1 /* SPDX-License-Identifier: LGPL-2.1+ */
13 #include <sys/inotify.h>
18 # define PCRE2_CODE_UNIT_WIDTH 8
23 #include "sd-device.h"
24 #include "sd-journal.h"
27 #include "alloc-util.h"
28 #include "bus-error.h"
31 #include "chattr-util.h"
33 #include "device-private.h"
36 #include "format-util.h"
39 #include "glob-util.h"
40 #include "hostname-util.h"
41 #include "id128-print.h"
43 #include "journal-def.h"
44 #include "journal-internal.h"
45 #include "journal-qrcode.h"
46 #include "journal-util.h"
47 #include "journal-vacuum.h"
48 #include "journal-verify.h"
49 #include "locale-util.h"
51 #include "logs-show.h"
52 #include "memory-util.h"
54 #include "mountpoint-util.h"
55 #include "nulstr-util.h"
57 #include "parse-util.h"
58 #include "path-util.h"
59 #include "pretty-print.h"
60 #include "rlimit-util.h"
63 #include "string-table.h"
65 #include "syslog-util.h"
66 #include "terminal-util.h"
67 #include "tmpfile-util.h"
68 #include "unit-name.h"
69 #include "user-util.h"
72 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
73 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
76 /* Special values for arg_lines */
77 ARG_LINES_DEFAULT
= -2,
81 static OutputMode arg_output
= OUTPUT_SHORT
;
82 static bool arg_utc
= false;
83 static bool arg_follow
= false;
84 static bool arg_full
= true;
85 static bool arg_all
= false;
86 static PagerFlags arg_pager_flags
= 0;
87 static int arg_lines
= ARG_LINES_DEFAULT
;
88 static bool arg_no_tail
= false;
89 static bool arg_quiet
= false;
90 static bool arg_merge
= false;
91 static bool arg_boot
= false;
92 static sd_id128_t arg_boot_id
= {};
93 static int arg_boot_offset
= 0;
94 static bool arg_dmesg
= false;
95 static bool arg_no_hostname
= false;
96 static const char *arg_cursor
= NULL
;
97 static const char *arg_cursor_file
= NULL
;
98 static const char *arg_after_cursor
= NULL
;
99 static bool arg_show_cursor
= false;
100 static const char *arg_directory
= NULL
;
101 static char **arg_file
= NULL
;
102 static bool arg_file_stdin
= false;
103 static int arg_priorities
= 0xFF;
104 static char *arg_verify_key
= NULL
;
106 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
107 static bool arg_force
= false;
109 static usec_t arg_since
, arg_until
;
110 static bool arg_since_set
= false, arg_until_set
= false;
111 static char **arg_syslog_identifier
= NULL
;
112 static char **arg_system_units
= NULL
;
113 static char **arg_user_units
= NULL
;
114 static const char *arg_field
= NULL
;
115 static bool arg_catalog
= false;
116 static bool arg_reverse
= false;
117 static int arg_journal_type
= 0;
118 static int arg_namespace_flags
= 0;
119 static char *arg_root
= NULL
;
120 static const char *arg_machine
= NULL
;
121 static const char *arg_namespace
= NULL
;
122 static uint64_t arg_vacuum_size
= 0;
123 static uint64_t arg_vacuum_n_files
= 0;
124 static usec_t arg_vacuum_time
= 0;
125 static char **arg_output_fields
= NULL
;
127 static const char *arg_pattern
= NULL
;
128 static pcre2_code
*arg_compiled_pattern
= NULL
;
129 static int arg_case_sensitive
= -1; /* -1 means be smart */
141 ACTION_UPDATE_CATALOG
,
144 ACTION_RELINQUISH_VAR
,
148 ACTION_ROTATE_AND_VACUUM
,
150 ACTION_LIST_FIELD_NAMES
,
151 } arg_action
= ACTION_SHOW
;
153 typedef struct BootId
{
157 LIST_FIELDS(struct BootId
, boot_list
);
161 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
162 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
164 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
166 PCRE2_SIZE erroroffset
;
169 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
170 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
172 unsigned char buf
[LINE_MAX
];
174 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
176 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
177 "Bad pattern \"%s\": %s", pattern
,
178 r
< 0 ? "unknown error" : (char *)buf
);
187 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
188 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
196 if (!path_startswith(devpath
, "/dev/")) {
197 log_error("Devpath does not start with /dev/");
201 if (stat(devpath
, &st
) < 0)
202 return log_error_errno(errno
, "Couldn't stat file: %m");
204 r
= device_new_from_stat_rdev(&device
, &st
);
206 return log_error_errno(r
, "Failed to get device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
208 for (d
= device
; d
; ) {
209 _cleanup_free_
char *match
= NULL
;
210 const char *subsys
, *sysname
, *devnode
;
213 r
= sd_device_get_subsystem(d
, &subsys
);
217 r
= sd_device_get_sysname(d
, &sysname
);
221 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
225 r
= sd_journal_add_match(j
, match
, 0);
227 return log_error_errno(r
, "Failed to add match: %m");
229 if (sd_device_get_devname(d
, &devnode
) >= 0) {
230 _cleanup_free_
char *match1
= NULL
;
232 r
= stat(devnode
, &st
);
234 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
236 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
240 r
= sd_journal_add_match(j
, match1
, 0);
242 return log_error_errno(r
, "Failed to add match: %m");
246 if (sd_device_get_parent(d
, &parent
) < 0)
252 r
= add_match_this_boot(j
, arg_machine
);
254 return log_error_errno(r
, "Failed to add match for the current boot: %m");
259 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
262 return format_timestamp_utc(buf
, l
, t
);
264 return format_timestamp(buf
, l
, t
);
267 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
268 sd_id128_t id
= SD_ID128_NULL
;
271 if (streq(x
, "all")) {
272 *boot_id
= SD_ID128_NULL
;
275 } else if (strlen(x
) >= 32) {
279 r
= sd_id128_from_string(t
, &id
);
283 if (!IN_SET(*x
, 0, '-', '+'))
287 r
= safe_atoi(x
, &off
);
292 r
= safe_atoi(x
, &off
);
306 static int help(void) {
307 _cleanup_free_
char *link
= NULL
;
310 (void) pager_open(arg_pager_flags
);
312 r
= terminal_urlify_man("journalctl", "1", &link
);
316 printf("%1$s [OPTIONS...] [MATCHES...]\n\n"
317 "%5$sQuery the journal.%6$s\n\n"
319 " --system Show the system journal\n"
320 " --user Show the user journal for the current user\n"
321 " -M --machine=CONTAINER Operate on local container\n"
322 " -S --since=DATE Show entries not older than the specified date\n"
323 " -U --until=DATE Show entries not newer than the specified date\n"
324 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
325 " --after-cursor=CURSOR Show entries after the specified cursor\n"
326 " --show-cursor Print the cursor after all the entries\n"
327 " --cursor-file=FILE Show entries after cursor in FILE and update FILE\n"
328 " -b --boot[=ID] Show current boot or the specified boot\n"
329 " --list-boots Show terse information about recorded boots\n"
330 " -k --dmesg Show kernel message log from the current boot\n"
331 " -u --unit=UNIT Show logs from the specified unit\n"
332 " --user-unit=UNIT Show logs from the specified user unit\n"
333 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
334 " -p --priority=RANGE Show entries with the specified priority\n"
