* Hmm, no argument? Maybe the next
604 * word on the command line is
605 * supposed to be the argument? Let's
606 * see if there is one and is parsable
607 * as a boot descriptor... */
610 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
617 arg_action
= ACTION_LIST_BOOTS
;
621 arg_boot
= arg_dmesg
= true;
625 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
629 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
633 arg_machine
= optarg
;
637 arg_directory
= optarg
;
641 if (streq(optarg
, "-"))
642 /* An undocumented feature: we can read journal files from STDIN. We don't document
643 * this though, since after all we only support this for mmap-able, seekable files, and
644 * not for example pipes which are probably the primary usecase for reading things from
645 * STDIN. To avoid confusion we hence don't document this feature. */
646 arg_file_stdin
= true;
648 r
= glob_extend(&arg_file
, optarg
);
650 return log_error_errno(r
, "Failed to add paths: %m");
655 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
664 case ARG_AFTER_CURSOR
:
665 arg_after_cursor
= optarg
;
668 case ARG_SHOW_CURSOR
:
669 arg_show_cursor
= true;
673 arg_action
= ACTION_PRINT_HEADER
;
677 arg_action
= ACTION_VERIFY
;
681 arg_action
= ACTION_DISK_USAGE
;
684 case ARG_VACUUM_SIZE
:
685 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
687 log_error("Failed to parse vacuum size: %s", optarg
);
691 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
694 case ARG_VACUUM_FILES
:
695 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
697 log_error("Failed to parse vacuum files: %s", optarg
);
701 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
704 case ARG_VACUUM_TIME
:
705 r
= parse_sec(optarg
, &arg_vacuum_time
);
707 log_error("Failed to parse vacuum time: %s", optarg
);
711 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
720 arg_action
= ACTION_SETUP_KEYS
;
724 arg_action
= ACTION_VERIFY
;
725 r
= free_and_strdup(&arg_verify_key
, optarg
);
728 /* Use memset not string_erase so this doesn't look confusing
729 * in ps or htop output. */
730 memset(optarg
, 'x', strlen(optarg
));
736 r
= parse_sec(optarg
, &arg_interval
);
737 if (r
< 0 || arg_interval
<= 0) {
738 log_error("Failed to parse sealing key change interval: %s", optarg
);
747 log_error("Compiled without forward-secure sealing support.");
754 dots
= strstr(optarg
, "..");
760 a
= strndup(optarg
, dots
- optarg
);
764 from
= log_level_from_string(a
);
765 to
= log_level_from_string(dots
+ 2);
768 if (from
< 0 || to
< 0) {
769 log_error("Failed to parse log level range %s", optarg
);
776 for (i
= from
; i
<= to
; i
++)
777 arg_priorities
|= 1 << i
;
779 for (i
= to
; i
<= from
; i
++)
780 arg_priorities
|= 1 << i
;
786 p
= log_level_from_string(optarg
);
788 log_error("Unknown log level %s", optarg
);
794 for (i
= 0; i
<= p
; i
++)
795 arg_priorities
|= 1 << i
;
803 arg_pattern
= optarg
;
806 case ARG_CASE_SENSITIVE
:
808 r
= parse_boolean(optarg
);
810 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
811 arg_case_sensitive
= r
;
813 arg_case_sensitive
= true;
818 case ARG_CASE_SENSITIVE
:
819 return log_error("Compiled without pattern matching support");
823 r
= parse_timestamp(optarg
, &arg_since
);
825 log_error("Failed to parse timestamp: %s", optarg
);
828 arg_since_set
= true;
832 r
= parse_timestamp(optarg
, &arg_until
);
834 log_error("Failed to parse timestamp: %s", optarg
);
837 arg_until_set
= true;
841 r
= strv_extend(&arg_syslog_identifier
, optarg
);
847 r
= strv_extend(&arg_system_units
, optarg
);
853 r
= strv_extend(&arg_user_units
, optarg
);
859 arg_action
= ACTION_LIST_FIELDS
;
864 arg_action
= ACTION_LIST_FIELD_NAMES
;
867 case ARG_NO_HOSTNAME
:
868 arg_no_hostname
= true;
875 case ARG_LIST_CATALOG
:
876 arg_action
= ACTION_LIST_CATALOG
;
879 case ARG_DUMP_CATALOG
:
880 arg_action
= ACTION_DUMP_CATALOG
;
883 case ARG_UPDATE_CATALOG
:
884 arg_action
= ACTION_UPDATE_CATALOG
;
896 arg_action
= ACTION_FLUSH
;
900 arg_action
= arg_action
== ACTION_VACUUM
? ACTION_ROTATE_AND_VACUUM
: ACTION_ROTATE
;
904 arg_action
= ACTION_SYNC
;
907 case ARG_OUTPUT_FIELDS
: {
908 _cleanup_strv_free_
char **v
= NULL
;
910 v
= strv_split(optarg
, ",");
914 if (!arg_output_fields
)
915 arg_output_fields
= TAKE_PTR(v
);
917 r
= strv_extend_strv(&arg_output_fields
, v
, true);
928 assert_not_reached("Unhandled option");
931 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
934 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
935 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
939 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
940 log_error("--since= must be before --until=.");
944 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
945 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
949 if (arg_follow
&& arg_reverse
) {
950 log_error("Please specify either --reverse= or --follow=, not both.");
954 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
955 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
959 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
960 log_error("Using --boot or --list-boots with --merge is not supported.");
964 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
965 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
966 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
967 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
968 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
972 arg_system_units
= strv_free(arg_system_units
);
979 if (arg_case_sensitive
>= 0)
980 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
982 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
984 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
986 md
= pcre2_match_data_create(1, NULL
);
990 r
= pattern_compile("[[:upper:]]", 0, &cs
);
994 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
997 flags
= !has_case
* PCRE2_CASELESS
;
1000 log_debug("Doing case %s matching based on %s",
1001 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1002 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1004 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1013 static int add_matches(sd_journal
*j
, char **args
) {
1015 bool have_term
= false;
1019 STRV_FOREACH(i
, args
) {
1022 if (streq(*i
, "+")) {
1025 r
= sd_journal_add_disjunction(j
);
1028 } else if (path_is_absolute(*i
)) {
1029 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1032 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1034 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1036 if (lstat(p
, &st
) < 0)
1037 return log_error_errno(errno
, "Couldn't stat file: %m");
1039 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1040 if (executable_is_script(p
, &interpreter
) > 0) {
1041 _cleanup_free_
char *comm
;
1043 comm
= strndup(basename(p
), 15);
1047 t
= strappend("_COMM=", comm
);
1051 /* Append _EXE only if the interpreter is not a link.
1052 Otherwise, it might be outdated often. */
1053 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1054 t2
= strappend("_EXE=", interpreter
);
1059 t
= strappend("_EXE=", p
);
1064 r
= sd_journal_add_match(j
, t
, 0);
1067 r
= sd_journal_add_match(j
, t2
, 0);
1069 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1070 r
= add_matches_for_device(j
, p
);
1074 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1075 "File is neither a device node, nor regular file, nor executable: %s",
1080 r
= sd_journal_add_match(j
, *i
, 0);
1085 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1088 if (!strv_isempty(args
) && !have_term
)
1089 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1090 "\"+\" can only be used between terms");
1095 static void boot_id_free_all(BootId
*l
) {
1099 LIST_REMOVE(boot_list
, l
, i
);
1104 static int discover_next_boot(sd_journal
*j
,
1105 sd_id128_t previous_boot_id
,
1109 _cleanup_free_ BootId
*next_boot
= NULL
;
1110 char match
[9+32+1] = "_BOOT_ID=";
1117 /* We expect the journal to be on the last position of a boot
1118 * (in relation to the direction we are going), so that the next
1119 * invocation of sd_journal_next/previous will be from a different
1120 * boot. We then collect any information we desire and then jump
1121 * to the last location of the new boot by using a _BOOT_ID match
1122 * coming from the other journal direction. */
1124 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1125 * we can actually advance to a *different* boot. */
1126 sd_journal_flush_matches(j
);
1130 r
= sd_journal_previous(j
);
1132 r
= sd_journal_next(j
);
1136 return 0; /* End of journal, yay. */
1138 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1142 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1143 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1144 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1145 * complete than the main entry array, and hence might reference an entry that's not actually the last
1146 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1147 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1150 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1152 next_boot
= new0(BootId
, 1);
1156 next_boot
->id
= boot_id
;
1158 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1162 /* Now seek to the last occurrence of this boot ID. */
1163 sd_id128_to_string(next_boot
->id
, match
+ 9);
1164 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1169 r
= sd_journal_seek_head(j
);
1171 r
= sd_journal_seek_tail(j
);
1176 r
= sd_journal_next(j
);
1178 r
= sd_journal_previous(j
);
1182 return log_debug_errno(SYNTHETIC_ERRNO(ENODATA
),
1183 "Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
1185 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1189 *ret
= TAKE_PTR(next_boot
);
1194 static int get_boots(
1197 sd_id128_t
*boot_id
,
1202 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1203 const bool advance_older
= boot_id
&& offset
<= 0;
1204 sd_id128_t previous_boot_id
;
1208 /* Adjust for the asymmetry that offset 0 is
1209 * the last (and current) boot, while 1 is considered the
1210 * (chronological) first boot in the journal. */
1211 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1213 /* Advance to the earliest/latest occurrence of our reference
1214 * boot ID (taking our lookup direction into account), so that
1215 * discover_next_boot() can do its job.