335 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
336 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
337 " -e --pager-end Immediately jump to the end in the pager\n"
338 " -f --follow Follow the journal\n"
339 " -n --lines[=INTEGER] Number of journal entries to show\n"
340 " --no-tail Show all lines, even in follow mode\n"
341 " -r --reverse Show the newest entries first\n"
342 " -o --output=STRING Change journal output mode (short, short-precise,\n"
343 " short-iso, short-iso-precise, short-full,\n"
344 " short-monotonic, short-unix, verbose, export,\n"
345 " json, json-pretty, json-sse, json-seq, cat,\n"
347 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
348 " --utc Express time in Coordinated Universal Time (UTC)\n"
349 " -x --catalog Add message explanations where available\n"
350 " --no-full Ellipsize fields\n"
351 " -a --all Show all fields, including long and unprintable\n"
352 " -q --quiet Do not show info messages and privilege warning\n"
353 " --no-pager Do not pipe output into a pager\n"
354 " --no-hostname Suppress output of hostname field\n"
355 " -m --merge Show entries from all available journals\n"
356 " -D --directory=PATH Show journal files from directory\n"
357 " --file=PATH Show journal file\n"
358 " --root=ROOT Operate on files below a root directory\n"
359 " --namespace=NAMESPACE Show journal data from specified namespace\n"
360 " --interval=TIME Time interval for changing the FSS sealing key\n"
361 " --verify-key=KEY Specify FSS verification key\n"
362 " --force Override of the FSS key pair with --setup-keys\n"
363 "\n%3$sCommands:%4$s\n"
364 " -h --help Show this help text\n"
365 " --version Show package version\n"
366 " -N --fields List all field names currently used\n"
367 " -F --field=FIELD List all values that a specified field takes\n"
368 " --disk-usage Show total disk usage of all journal files\n"
369 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
370 " --vacuum-files=INT Leave only the specified number of journal files\n"
371 " --vacuum-time=TIME Remove journal files older than specified time\n"
372 " --verify Verify journal file consistency\n"
373 " --sync Synchronize unwritten journal messages to disk\n"
374 " --relinquish-var Stop logging to disk, log to temporary file system\n"
375 " --smart-relinquish-var Similar, but NOP if log directory is on root mount\n"
376 " --flush Flush all journal data from /run into /var\n"
377 " --rotate Request immediate rotation of the journal files\n"
378 " --header Show journal header information\n"
379 " --list-catalog Show all message IDs in the catalog\n"
380 " --dump-catalog Show entries in the message catalog\n"
381 " --update-catalog Update the message catalog database\n"
382 " --setup-keys Generate a new FSS key pair\n"
383 "\nSee the %2$s for details.\n"
384 , program_invocation_short_name
386 , ansi_underline(), ansi_normal()
387 , ansi_highlight(), ansi_normal()
393 static int parse_argv(int argc
, char *argv
[]) {
426 ARG_SMART_RELINQUISH_VAR
,
436 static const struct option options
[] = {
437 { "help", no_argument
, NULL
, 'h' },
438 { "version" , no_argument
, NULL
, ARG_VERSION
},
439 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
440 { "pager-end", no_argument
, NULL
, 'e' },
441 { "follow", no_argument
, NULL
, 'f' },
442 { "force", no_argument
, NULL
, ARG_FORCE
},
443 { "output", required_argument
, NULL
, 'o' },
444 { "all", no_argument
, NULL
, 'a' },
445 { "full", no_argument
, NULL
, 'l' },
446 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
447 { "lines", optional_argument
, NULL
, 'n' },
448 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
449 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
}, /* deprecated */
450 { "quiet", no_argument
, NULL
, 'q' },
451 { "merge", no_argument
, NULL
, 'm' },
452 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
453 { "boot", optional_argument
, NULL
, 'b' },
454 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
455 { "dmesg", no_argument
, NULL
, 'k' },
456 { "system", no_argument
, NULL
, ARG_SYSTEM
},
457 { "user", no_argument
, NULL
, ARG_USER
},
458 { "directory", required_argument
, NULL
, 'D' },
459 { "file", required_argument
, NULL
, ARG_FILE
},
460 { "root", required_argument
, NULL
, ARG_ROOT
},
461 { "header", no_argument
, NULL
, ARG_HEADER
},
462 { "identifier", required_argument
, NULL
, 't' },
463 { "priority", required_argument
, NULL
, 'p' },
464 { "grep", required_argument
, NULL
, 'g' },
465 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
466 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
467 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
468 { "verify", no_argument
, NULL
, ARG_VERIFY
},
469 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
470 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
471 { "cursor", required_argument
, NULL
, 'c' },
472 { "cursor-file", required_argument
, NULL
, ARG_CURSOR_FILE
},
473 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
474 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
475 { "since", required_argument
, NULL
, 'S' },
476 { "until", required_argument
, NULL
, 'U' },
477 { "unit", required_argument
, NULL
, 'u' },
478 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
479 { "field", required_argument
, NULL
, 'F' },
480 { "fields", no_argument
, NULL
, 'N' },
481 { "catalog", no_argument
, NULL
, 'x' },
482 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
483 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
484 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
485 { "reverse", no_argument
, NULL
, 'r' },
486 { "machine", required_argument
, NULL
, 'M' },
487 { "utc", no_argument
, NULL
, ARG_UTC
},
488 { "flush", no_argument
, NULL
, ARG_FLUSH
},
489 { "relinquish-var", no_argument
, NULL
, ARG_RELINQUISH_VAR
},
490 { "smart-relinquish-var", no_argument
, NULL
, ARG_SMART_RELINQUISH_VAR
},
491 { "sync", no_argument
, NULL
, ARG_SYNC
},
492 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
493 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
494 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
495 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
496 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
497 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
498 { "namespace", required_argument
, NULL
, ARG_NAMESPACE
},
507 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
518 arg_pager_flags
|= PAGER_DISABLE
;
522 arg_pager_flags
|= PAGER_JUMP_TO_END
;
524 if (arg_lines
== ARG_LINES_DEFAULT
)
534 if (streq(optarg
, "help")) {
535 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
539 arg_output
= output_mode_from_string(optarg
);
541 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Unknown output format '%s'.", optarg
);
543 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_JSON_SEQ
, OUTPUT_CAT
))
562 if (streq(optarg
, "all"))
563 arg_lines
= ARG_LINES_ALL