1216 * If no reference is given, the journal head/tail will do,
1217 * they're "virtual" boots after all. */
1218 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1219 char match
[9+32+1] = "_BOOT_ID=";
1221 sd_journal_flush_matches(j
);
1223 sd_id128_to_string(*boot_id
, match
+ 9);
1224 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1229 r
= sd_journal_seek_head(j
); /* seek to oldest */
1231 r
= sd_journal_seek_tail(j
); /* seek to newest */
1236 r
= sd_journal_next(j
); /* read the oldest entry */
1238 r
= sd_journal_previous(j
); /* read the most recently added entry */
1243 else if (offset
== 0) {
1248 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1249 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1250 * the following entry, which must then have an older/newer boot ID */
1254 r
= sd_journal_seek_tail(j
); /* seek to newest */
1256 r
= sd_journal_seek_head(j
); /* seek to oldest */
1260 /* No sd_journal_next()/_previous() here.
1262 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1263 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1267 previous_boot_id
= SD_ID128_NULL
;
1269 _cleanup_free_ BootId
*current
= NULL
;
1271 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1273 boot_id_free_all(head
);
1280 previous_boot_id
= current
->id
;
1284 offset
+= advance_older
? 1 : -1;
1289 *boot_id
= current
->id
;
1293 LIST_FOREACH(boot_list
, id
, head
) {
1294 if (sd_id128_equal(id
->id
, current
->id
)) {
1295 /* boot id already stored, something wrong with the journal files */
1296 /* exiting as otherwise this problem would cause forever loop */
1300 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1301 tail
= TAKE_PTR(current
);
1310 sd_journal_flush_matches(j
);
1315 static int list_boots(sd_journal
*j
) {
1317 BootId
*id
, *all_ids
;
1321 count
= get_boots(j
, &all_ids
, NULL
, 0);
1323 return log_error_errno(count
, "Failed to determine boots: %m");
1327 (void) pager_open(arg_pager_flags
);
1329 /* numbers are one less, but we need an extra char for the sign */
1330 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1333 LIST_FOREACH(boot_list
, id
, all_ids
) {
1334 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1336 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1338 SD_ID128_FORMAT_VAL(id
->id
),
1339 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1340 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1344 boot_id_free_all(all_ids
);
1349 static int add_boot(sd_journal
*j
) {
1350 char match
[9+32+1] = "_BOOT_ID=";
1359 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1360 * We can do this only when we logs are coming from the current machine,
1361 * so take the slow path if log location is specified. */
1362 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1363 !arg_directory
&& !arg_file
&& !arg_root
)
1365 return add_match_this_boot(j
, arg_machine
);
1367 boot_id
= arg_boot_id
;
1368 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1371 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1373 if (sd_id128_is_null(arg_boot_id
))
1374 log_error("Data from the specified boot (%+i) is not available: %s",
1375 arg_boot_offset
, reason
);
1377 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1378 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1380 return r
== 0 ? -ENODATA
: r
;
1383 sd_id128_to_string(boot_id
, match
+ 9);
1385 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1387 return log_error_errno(r
, "Failed to add match: %m");
1389 r
= sd_journal_add_conjunction(j
);
1391 return log_error_errno(r
, "Failed to add conjunction: %m");
1396 static int add_dmesg(sd_journal
*j
) {
1403 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1404 STRLEN("_TRANSPORT=kernel"));
1406 return log_error_errno(r
, "Failed to add match: %m");
1408 r
= sd_journal_add_conjunction(j
);
1410 return log_error_errno(r
, "Failed to add conjunction: %m");
1415 static int get_possible_units(
1421 _cleanup_set_free_free_ Set
*found
;
1425 found
= set_new(&string_hash_ops
);
1429 NULSTR_FOREACH(field
, fields
) {
1433 r
= sd_journal_query_unique(j
, field
);
1437 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1438 char **pattern
, *eq
;
1440 _cleanup_free_
char *u
= NULL
;
1442 eq
= memchr(data
, '=', size
);
1444 prefix
= eq
- (char*) data
+ 1;
1448 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1452 STRV_FOREACH(pattern
, patterns
)
1453 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1454 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1456 r
= set_consume(found
, u
);
1458 if (r
< 0 && r
!= -EEXIST
)
1466 *units
= TAKE_PTR(found
);
1471 /* This list is supposed to return the superset of unit names
1472 * possibly matched by rules added with add_matches_for_unit... */
1473 #define SYSTEM_UNITS \
1477 "OBJECT_SYSTEMD_UNIT\0" \
1480 /* ... and add_matches_for_user_unit */
1481 #define USER_UNITS \
1482 "_SYSTEMD_USER_UNIT\0" \
1484 "COREDUMP_USER_UNIT\0" \
1485 "OBJECT_SYSTEMD_USER_UNIT\0"
1487 static int add_units(sd_journal
*j
) {
1488 _cleanup_strv_free_
char **patterns
= NULL
;
1494 STRV_FOREACH(i
, arg_system_units
) {
1495 _cleanup_free_
char *u
= NULL
;
1497 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1501 if (string_is_glob(u
)) {
1502 r
= strv_push(&patterns
, u
);
1507 r
= add_matches_for_unit(j
, u
);
1510 r
= sd_journal_add_disjunction(j
);
1517 if (!strv_isempty(patterns
)) {
1518 _cleanup_set_free_free_ Set
*units
= NULL
;
1522 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1526 SET_FOREACH(u
, units
, it
) {
1527 r
= add_matches_for_unit(j
, u
);
1530 r
= sd_journal_add_disjunction(j
);
1537 patterns
= strv_free(patterns
);
1539 STRV_FOREACH(i
, arg_user_units
) {
1540 _cleanup_free_
char *u
= NULL
;
1542 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1546 if (string_is_glob(u
)) {
1547 r
= strv_push(&patterns
, u
);
1552 r
= add_matches_for_user_unit(j
, u
, getuid());
1555 r
= sd_journal_add_disjunction(j
);
1562 if (!strv_isempty(patterns
)) {
1563 _cleanup_set_free_free_ Set
*units
= NULL
;
1567 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1571 SET_FOREACH(u
, units
, it
) {
1572 r
= add_matches_for_user_unit(j
, u
, getuid());
1575 r
= sd_journal_add_disjunction(j
);
1582 /* Complain if the user request matches but nothing whatsoever was
1583 * found, since otherwise everything would be matched. */
1584 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1587 r
= sd_journal_add_conjunction(j
);
1594 static int add_priorities(sd_journal
*j
) {
1595 char match
[] = "PRIORITY=0";
1599 if (arg_priorities
== 0xFF)
1602 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1603 if (arg_priorities
& (1 << i
)) {
1604 match
[sizeof(match
)-2] = '0' + i
;
1606 r
= sd_journal_add_match(j
, match
, strlen(match
));
1608 return log_error_errno(r
, "Failed to add match: %m");
1611 r
= sd_journal_add_conjunction(j
);
1613 return log_error_errno(r
, "Failed to add conjunction: %m");
1618 static int add_syslog_identifier(sd_journal
*j
) {
1624 STRV_FOREACH(i
, arg_syslog_identifier
) {
1627 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1628 r
= sd_journal_add_match(j
, u
, 0);
1631 r
= sd_journal_add_disjunction(j
);
1636 r
= sd_journal_add_conjunction(j
);
1643 static int setup_keys(void) {
1645 size_t mpk_size
, seed_size
, state_size
, i
;
1646 uint8_t *mpk
, *seed
, *state
;
1648 sd_id128_t machine
, boot
;
1649 char *p
= NULL
, *k
= NULL
;
1654 r
= stat("/var/log/journal", &st
);
1655 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1656 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1658 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1659 log_error("%s is not a directory, must be using persistent logging for FSS.",
1660 "/var/log/journal");
1661 return r
< 0 ? -errno
: -ENOTDIR
;
1664 r
= sd_id128_get_machine(&machine
);
1666 return log_error_errno(r
, "Failed to get machine ID: %m");
1668 r
= sd_id128_get_boot(&boot
);
1670 return log_error_errno(r
, "Failed to get boot ID: %m");
1672 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1673 SD_ID128_FORMAT_VAL(machine
)) < 0)
1678 if (r
< 0 && errno
!= ENOENT
) {
1679 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1682 } else if (access(p
, F_OK
) >= 0) {
1683 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1688 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1689 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1694 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1695 mpk
= alloca(mpk_size
);
1697 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1698 seed
= alloca(seed_size
);
1700 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1701 state
= alloca(state_size
);
1703 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1705 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1709 log_info("Generating seed...");
1710 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1712 log_error_errno(r
, "Failed to read random seed: %m");
1716 log_info("Generating key pair...");
1717 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1719 log_info("Generating sealing key...");
1720 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1722 assert(arg_interval
> 0);
1724 n
= now(CLOCK_REALTIME
);
1728 fd
= mkostemp_safe(k
);
1730 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1734 /* Enable secure remove, exclusion from dump, synchronous
1735 * writing and in-place updating */