;
565 r
= safe_atoi(optarg
, &arg_lines
);
566 if (r
< 0 || arg_lines
< 0)
567 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
), "Failed to parse lines '%s'", optarg
);
572 /* Hmm, no argument? Maybe the next
573 * word on the command line is
574 * supposed to be the argument? Let's
575 * see if there is one, and is
579 if (streq(argv
[optind
], "all")) {
580 arg_lines
= ARG_LINES_ALL
;
582 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
596 arg_action
= ACTION_NEW_ID128
;
609 arg_boot_id
= SD_ID128_NULL
;
615 arg_boot_id
= SD_ID128_NULL
;
619 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
621 return log_error_errno(r
, "Failed to parse boot descriptor '%s'", optarg
);
625 /* Hmm, no argument? Maybe the next
626 * word on the command line is
627 * supposed to be the argument? Let's
628 * see if there is one and is parsable
629 * as a boot descriptor... */
630 } else if (optind
< argc
) {
631 r
= parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
);
640 arg_action
= ACTION_LIST_BOOTS
;
644 arg_boot
= arg_dmesg
= true;
648 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
652 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
656 arg_machine
= optarg
;
660 if (streq(optarg
, "*")) {
661 arg_namespace_flags
= SD_JOURNAL_ALL_NAMESPACES
;
662 arg_namespace
= NULL
;
663 } else if (startswith(optarg
, "+")) {
664 arg_namespace_flags
= SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE
;
665 arg_namespace
= optarg
+ 1;
666 } else if (isempty(optarg
)) {
667 arg_namespace_flags
= 0;
668 arg_namespace
= NULL
;
670 arg_namespace_flags
= 0;
671 arg_namespace
= optarg
;
677 arg_directory
= optarg
;
681 if (streq(optarg
, "-"))
682 /* An undocumented feature: we can read journal files from STDIN. We don't document
683 * this though, since after all we only support this for mmap-able, seekable files, and
684 * not for example pipes which are probably the primary usecase for reading things from
685 * STDIN. To avoid confusion we hence don't document this feature. */
686 arg_file_stdin
= true;
688 r
= glob_extend(&arg_file
, optarg
);
690 return log_error_errno(r
, "Failed to add paths: %m");
695 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
704 case ARG_CURSOR_FILE
:
705 arg_cursor_file
= optarg
;
708 case ARG_AFTER_CURSOR
:
709 arg_after_cursor
= optarg
;
712 case ARG_SHOW_CURSOR
:
713 arg_show_cursor
= true;
717 arg_action
= ACTION_PRINT_HEADER
;
721 arg_action
= ACTION_VERIFY
;
725 arg_action
= ACTION_DISK_USAGE
;
728 case ARG_VACUUM_SIZE
:
729 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
731 return log_error_errno(r
, "Failed to parse vacuum size: %s", optarg
);
733 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
736 case ARG_VACUUM_FILES
:
737 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
739 return log_error_errno(r
, "Failed to parse vacuum files: %s", optarg
);
741 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
744 case ARG_VACUUM_TIME
:
745 r
= parse_sec(optarg
, &arg_vacuum_time
);
747 return log_error_errno(r
, "Failed to parse vacuum time: %s", optarg
);
749 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
758 arg_action
= ACTION_SETUP_KEYS
;
762 r
= free_and_strdup(&arg_verify_key
, optarg
);
765 /* Use memset not explicit_bzero() or similar so this doesn't look confusing
766 * in ps or htop output. */
767 memset(optarg
, 'x', strlen(optarg
));
769 arg_action
= ACTION_VERIFY
;
774 r
= parse_sec(optarg
, &arg_interval
);
775 if (r
< 0 || arg_interval
<= 0)
776 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
777 "Failed to parse sealing key change interval: %s", optarg
);
784 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
785 "Compiled without forward-secure sealing support.");
791 dots
= strstr(optarg
, "..");
793 _cleanup_free_
char *a
= NULL
;
797 a
= strndup(optarg
, dots
- optarg
);
801 from
= log_level_from_string(a
);
802 to
= log_level_from_string(dots
+ 2);
804 if (from
< 0 || to
< 0)
805 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
806 "Failed to parse log level range %s", optarg
);
811 for (i
= from
; i
<= to
; i
++)
812 arg_priorities
|= 1 << i
;
814 for (i
= to
; i
<= from
; i
++)
815 arg_priorities
|= 1 << i
;
821 p
= log_level_from_string(optarg
);
823 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
824 "Unknown log level %s", optarg
);
828 for (i
= 0; i
<= p
; i
++)
829 arg_priorities
|= 1 << i
;
837 arg_pattern
= optarg
;
840 case ARG_CASE_SENSITIVE
:
842 r
= parse_boolean(optarg
);
844 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
845 arg_case_sensitive
= r
;
847 arg_case_sensitive
= true;
852 case ARG_CASE_SENSITIVE
:
853 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "Compiled without pattern matching support");
857 r
= parse_timestamp(optarg
, &arg_since
);
859 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
860 "Failed to parse timestamp: %s", optarg
);
861 arg_since_set
= true;
865 r
= parse_timestamp(optarg
, &arg_until
);
867 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
868 "Failed to parse timestamp: %s", optarg
);
869 arg_until_set
= true;
873 r
= strv_extend(&arg_syslog_identifier
, optarg
);
879 r
= strv_extend(&arg_system_units
, optarg
);
885 r
= strv_extend(&arg_user_units
, optarg
);
891 arg_action
= ACTION_LIST_FIELDS
;
896 arg_action
= ACTION_LIST_FIELD_NAMES
;
899 case ARG_NO_HOSTNAME
:
900 arg_no_hostname
= true;
907 case ARG_LIST_CATALOG
:
908 arg_action
= ACTION_LIST_CATALOG
;
911 case ARG_DUMP_CATALOG
:
912 arg_action
= ACTION_DUMP_CATALOG
;
915 case ARG_UPDATE_CATALOG
:
916 arg_action
= ACTION_UPDATE_CATALOG
;
928 arg_action
= ACTION_FLUSH
;
931 case ARG_SMART_RELINQUISH_VAR
: {
932 int root_mnt_id
, log_mnt_id
;
934 /* Try to be smart about relinquishing access to /var/log/journal/ during shutdown:
935 * if it's on the same mount as the root file system there's no point in
936 * relinquishing access and we can leave journald write to it until the very last
939 r
= path_get_mnt_id("/", &root_mnt_id
);
941 log_debug_errno(r
, "Failed to get root mount ID, ignoring: %m");
943 r
= path_get_mnt_id("/var/log/journal/", &log_mnt_id
);
945 log_debug_errno(r
, "Failed to get journal directory mount ID, ignoring: %m");
946 else if (root_mnt_id
== log_mnt_id
) {
947 log_debug("/var/log/journal/ is on root file system, not relinquishing access to /var.");
950 log_debug("/var/log/journal/ is not on the root file system, relinquishing access to it.");
956 case ARG_RELINQUISH_VAR
:
957 arg_action
= ACTION_RELINQUISH_VAR
;
961 arg_action
= arg_action
== ACTION_VACUUM
? ACTION_ROTATE_AND_VACUUM
: ACTION_ROTATE
;
965 arg_action
= ACTION_SYNC
;
968 case ARG_OUTPUT_FIELDS
: {
969 _cleanup_strv_free_
char **v
= NULL
;
971 v
= strv_split(optarg
, ",");
975 if (!arg_output_fields
)
976 arg_output_fields
= TAKE_PTR(v
);
978 r
= strv_extend_strv(&arg_output_fields
, v
, true);
989 assert_not_reached("Unhandled option");
992 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
995 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
996 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
1000 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
1001 log_error("--since= must be before --until=.");
1005 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
1006 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
1010 if (arg_follow
&& arg_reverse
) {
1011 log_error("Please specify either --reverse= or --follow=, not both.");
1015 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
1016 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
1020 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
1021 log_error("Using --boot or --list-boots with --merge is not supported.");
1025 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
1026 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
1027 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
1028 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
1029 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
1033 arg_system_units
= strv_free(arg_system_units
);
1040 if (arg_case_sensitive
>= 0)
1041 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
1043 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
1045 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
1047 md
= pcre2_match_data_create(1, NULL
);
1051 r
= pattern_compile("[[:upper:]]", 0, &cs
);
1055 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
1058 flags
= !has_case
* PCRE2_CASELESS
;
1061 log_debug("Doing case %s matching based on %s",
1062 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1063 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1065 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1074 static int add_matches(sd_journal
*j
, char **args
) {
1076 bool have_term
= false;
1080 STRV_FOREACH(i
, args
) {
1083 if (streq(*i
, "+")) {
1086 r
= sd_journal_add_disjunction(j
);
1089 } else if (path_is_absolute(*i
)) {
1090 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1093 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
, NULL
);
1095 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1097 if (lstat(p
, &st
) < 0)
1098 return log_error_errno(errno
, "Couldn't stat file: %m");
1100 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1101 if (executable_is_script(p
, &interpreter
) > 0) {
1102 _cleanup_free_
char *comm
;
1104 comm
= strndup(basename(p
), 15);
1108 t
= strjoin("_COMM=", comm
);
1112 /* Append _EXE only if the interpreter is not a link.
1113 Otherwise, it might be outdated often. */
1114 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1115 t2
= strjoin("_EXE=", interpreter
);
1120 t
= strjoin("_EXE=", p
);
1125 r
= sd_journal_add_match(j
, t
, 0);
1128 r
= sd_journal_add_match(j
, t2
, 0);
1130 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1131 r
= add_matches_for_device(j
, p
);
1135 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1136 "File is neither a device node, nor regular file, nor executable: %s",
1141 r
= sd_journal_add_match(j
, *i
, 0);
1146 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1149 if (!strv_isempty(args
) && !have_term
)
1150 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1151 "\"+\" can only be used between terms");
1156 static void boot_id_free_all(BootId
*l
) {
1160 LIST_REMOVE(boot_list
, l
, i
);
1165 static int discover_next_boot(sd_journal
*j
,
1166 sd_id128_t previous_boot_id
,
1170 _cleanup_free_ BootId
*next_boot
= NULL
;
1171 char match
[9+32+1] = "_BOOT_ID=";
1178 /* We expect the journal to be on the last position of a boot
1179 * (in relation to the direction we are going), so that the next
1180 * invocation of sd_journal_next/previous will be from a different
1181 * boot. We then collect any information we desire and then jump
1182 * to the last location of the new boot by using a _BOOT_ID match
1183 * coming from the other journal direction. */
1185 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1186 * we can actually advance to a *different* boot. */
1187 sd_journal_flush_matches(j
);
1191 r
= sd_journal_previous(j
);
1193 r
= sd_journal_next(j
);
1197 return 0; /* End of journal, yay. */
1199 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1203 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1204 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1205 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1206 * complete than the main entry array, and hence might reference an entry that's not actually the last
1207 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1208 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1211 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1213 next_boot
= new0(BootId
, 1);
1217 next_boot
->id
= boot_id
;
1219 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1223 /* Now seek to the last occurrence of this boot ID. */
1224 sd_id128_to_string(next_boot
->id
, match
+ 9);
1225 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1230 r
= sd_journal_seek_head(j
);
1232 r
= sd_journal_seek_tail(j
);
1237 r
= sd_journal_next(j
);
1239 r
= sd_journal_previous(j
);
1243 return log_debug_errno(SYNTHETIC_ERRNO(ENODATA
),
1244 "Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
1246 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1250 *ret
= TAKE_PTR(next_boot
);
1255 static int get_boots(
1258 sd_id128_t
*boot_id
,
1263 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1264 const bool advance_older
= boot_id
&& offset
<= 0;
1265 sd_id128_t previous_boot_id
;
1269 /* Adjust for the asymmetry that offset 0 is
1270 * the last (and current) boot, while 1 is considered the
1271 * (chronological) first boot in the journal. */
1272 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1274 /* Advance to the earliest/latest occurrence of our reference
1275 * boot ID (taking our lookup direction into account), so that
1276 * discover_next_boot() can do its job.
1277 * If no reference is given, the journal head/tail will do,
1278 * they're "virtual" boots after all. */
1279 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1280 char match
[9+32+1] = "_BOOT_ID=";
1282 sd_journal_flush_matches(j
);
1284 sd_id128_to_string(*boot_id
, match
+ 9);
1285 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1290 r
= sd_journal_seek_head(j
); /* seek to oldest */
1292 r
= sd_journal_seek_tail(j
); /* seek to newest */
1297 r
= sd_journal_next(j
); /* read the oldest entry */
1299 r
= sd_journal_previous(j
); /* read the most recently added entry */
1304 else if (offset
== 0) {
1309 /* At this point the read pointer is positioned at the oldest/newest occurrence of the reference boot
1310 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1311 * the following entry, which must then have an older/newer boot ID */
1315 r
= sd_journal_seek_tail(j
); /* seek to newest */
1317 r
= sd_journal_seek_head(j
); /* seek to oldest */
1321 /* No sd_journal_next()/_previous() here.