1736 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, NULL
);
1738 log_warning_errno(r
, "Failed to set file attributes: %m");
1741 memcpy(h
.signature
, "KSHHRHLP", 8);
1742 h
.machine_id
= machine
;
1744 h
.header_size
= htole64(sizeof(h
));
1745 h
.start_usec
= htole64(n
* arg_interval
);
1746 h
.interval_usec
= htole64(arg_interval
);
1747 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1748 h
.fsprg_state_size
= htole64(state_size
);
1750 r
= loop_write(fd
, &h
, sizeof(h
), false);
1752 log_error_errno(r
, "Failed to write header: %m");
1756 r
= loop_write(fd
, state
, state_size
, false);
1758 log_error_errno(r
, "Failed to write state: %m");
1762 if (link(k
, p
) < 0) {
1763 r
= log_error_errno(errno
, "Failed to link file: %m");
1770 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1771 "the following local file. This key file is automatically updated when the\n"
1772 "sealing key is advanced. It should not be used on multiple hosts.\n"
1776 "Please write down the following %ssecret verification key%s. It should be stored\n"
1777 "at a safe location and should not be saved locally on disk.\n"
1779 ansi_highlight(), ansi_normal(),
1781 ansi_highlight(), ansi_normal(),
1782 ansi_highlight_red());
1785 for (i
= 0; i
< seed_size
; i
++) {
1786 if (i
> 0 && i
% 3 == 0)
1788 printf("%02x", ((uint8_t*) seed
)[i
]);
1791 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1794 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1798 "The sealing key is automatically changed every %s.\n",
1800 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1802 hn
= gethostname_malloc();
1805 hostname_cleanup(hn
);
1806 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1808 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1811 /* If this is not an UTF-8 system don't print any QR codes */
1812 if (is_locale_utf8()) {
1813 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1814 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1834 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
1835 "Forward-secure sealing not available.");
1839 static int verify(sd_journal
*j
) {
1846 log_show_color(true);
1848 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1850 usec_t first
= 0, validated
= 0, last
= 0;
1853 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1854 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1857 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1859 /* If the key was invalid give up right-away. */
1862 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1865 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1866 log_info("PASS: %s", f
->path
);
1868 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1869 if (validated
> 0) {
1870 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1871 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1872 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1873 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1874 } else if (last
> 0)
1875 log_info("=> No sealing yet, %s of entries not sealed.",
1876 format_timespan(c
, sizeof(c
), last
- first
, 0));
1878 log_info("=> No sealing yet, no entries in file.");
1886 static int flush_to_var(void) {
1887 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1888 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1889 _cleanup_close_
int watch_fd
= -1;
1893 log_error("--flush is not supported in conjunction with --machine=.");
1898 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1901 /* OK, let's actually do the full logic, send SIGUSR1 to the
1902 * daemon and set up inotify to wait for the flushed file to appear */
1903 r
= bus_connect_system_systemd(&bus
);
1905 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1907 r
= sd_bus_call_method(
1909 "org.freedesktop.systemd1",
1910 "/org/freedesktop/systemd1",
1911 "org.freedesktop.systemd1.Manager",
1915 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1917 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1919 mkdir_p("/run/systemd/journal", 0755);
1921 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1923 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1925 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1927 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1930 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1933 if (errno
!= ENOENT
)
1934 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1936 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1938 return log_error_errno(r
, "Failed to wait for event: %m");
1940 r
= flush_fd(watch_fd
);
1942 return log_error_errno(r
, "Failed to flush inotify events: %m");
1948 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1949 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1950 _cleanup_close_