1323 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1324 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1328 previous_boot_id
= SD_ID128_NULL
;
1330 _cleanup_free_ BootId
*current
= NULL
;
1332 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1334 boot_id_free_all(head
);
1341 previous_boot_id
= current
->id
;
1345 offset
+= advance_older
? 1 : -1;
1350 *boot_id
= current
->id
;
1354 LIST_FOREACH(boot_list
, id
, head
) {
1355 if (sd_id128_equal(id
->id
, current
->id
)) {
1356 /* boot id already stored, something wrong with the journal files */
1357 /* exiting as otherwise this problem would cause forever loop */
1361 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1362 tail
= TAKE_PTR(current
);
1371 sd_journal_flush_matches(j
);
1376 static int list_boots(sd_journal
*j
) {
1378 BootId
*id
, *all_ids
;
1382 count
= get_boots(j
, &all_ids
, NULL
, 0);
1384 return log_error_errno(count
, "Failed to determine boots: %m");
1388 (void) pager_open(arg_pager_flags
);
1390 /* numbers are one less, but we need an extra char for the sign */
1391 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1394 LIST_FOREACH(boot_list
, id
, all_ids
) {
1395 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1397 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1399 SD_ID128_FORMAT_VAL(id
->id
),
1400 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1401 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1405 boot_id_free_all(all_ids
);
1410 static int add_boot(sd_journal
*j
) {
1411 char match
[9+32+1] = "_BOOT_ID=";
1420 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1421 * We can do this only when we logs are coming from the current machine,
1422 * so take the slow path if log location is specified. */
1423 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1424 !arg_directory
&& !arg_file
&& !arg_root
)
1425 return add_match_this_boot(j
, arg_machine
);
1427 boot_id
= arg_boot_id
;
1428 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1431 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror_safe(r
);
1433 if (sd_id128_is_null(arg_boot_id
))
1434 log_error("Data from the specified boot (%+i) is not available: %s",
1435 arg_boot_offset
, reason
);
1437 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1438 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1440 return r
== 0 ? -ENODATA
: r
;
1443 sd_id128_to_string(boot_id
, match
+ 9);
1445 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1447 return log_error_errno(r
, "Failed to add match: %m");
1449 r
= sd_journal_add_conjunction(j
);
1451 return log_error_errno(r
, "Failed to add conjunction: %m");
1456 static int add_dmesg(sd_journal
*j
) {
1463 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1464 STRLEN("_TRANSPORT=kernel"));
1466 return log_error_errno(r
, "Failed to add match: %m");
1468 r
= sd_journal_add_conjunction(j
);
1470 return log_error_errno(r
, "Failed to add conjunction: %m");
1475 static int get_possible_units(
1481 _cleanup_set_free_free_ Set
*found
;
1485 found
= set_new(&string_hash_ops
);
1489 NULSTR_FOREACH(field
, fields
) {
1493 r
= sd_journal_query_unique(j
, field
);
1497 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1498 char **pattern
, *eq
;
1500 _cleanup_free_
char *u
= NULL
;
1502 eq
= memchr(data
, '=', size
);
1504 prefix
= eq
- (char*) data
+ 1;
1508 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1512 STRV_FOREACH(pattern
, patterns
)
1513 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1514 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1516 r
= set_consume(found
, u
);
1518 if (r
< 0 && r
!= -EEXIST
)
1526 *units
= TAKE_PTR(found
);
1531 /* This list is supposed to return the superset of unit names
1532 * possibly matched by rules added with add_matches_for_unit... */
1533 #define SYSTEM_UNITS \
1537 "OBJECT_SYSTEMD_UNIT\0" \
1540 /* ... and add_matches_for_user_unit */
1541 #define USER_UNITS \
1542 "_SYSTEMD_USER_UNIT\0" \
1544 "COREDUMP_USER_UNIT\0" \
1545 "OBJECT_SYSTEMD_USER_UNIT\0" \
1546 "_SYSTEMD_USER_SLICE\0"
1548 static int add_units(sd_journal
*j
) {
1549 _cleanup_strv_free_
char **patterns
= NULL
;
1555 STRV_FOREACH(i
, arg_system_units
) {
1556 _cleanup_free_
char *u
= NULL
;
1558 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1562 if (string_is_glob(u
)) {
1563 r
= strv_push(&patterns
, u
);
1568 r
= add_matches_for_unit(j
, u
);
1571 r
= sd_journal_add_disjunction(j
);
1578 if (!strv_isempty(patterns
)) {
1579 _cleanup_set_free_free_ Set
*units
= NULL
;
1583 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1587 SET_FOREACH(u
, units
, it
) {
1588 r
= add_matches_for_unit(j
, u
);
1591 r
= sd_journal_add_disjunction(j
);
1598 patterns
= strv_free(patterns
);
1600 STRV_FOREACH(i
, arg_user_units
) {
1601 _cleanup_free_
char *u
= NULL
;
1603 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1607 if (string_is_glob(u
)) {
1608 r
= strv_push(&patterns
, u
);
1613 r
= add_matches_for_user_unit(j
, u
, getuid());
1616 r
= sd_journal_add_disjunction(j
);
1623 if (!strv_isempty(patterns
)) {
1624 _cleanup_set_free_free_ Set
*units
= NULL
;
1628 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1632 SET_FOREACH(u
, units
, it
) {
1633 r
= add_matches_for_user_unit(j
, u
, getuid());
1636 r
= sd_journal_add_disjunction(j
);
1643 /* Complain if the user request matches but nothing whatsoever was
1644 * found, since otherwise everything would be matched. */
1645 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1648 r
= sd_journal_add_conjunction(j
);
1655 static int add_priorities(sd_journal
*j
) {
1656 char match
[] = "PRIORITY=0";
1660 if (arg_priorities
== 0xFF)
1663 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1664 if (arg_priorities
& (1 << i
)) {
1665 match
[sizeof(match
)-2] = '0' + i
;
1667 r
= sd_journal_add_match(j
, match
, strlen(match
));
1669 return log_error_errno(r
, "Failed to add match: %m");
1672 r
= sd_journal_add_conjunction(j
);
1674 return log_error_errno(r