int watch_fd
= -1;
1955 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1959 start
= now(CLOCK_MONOTONIC
);
1961 /* This call sends the specified signal to journald, and waits
1962 * for acknowledgment by watching the mtime of the specified
1963 * flag file. This is used to trigger syncing or rotation and
1964 * then wait for the operation to complete. */
1969 /* See if a sync happened by now. */
1970 r
= read_timestamp_file(watch_path
, &tstamp
);
1971 if (r
< 0 && r
!= -ENOENT
)
1972 return log_error_errno(r
, "Failed to read %s: %m", watch_path
);
1973 if (r
>= 0 && tstamp
>= start
)
1976 /* Let's ask for a sync, but only once. */
1978 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1980 r
= bus_connect_system_systemd(&bus
);
1982 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1984 r
= sd_bus_call_method(
1986 "org.freedesktop.systemd1",
1987 "/org/freedesktop/systemd1",
1988 "org.freedesktop.systemd1.Manager",
1992 "ssi", "systemd-journald.service", "main", sig
);
1994 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1999 /* Let's install the inotify watch, if we didn't do that yet. */
2002 mkdir_p("/run/systemd/journal", 0755);
2004 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2006 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2008 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2010 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2012 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2016 /* OK, all preparatory steps done, let's wait until
2017 * inotify reports an event. */
2019 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2021 return log_error_errno(r
, "Failed to wait for event: %m");
2023 r
= flush_fd(watch_fd
);
2025 return log_error_errno(r
, "Failed to flush inotify events: %m");
2031 static int rotate(void) {
2032 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2035 static int sync_journal(void) {
2036 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2039 static int wait_for_change(sd_journal
*j
, int poll_fd
) {
2040 struct pollfd pollfds
[] = {
2041 { .fd
= poll_fd
, .events
= POLLIN
},
2042 { .fd
= STDOUT_FILENO
},
2050 assert(poll_fd
>= 0);
2052 /* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
2053 * i.e. when it is closed. */
2055 r
= sd_journal_get_timeout(j
, &timeout
);
2057 return log_error_errno(r
, "Failed to determine journal waiting time: %m");
2059 if (ppoll(pollfds
, ELEMENTSOF(pollfds
),
2060 timeout
== USEC_INFINITY
? NULL
: timespec_store(&ts
, timeout
), NULL
) < 0) {
2064 return log_error_errno(errno
, "Couldn't wait for journal event: %m");
2067 if (pollfds
[1].revents
& (POLLHUP
|POLLERR
)) /* STDOUT has been closed? */
2068 return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED
),
2069 "Standard output has been closed.");
2071 r
= sd_journal_process(j
);
2073 return log_error_errno(r
, "Failed to process journal events: %m");
2078 int main(int argc
, char *argv
[]) {
2079 bool previous_boot_id_valid
= false, first_line
= true, ellipsized
= false, need_seek
= false;
2080 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2081 sd_id128_t previous_boot_id
;
2082 int n_shown
= 0, r
, poll_fd
= -1;
2084 setlocale(LC_ALL
, "");
2085 log_parse_environment();
2088 /* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
2089 * split up into many files. */
2090 (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE
);
2092 r
= parse_argv(argc
, argv
);
2096 signal(SIGWINCH
, columns_lines_cache_reset
);
2099 switch (arg_action
) {
2101 case ACTION_NEW_ID128
:
2102 r
= id128_print_new(true);
2105 case ACTION_SETUP_KEYS
:
2109 case ACTION_LIST_CATALOG
:
2110 case ACTION_DUMP_CATALOG
:
2111 case ACTION_UPDATE_CATALOG
: {
2112 _cleanup_free_
char *database
;
2114 database
= path_join(arg_root
, CATALOG_DATABASE
);
2120 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2121 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2123 log_error_errno(r
, "Failed to list catalog: %m");
2125 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2127 (void) pager_open(arg_pager_flags
);
2130 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2132 r
= catalog_list(stdout
, database
, oneline
);
2134 log_error_errno(r
, "Failed to list catalog: %m");
2153 case ACTION_PRINT_HEADER
:
2155 case ACTION_DISK_USAGE
:
2156 case ACTION_LIST_BOOTS
:
2158 case ACTION_ROTATE_AND_VACUUM
:
2159 case ACTION_LIST_FIELDS
:
2160 case ACTION_LIST_FIELD_NAMES
:
2161 /* These ones require access to the journal files, continue below. */
2165 assert_not_reached("Unknown action");
2169 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2171 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2172 else if (arg_file_stdin