, "Failed to add conjunction: %m");
1679 static int add_syslog_identifier(sd_journal
*j
) {
1685 STRV_FOREACH(i
, arg_syslog_identifier
) {
1686 _cleanup_free_
char *u
= NULL
;
1688 u
= strjoin("SYSLOG_IDENTIFIER=", *i
);
1691 r
= sd_journal_add_match(j
, u
, 0);
1694 r
= sd_journal_add_disjunction(j
);
1699 r
= sd_journal_add_conjunction(j
);
1706 static int setup_keys(void) {
1708 size_t mpk_size
, seed_size
, state_size
, i
;
1709 uint8_t *mpk
, *seed
, *state
;
1711 sd_id128_t machine
, boot
;
1712 char *p
= NULL
, *k
= NULL
;
1717 r
= stat("/var/log/journal", &st
);
1718 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1719 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1721 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1722 log_error("%s is not a directory, must be using persistent logging for FSS.",
1723 "/var/log/journal");
1724 return r
< 0 ? -errno
: -ENOTDIR
;
1727 r
= sd_id128_get_machine(&machine
);
1729 return log_error_errno(r
, "Failed to get machine ID: %m");
1731 r
= sd_id128_get_boot(&boot
);
1733 return log_error_errno(r
, "Failed to get boot ID: %m");
1735 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1736 SD_ID128_FORMAT_VAL(machine
)) < 0)
1741 if (r
< 0 && errno
!= ENOENT
) {
1742 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1745 } else if (access(p
, F_OK
) >= 0) {
1746 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1751 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1752 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1757 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1758 mpk
= alloca(mpk_size
);
1760 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1761 seed
= alloca(seed_size
);
1763 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1764 state
= alloca(state_size
);
1766 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1768 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1772 log_info("Generating seed...");
1773 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1775 log_error_errno(r
, "Failed to read random seed: %m");
1779 log_info("Generating key pair...");
1780 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1782 log_info("Generating sealing key...");
1783 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1785 assert(arg_interval
> 0);
1787 n
= now(CLOCK_REALTIME
);
1791 fd
= mkostemp_safe(k
);
1793 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1797 /* Enable secure remove, exclusion from dump, synchronous
1798 * writing and in-place updating */
1799 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, NULL
);
1801 log_warning_errno(r
, "Failed to set file attributes: %m");
1804 memcpy(h
.signature
, "KSHHRHLP", 8);
1805 h
.machine_id
= machine
;
1807 h
.header_size
= htole64(sizeof(h
));
1808 h
.start_usec
= htole64(n
* arg_interval
);
1809 h
.interval_usec
= htole64(arg_interval
);
1810 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1811 h
.fsprg_state_size
= htole64(state_size
);
1813 r
= loop_write(fd
, &h
, sizeof(h
), false);
1815 log_error_errno(r
, "Failed to write header: %m");
1819 r
= loop_write(fd
, state
, state_size
, false);
1821 log_error_errno(r
, "Failed to write state: %m");
1825 if (link(k
, p
) < 0) {
1826 r
= log_error_errno(errno
, "Failed to link file: %m");
1833 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1834 "the following local file. This key file is automatically updated when the\n"
1835 "sealing key is advanced. It should not be used on multiple hosts.\n"
1839 "Please write down the following %ssecret verification key%s. It should be stored\n"
1840 "at a safe location and should not be saved locally on disk.\n"
1842 ansi_highlight(), ansi_normal(),
1844 ansi_highlight(), ansi_normal(),
1845 ansi_highlight_red());
1848 for (i
= 0; i
< seed_size
; i
++) {
1849 if (i
> 0 && i
% 3 == 0)
1851 printf("%02x", ((uint8_t*) seed
)[i
]);
1854 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1857 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1861 "The sealing key is automatically changed every %s.\n",
1863 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1865 hn
= gethostname_malloc();
1868 hostname_cleanup(hn
);
1869 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1871 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1874 /* If this is not an UTF-8 system don't print any QR codes */
1875 if (is_locale_utf8()) {
1876 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1877 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1897 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
1898 "Forward-secure sealing not available.");
1902 static int verify(sd_journal
*j
) {
1909 log_show_color(true);
1911 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1913 usec_t first
= 0, validated
= 0, last
= 0;
1916 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1917 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1920 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1922 /* If the key was invalid give up right-away. */
1925 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1928 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1929 log_info("PASS: %s", f
->path
);
1931 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1932 if (validated
> 0) {
1933 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1934 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1935 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1936 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1937 } else if (last
> 0)
1938 log_info("=> No sealing yet, %s of entries not sealed.",
1939 format_timespan(c
, sizeof(c
), last
- first
, 0));
1941 log_info("=> No sealing yet, no entries in file.");
1949 static int simple_varlink_call(const char *option
, const char *method
) {
1950 _cleanup_(varlink_flush_close_unrefp
) Varlink
*link
= NULL
;
1951 const char *error
, *fn
;
1955 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "%s is not supported in conjunction with --machine=.", option
);
1957 fn
= arg_namespace
?
1958 strjoina("/run/systemd/journal.", arg_namespace
, "/io.systemd.journal") :
1959 "/run/systemd/journal/io.systemd.journal";
1961 r
= varlink_connect_address(&link
, fn
);
1963 return log_error_errno(r
, "Failed to connect to %s: %m", fn
);
1965 (void) varlink_set_description(link
, "journal");
1966 (void) varlink_set_relative_timeout(link
, USEC_INFINITY
);
1968 r
= varlink_call(link
, method
, NULL
, NULL
, &error
, NULL
);
1970 return log_error_errno(r
, "Failed to execute varlink call: %m");
1972 return log_error_errno(SYNTHETIC_ERRNO(ENOANO
),
1973 "Failed to execute varlink call: %s", error
);
1978 static int flush_to_var(void) {
1979 return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar");
1982 static int relinquish_var(void) {
1983 return simple_varlink_call("--relinquish-var/--smart-relinquish-var", "io.systemd.Journal.RelinquishVar");
1986 static int rotate(void) {
1987 return simple_varlink_call("--rotate", "io.systemd.Journal.Rotate");
1990 static int sync_journal(void) {
1991 return simple_varlink_call("--sync", "io.systemd.Journal.Synchronize");
1994 static int wait_for_change(sd_journal
*j
, int poll_fd
) {
1995 struct pollfd pollfds
[] = {
1996 { .fd
= poll_fd
, .events
= POLLIN
},
1997 { .fd
= STDOUT_FILENO
},
2005 assert(poll_fd
>= 0);
2007 /* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
2008 * i.e. when it is closed. */
2010 r
= sd_journal_get_timeout(j
, &timeout
);
2012 return log_error_errno(r
, "Failed to determine journal waiting time: %m");
2014 if (ppoll(pollfds
, ELEMENTSOF(pollfds
),
2015 timeout
== USEC_INFINITY
? NULL
: timespec_store(&ts
, timeout
), NULL
) < 0) {
2019 return log_error_errno(errno
, "Couldn't wait for journal event: %m");
2022 if (pollfds
[1].revents
& (POLLHUP
|POLLERR
)) /* STDOUT has been closed? */
2023 return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED
),
2024 "Standard output has been closed.");
2026 r
= sd_journal_process(j
);
2028 return log_error_errno(r
, "Failed to process journal events: %m");
2033 int main(int argc
, char *argv
[]) {
2034 bool previous_boot_id_valid
= false, first_line
= true, ellipsized
= false, need_seek
= false;
2035 bool use_cursor
= false, after_cursor
= false;
2036 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2037 sd_id128_t previous_boot_id
;
2038 int n_shown
= 0, r
, poll_fd
= -1;
2040 setlocale(LC_ALL
, "");
2041 log_show_color(true);
2042 log_parse_environment();
2045 /* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
2046 * split up into many files. */
2047 (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE
);
2049 r
= parse_argv(argc
, argv
);
2053 signal(SIGWINCH
, columns_lines_cache_reset
);
2056 switch (arg_action
) {
2058 case ACTION_NEW_ID128
:
2059 r
= id128_print_new(ID128_PRINT_PRETTY
);
2062 case ACTION_SETUP_KEYS
:
2066 case ACTION_LIST_CATALOG
:
2067 case ACTION_DUMP_CATALOG
:
2068 case ACTION_UPDATE_CATALOG
: {
2069 _cleanup_free_
char *database
;
2071 database
= path_join(arg_root
, CATALOG_DATABASE
);
2077 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2078 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2080 log_error_errno(r
, "Failed to list catalog: %m");
2082 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2084 (void) pager_open(arg_pager_flags
);
2087 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2089 r
= catalog_list(stdout
, database
, oneline
);
2091 log_error_errno(r
, "Failed to list catalog: %m");
2101 case ACTION_RELINQUISH_VAR
:
2102 r
= relinquish_var();
2114 case ACTION_PRINT_HEADER
:
2116 case ACTION_DISK_USAGE
:
2117 case ACTION_LIST_BOOTS
:
2119 case ACTION_ROTATE_AND_VACUUM
:
2120 case ACTION_LIST_FIELDS
:
2121 case ACTION_LIST_FIELD_NAMES
:
2122 /* These ones require access to the journal files, continue below. */
2126 assert_not_reached("Unknown action");
2130 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2132 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2133 else if (arg_file_stdin
)
2134 r
= sd_journal_open_files_fd(&j
, (int[]) { STDIN_FILENO
}, 1, 0);
2136 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2137 else if (arg_machine
) {
2138 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2139 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2140 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2143 if (geteuid() != 0) {
2144 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2145 * the container, thus we need root privileges to override them. */
2146 r
= log_error_errno(SYNTHETIC_ERRNO(EPERM
), "Using the --machine= switch requires root privileges.");
2150 r
= sd_bus_open_system(&bus
);
2152 log_error_errno(r
, "Failed to open system bus: %m");
2156 r
= sd_bus_call_method(
2158 "org.freedesktop.machine1",
2159 "/org/freedesktop/machine1",
2160 "org.freedesktop.machine1.Manager",
2161 "OpenMachineRootDirectory",
2166 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2170 r
= sd_bus_message_read(reply
, "h", &fd
);
2172 bus_log_parse_error(r
);
2176 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2178 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2182 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2186 r
= sd_journal_open_namespace(
2189 (arg_merge
? 0 : SD_JOURNAL_LOCAL_ONLY
) |
2190 arg_namespace_flags
| arg_journal_type
);
2192 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2196 r
= journal_access_check_and_warn(j
, arg_quiet
,
2197 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2201 switch (arg_action
) {
2203 case ACTION_NEW_ID128
:
2204 case ACTION_SETUP_KEYS
:
2205 case ACTION_LIST_CATALOG
:
2206 case ACTION_DUMP_CATALOG
:
2207 case ACTION_UPDATE_CATALOG
:
2211 assert_not_reached("Unexpected action.");
2213 case ACTION_PRINT_HEADER
:
2214 journal_print_header(j
);
2222 case ACTION_DISK_USAGE
: {
2224 char sbytes
[FORMAT_BYTES_MAX
];
2226 r
= sd_journal_get_usage(j
, &bytes
);
2230 printf("Archived and active journals take up %s in the file system.\n",
2231 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2235 case ACTION_LIST_BOOTS
:
2239 case ACTION_ROTATE_AND_VACUUM
:
2247 case ACTION_VACUUM
: {
2251 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2254 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2256 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2264 case ACTION_LIST_FIELD_NAMES
: {
2267 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2268 printf("%s\n", field
);
2277 case ACTION_LIST_FIELDS
:
2281 assert_not_reached("Unknown action");
2284 if (arg_boot_offset
!= 0 &&
2285 sd_journal_has_runtime_files(j
) > 0 &&
2286 sd_journal_has_persistent_files(j
) == 0) {
2287 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2291 /* add_boot() must be called first!