) {
2173 int ifd
= STDIN_FILENO
;
2174 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2175 } else if (arg_file
)
2176 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2177 else if (arg_machine
) {
2178 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2179 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2180 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2183 if (geteuid() != 0) {
2184 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2185 * the container, thus we need root privileges to override them. */
2186 log_error("Using the --machine= switch requires root privileges.");
2191 r
= sd_bus_open_system(&bus
);
2193 log_error_errno(r
, "Failed to open system bus: %m");
2197 r
= sd_bus_call_method(
2199 "org.freedesktop.machine1",
2200 "/org/freedesktop/machine1",
2201 "org.freedesktop.machine1.Manager",
2202 "OpenMachineRootDirectory",
2207 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2211 r
= sd_bus_message_read(reply
, "h", &fd
);
2213 bus_log_parse_error(r
);
2217 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2219 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2223 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2227 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2229 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2233 r
= journal_access_check_and_warn(j
, arg_quiet
,
2234 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2238 switch (arg_action
) {
2240 case ACTION_NEW_ID128
:
2241 case ACTION_SETUP_KEYS
:
2242 case ACTION_LIST_CATALOG
:
2243 case ACTION_DUMP_CATALOG
:
2244 case ACTION_UPDATE_CATALOG
:
2248 assert_not_reached("Unexpected action.");
2250 case ACTION_PRINT_HEADER
:
2251 journal_print_header(j
);
2259 case ACTION_DISK_USAGE
: {
2261 char sbytes
[FORMAT_BYTES_MAX
];
2263 r
= sd_journal_get_usage(j
, &bytes
);
2267 printf("Archived and active journals take up %s in the file system.\n",
2268 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2272 case ACTION_LIST_BOOTS
:
2276 case ACTION_ROTATE_AND_VACUUM
:
2284 case ACTION_VACUUM
: {
2288 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2294 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2296 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2304 case ACTION_LIST_FIELD_NAMES
: {
2307 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2308 printf("%s\n", field
);
2317 case ACTION_LIST_FIELDS
:
2321 assert_not_reached("Unknown action");
2324 if (arg_boot_offset
!= 0 &&
2325 sd_journal_has_runtime_files(j
) > 0 &&
2326 sd_journal_has_persistent_files(j
) == 0) {
2327 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2331 /* add_boot() must be called first!
2332 * It may need to seek the journal to find parent boot IDs. */
2343 log_error_errno(r
, "Failed to add filter for units: %m");
2347 r
= add_syslog_identifier(j
);
2349 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2353 r
= add_priorities(j
);
2357 r
= add_matches(j
, argv
+ optind
);
2361 if (DEBUG_LOGGING
) {
2362 _cleanup_free_
char *filter
;
2364 filter
= journal_make_match_string(j
);
2368 log_debug("Journal filter: %s", filter
);
2371 if (arg_action
== ACTION_LIST_FIELDS
) {
2377 r
= sd_journal_set_data_threshold(j
, 0);
2379 log_error_errno(r
, "Failed to unset data size threshold: %m");
2383 r
= sd_journal_query_unique(j
, arg_field
);
2385 log_error_errno(r
, "Failed to query unique data objects: %m");
2389 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2392 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2395 eq
= memchr(data
, '=', size
);
2397 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2399 printf("%.*s\n", (int) size
, (const char*) data
);
2408 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2410 poll_fd
= sd_journal_get_fd(j
);
2411 if (poll_fd
== -EMFILE
) {
2412 log_warning_errno(poll_fd
, "Insufficent watch descriptors available. Reverting to -n.");
2414 } else if (poll_fd
== -EMEDIUMTYPE
) {
2415 log_error_errno(poll_fd
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2417 } else if (poll_fd
< 0) {
2418 log_error_errno(poll_fd
, "Failed to get journal fd: %m");
2423 if (arg_cursor
|| arg_after_cursor
) {
2424 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2426 log_error_errno(r
, "Failed to seek to cursor: %m");
2431 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2433 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2435 if (arg_after_cursor
&& r
< 2) {
2436 /* We couldn't find the next entry after the cursor. */
2443 } else if (arg_since_set
&& !arg_reverse
) {
2444 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2446 log_error_errno(r
, "Failed to seek to date: %m");
2449 r