2292 * It may need to seek the journal to find parent boot IDs. */
2303 log_error_errno(r
, "Failed to add filter for units: %m");
2307 r
= add_syslog_identifier(j
);
2309 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2313 r
= add_priorities(j
);
2317 r
= add_matches(j
, argv
+ optind
);
2321 if (DEBUG_LOGGING
) {
2322 _cleanup_free_
char *filter
;
2324 filter
= journal_make_match_string(j
);
2328 log_debug("Journal filter: %s", filter
);
2331 if (arg_action
== ACTION_LIST_FIELDS
) {
2337 r
= sd_journal_set_data_threshold(j
, 0);
2339 log_error_errno(r
, "Failed to unset data size threshold: %m");
2343 r
= sd_journal_query_unique(j
, arg_field
);
2345 log_error_errno(r
, "Failed to query unique data objects: %m");
2349 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2352 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2355 eq
= memchr(data
, '=', size
);
2357 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2359 printf("%.*s\n", (int) size
, (const char*) data
);
2368 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2370 poll_fd
= sd_journal_get_fd(j
);
2371 if (poll_fd
== -EMFILE
) {
2372 log_warning_errno(poll_fd
, "Insufficient watch descriptors available. Reverting to -n.");
2374 } else if (poll_fd
== -EMEDIUMTYPE
) {
2375 log_error_errno(poll_fd
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2377 } else if (poll_fd
< 0) {
2378 log_error_errno(poll_fd
, "Failed to get journal fd: %m");
2383 if (arg_cursor
|| arg_after_cursor
|| arg_cursor_file
) {
2384 _cleanup_free_
char *cursor_from_file
= NULL
;
2385 const char *cursor
= arg_cursor
?: arg_after_cursor
;
2387 if (arg_cursor_file
) {
2388 r
= read_one_line_file(arg_cursor_file
, &cursor_from_file
);
2389 if (r
< 0 && r
!= -ENOENT
) {
2390 log_error_errno(r
, "Failed to read cursor file %s: %m", arg_cursor_file
);
2395 cursor
= cursor_from_file
;
2396 after_cursor
= true;
2399 after_cursor
= !!arg_after_cursor
;
2402 r
= sd_journal_seek_cursor(j
, cursor
);
2404 log_error_errno(r
, "Failed to seek to cursor: %m");
2413 r
= sd_journal_next_skip(j
, 1 + after_cursor
);
2415 r
= sd_journal_previous_skip(j
, 1 + after_cursor
);
2417 if (after_cursor
&& r
< 2) {
2418 /* We couldn't find the next entry after the cursor. */
2425 } else if (arg_since_set
&& !arg_reverse
) {
2426 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2428 log_error_errno(r
, "Failed to seek to date: %m");
2431 r
= sd_journal_next(j
);
2433 } else if (arg_until_set
&& arg_reverse
) {
2434 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2436 log_error_errno(r
, "Failed to seek to date: %m");
2439 r
= sd_journal_previous(j
);
2441 } else if (arg_reverse
) {
2442 r
= sd_journal_seek_tail(j
);
2444 log_error_errno(r
, "Failed to seek to tail: %m");
2448 r
= sd_journal_previous(j
);
2450 } else if (arg_lines
>= 0) {
2451 r
= sd_journal_seek_tail(j
);
2453 log_error_errno(r
, "Failed to seek to tail: %m");
2457 r
= sd_journal_previous_skip(j
, arg_lines
);
2460 r
= sd_journal_seek_head(j
);
2462 log_error_errno(r
, "Failed to seek to head: %m");
2466 r
= sd_journal_next(j
);
2470 log_error_errno(r
, "Failed to iterate through journal: %m");
2477 (void) pager_open(arg_pager_flags
);
2479 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2481 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2483 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2485 log_error_errno(r
, "Failed to get cutoff: %m");
2491 printf("-- Logs begin at %s. --\n",
2492 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2494 printf("-- Logs begin at %s, end at %s. --\n",
2495 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2496 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2501 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2503 size_t highlight
[2] = {};
2507 r
= sd_journal_next(j
);
2509 r
= sd_journal_previous(j
);
2511 log_error_errno(r
, "Failed to iterate through journal: %m");
2518 if (arg_until_set
&& !arg_reverse
) {
2521 r
= sd_journal_get_realtime_usec(j
, &usec
);
2523 log_error_errno(r
, "Failed to determine timestamp: %m");
2526 if (usec
> arg_until
)
2530 if (arg_since_set
&& arg_reverse
) {
2533 r
= sd_journal_get_realtime_usec(j
, &usec
);
2535 log_error_errno(r
, "Failed to determine timestamp: %m");
2538 if (usec
< arg_since
)
2542 if (!arg_merge
&& !arg_quiet
) {
2545 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2547 if (previous_boot_id_valid
&&
2548 !sd_id128_equal(boot_id
, previous_boot_id
))
2549 printf("%s-- Reboot --%s\n",
2550 ansi_highlight(), ansi_normal());
2552 previous_boot_id
= boot_id
;
2553 previous_boot_id_valid
= true;
2558 if (arg_compiled_pattern
) {
2559 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2560 const void *message
;
2564 md
= pcre2_match_data_create(1, NULL
);
2568 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2575 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2579 assert_se(message
= startswith(message
, "MESSAGE="));
2581 r
= pcre2_match(arg_compiled_pattern
,
2583 len
- strlen("MESSAGE="),
2584 0, /* start at offset 0 in the subject */
2585 0, /* default options */
2588 if (r
== PCRE2_ERROR_NOMATCH
) {
2593 unsigned char buf
[LINE_MAX
];
2596 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2597 log_error("Pattern matching failed: %s",
2598 r2
< 0 ? "unknown error" : (char*) buf
);
2603 ovec
= pcre2_get_ovector_pointer(md
);
2604 highlight
[0] = ovec
[0];
2605 highlight
[1] = ovec
[1];
2610 arg_all
* OUTPUT_SHOW_ALL
|
2611 arg_full
* OUTPUT_FULL_WIDTH
|
2612 colors_enabled() * OUTPUT_COLOR
|
2613 arg_catalog
* OUTPUT_CATALOG
|
2614 arg_utc
* OUTPUT_UTC
|
2615 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2617 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2618 arg_output_fields
, highlight
, &ellipsized
);
2620 if (r
== -EADDRNOTAVAIL
)
2627 /* If journalctl take a long time to process messages, and during that time journal file
2628 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2629 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2630 * in the "following" case. By periodically calling sd_journal_process() during the processing
2631 * loop we shrink the window of time a client instance has open file descriptors for rotated
2632 * (deleted) journal files. */
2633 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2634 r
= sd_journal_process(j
);
2636 log_error_errno(r
, "Failed to process inotify events: %m");
2643 if (n_shown
== 0 && !arg_quiet
)
2644 printf("-- No entries --\n");
2650 r
= wait_for_change(j
, poll_fd
);
2657 if (arg_show_cursor
|| arg_cursor_file
) {
2658 _cleanup_free_
char *cursor
= NULL
;
2660 r
= sd_journal_get_cursor(j
, &cursor
);
2661 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2662 log_error_errno(r
, "Failed to get cursor: %m");
2664 if (arg_show_cursor
)
2665 printf("-- cursor: %s\n", cursor
);
2667 if (arg_cursor_file
) {
2668 r
= write_string_file(arg_cursor_file
, cursor
,
2669 WRITE_STRING_FILE_CREATE
|
2670 WRITE_STRING_FILE_ATOMIC
);
2673 "Failed to write new cursor to %s: %m",
2682 strv_free(arg_file
);
2684 strv_free(arg_syslog_identifier
);
2685 strv_free(arg_system_units
);
2686 strv_free(arg_user_units
);
2687 strv_free(arg_output_fields
);
2690 free(arg_verify_key
);
2693 if (arg_compiled_pattern
) {
2694 pcre2_code_free(arg_compiled_pattern
);
2696 /* --grep was used, no error was thrown, but the pattern didn't
2697 * match anything. Let's mimic grep's behavior here and return
2698 * a non-zero exit code, so journalctl --grep can be used
2699 * in scripts and such */
2700 if (r
== 0 && n_shown
== 0)
2705 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;