= sd_journal_next(j
);
2451 } else if (arg_until_set
&& arg_reverse
) {
2452 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2454 log_error_errno(r
, "Failed to seek to date: %m");
2457 r
= sd_journal_previous(j
);
2459 } else if (arg_lines
>= 0) {
2460 r
= sd_journal_seek_tail(j
);
2462 log_error_errno(r
, "Failed to seek to tail: %m");
2466 r
= sd_journal_previous_skip(j
, arg_lines
);
2468 } else if (arg_reverse
) {
2469 r
= sd_journal_seek_tail(j
);
2471 log_error_errno(r
, "Failed to seek to tail: %m");
2475 r
= sd_journal_previous(j
);
2478 r
= sd_journal_seek_head(j
);
2480 log_error_errno(r
, "Failed to seek to head: %m");
2484 r
= sd_journal_next(j
);
2488 log_error_errno(r
, "Failed to iterate through journal: %m");
2495 (void) pager_open(arg_pager_flags
);
2497 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2499 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2501 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2503 log_error_errno(r
, "Failed to get cutoff: %m");
2509 printf("-- Logs begin at %s. --\n",
2510 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2512 printf("-- Logs begin at %s, end at %s. --\n",
2513 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2514 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2519 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2521 size_t highlight
[2] = {};
2525 r
= sd_journal_next(j
);
2527 r
= sd_journal_previous(j
);
2529 log_error_errno(r
, "Failed to iterate through journal: %m");
2536 if (arg_until_set
&& !arg_reverse
) {
2539 r
= sd_journal_get_realtime_usec(j
, &usec
);
2541 log_error_errno(r
, "Failed to determine timestamp: %m");
2544 if (usec
> arg_until
)
2548 if (arg_since_set
&& arg_reverse
) {
2551 r
= sd_journal_get_realtime_usec(j
, &usec
);
2553 log_error_errno(r
, "Failed to determine timestamp: %m");
2556 if (usec
< arg_since
)
2560 if (!arg_merge
&& !arg_quiet
) {
2563 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2565 if (previous_boot_id_valid
&&
2566 !sd_id128_equal(boot_id
, previous_boot_id
))
2567 printf("%s-- Reboot --%s\n",
2568 ansi_highlight(), ansi_normal());
2570 previous_boot_id
= boot_id
;
2571 previous_boot_id_valid
= true;
2576 if (arg_compiled_pattern
) {
2577 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2578 const void *message
;
2582 md
= pcre2_match_data_create(1, NULL
);
2586 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2593 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2597 assert_se(message
= startswith(message
, "MESSAGE="));
2599 r
= pcre2_match(arg_compiled_pattern
,
2601 len
- strlen("MESSAGE="),
2602 0, /* start at offset 0 in the subject */
2603 0, /* default options */
2606 if (r
== PCRE2_ERROR_NOMATCH
) {
2611 unsigned char buf
[LINE_MAX
];
2614 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2615 log_error("Pattern matching failed: %s",
2616 r2
< 0 ? "unknown error" : (char*) buf
);
2621 ovec
= pcre2_get_ovector_pointer(md
);
2622 highlight
[0] = ovec
[0];
2623 highlight
[1] = ovec
[1];
2628 arg_all
* OUTPUT_SHOW_ALL
|
2629 arg_full
* OUTPUT_FULL_WIDTH
|
2630 colors_enabled() * OUTPUT_COLOR
|
2631 arg_catalog
* OUTPUT_CATALOG
|
2632 arg_utc
* OUTPUT_UTC
|
2633 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2635 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2636 arg_output_fields
, highlight
, &ellipsized
);
2638 if (r
== -EADDRNOTAVAIL
)
2645 /* If journalctl take a long time to process messages, and during that time journal file
2646 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2647 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2648 * in the "following" case. By periodically calling sd_journal_process() during the processing
2649 * loop we shrink the window of time a client instance has open file descriptors for rotated
2650 * (deleted) journal files. */
2651 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2652 r
= sd_journal_process(j
);
2654 log_error_errno(r
, "Failed to process inotify events: %m");
2661 if (n_shown
== 0 && !arg_quiet
)
2662 printf("-- No entries --\n");
2664 if (arg_show_cursor
) {
2665 _cleanup_free_
char *cursor
= NULL
;
2667 r
= sd_journal_get_cursor(j
, &cursor
);
2668 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2669 log_error_errno(r
, "Failed to get cursor: %m");
2671 printf("-- cursor: %s\n", cursor
);
2679 r
= wait_for_change(j
, poll_fd
);
2690 strv_free(arg_file
);
2692 strv_free(arg_syslog_identifier
);
2693 strv_free(arg_system_units
);
2694 strv_free(arg_user_units
);
2695 strv_free(arg_output_fields
);
2698 free(arg_verify_key
);
2701 if (arg_compiled_pattern
)
2702 pcre2_code_free(arg_compiled_pattern
);
2705 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;