1 /* SPDX-License-Identifier: LGPL-2.1+ */
15 #include <sys/inotify.h>
20 # define PCRE2_CODE_UNIT_WIDTH 8
25 #include "sd-device.h"
26 #include "sd-journal.h"
29 #include "alloc-util.h"
30 #include "bus-error.h"
33 #include "chattr-util.h"
34 #include "device-private.h"
39 #include "glob-util.h"
40 #include "hostname-util.h"
41 #include "id128-print.h"
43 #include "journal-def.h"
44 #include "journal-internal.h"
45 #include "journal-qrcode.h"
46 #include "journal-util.h"
47 #include "journal-vacuum.h"
48 #include "journal-verify.h"
49 #include "locale-util.h"
51 #include "logs-show.h"
54 #include "parse-util.h"
55 #include "path-util.h"
56 #include "rlimit-util.h"
59 #include "string-table.h"
61 #include "syslog-util.h"
62 #include "terminal-util.h"
63 #include "unit-name.h"
64 #include "user-util.h"
66 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
68 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
71 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
72 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
74 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
76 PCRE2_SIZE erroroffset
;
79 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
80 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
82 unsigned char buf
[LINE_MAX
];
84 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
86 log_error("Bad pattern \"%s\": %s",
88 r
< 0 ? "unknown error" : (char*) buf
);
99 /* Special values for arg_lines */
100 ARG_LINES_DEFAULT
= -2,
104 static OutputMode arg_output
= OUTPUT_SHORT
;
105 static bool arg_utc
= false;
106 static bool arg_pager_end
= false;
107 static bool arg_follow
= false;
108 static bool arg_full
= true;
109 static bool arg_all
= false;
110 static bool arg_no_pager
= false;
111 static int arg_lines
= ARG_LINES_DEFAULT
;
112 static bool arg_no_tail
= false;
113 static bool arg_quiet
= false;
114 static bool arg_merge
= false;
115 static bool arg_boot
= false;
116 static sd_id128_t arg_boot_id
= {};
117 static int arg_boot_offset
= 0;
118 static bool arg_dmesg
= false;
119 static bool arg_no_hostname
= false;
120 static const char *arg_cursor
= NULL
;
121 static const char *arg_after_cursor
= NULL
;
122 static bool arg_show_cursor
= false;
123 static const char *arg_directory
= NULL
;
124 static char **arg_file
= NULL
;
125 static bool arg_file_stdin
= false;
126 static int arg_priorities
= 0xFF;
127 static char *arg_verify_key
= NULL
;
129 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
130 static bool arg_force
= false;
132 static usec_t arg_since
, arg_until
;
133 static bool arg_since_set
= false, arg_until_set
= false;
134 static char **arg_syslog_identifier
= NULL
;
135 static char **arg_system_units
= NULL
;
136 static char **arg_user_units
= NULL
;
137 static const char *arg_field
= NULL
;
138 static bool arg_catalog
= false;
139 static bool arg_reverse
= false;
140 static int arg_journal_type
= 0;
141 static char *arg_root
= NULL
;
142 static const char *arg_machine
= NULL
;
143 static uint64_t arg_vacuum_size
= 0;
144 static uint64_t arg_vacuum_n_files
= 0;
145 static usec_t arg_vacuum_time
= 0;
146 static char **arg_output_fields
= NULL
;
149 static const char *arg_pattern
= NULL
;
150 static pcre2_code
*arg_compiled_pattern
= NULL
;
151 static int arg_case_sensitive
= -1; /* -1 means be smart */
163 ACTION_UPDATE_CATALOG
,
170 ACTION_LIST_FIELD_NAMES
,
171 } arg_action
= ACTION_SHOW
;
173 typedef struct BootId
{
177 LIST_FIELDS(struct BootId
, boot_list
);
180 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
181 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
189 if (!path_startswith(devpath
, "/dev/")) {
190 log_error("Devpath does not start with /dev/");
194 if (stat(devpath
, &st
) < 0)
195 return log_error_errno(errno
, "Couldn't stat file: %m");
197 r
= device_new_from_stat_rdev(&device
, &st
);
199 return log_error_errno(r
, "Failed to get device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
201 for (d
= device
; d
; ) {
202 _cleanup_free_
char *match
= NULL
;
203 const char *subsys
, *sysname
, *devnode
;
206 r
= sd_device_get_subsystem(d
, &subsys
);
210 r
= sd_device_get_sysname(d
, &sysname
);
214 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
218 r
= sd_journal_add_match(j
, match
, 0);
220 return log_error_errno(r
, "Failed to add match: %m");
222 if (sd_device_get_devname(d
, &devnode
) >= 0) {
223 _cleanup_free_
char *match1
= NULL
;
225 r
= stat(devnode
, &st
);
227 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
229 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
233 r
= sd_journal_add_match(j
, match1
, 0);
235 return log_error_errno(r
, "Failed to add match: %m");
239 if (sd_device_get_parent(d
, &parent
) < 0)
245 r
= add_match_this_boot(j
, arg_machine
);
247 return log_error_errno(r
, "Failed to add match for the current boot: %m");
252 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
255 return format_timestamp_utc(buf
, l
, t
);
257 return format_timestamp(buf
, l
, t
);
260 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
261 sd_id128_t id
= SD_ID128_NULL
;
264 if (strlen(x
) >= 32) {
268 r
= sd_id128_from_string(t
, &id
);
272 if (!IN_SET(*x
, 0, '-', '+'))
276 r
= safe_atoi(x
, &off
);
281 r
= safe_atoi(x
, &off
);
295 static int help(void) {
296 _cleanup_free_
char *link
= NULL
;
299 (void) pager_open(arg_no_pager
, arg_pager_end
);
301 r
= terminal_urlify_man("journalctl", "1", &link
);
305 printf("%s [OPTIONS...] [MATCHES...]\n\n"
306 "Query the journal.\n\n"
308 " --system Show the system journal\n"
309 " --user Show the user journal for the current user\n"
310 " -M --machine=CONTAINER Operate on local container\n"
311 " -S --since=DATE Show entries not older than the specified date\n"
312 " -U --until=DATE Show entries not newer than the specified date\n"
313 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
314 " --after-cursor=CURSOR Show entries after the specified cursor\n"
315 " --show-cursor Print the cursor after all the entries\n"
316 " -b --boot[=ID] Show current boot or the specified boot\n"
317 " --list-boots Show terse information about recorded boots\n"
318 " -k --dmesg Show kernel message log from the current boot\n"
319 " -u --unit=UNIT Show logs from the specified unit\n"
320 " --user-unit=UNIT Show logs from the specified user unit\n"
321 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
322 " -p --priority=RANGE Show entries with the specified priority\n"
323 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
324 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
325 " -e --pager-end Immediately jump to the end in the pager\n"
326 " -f --follow Follow the journal\n"
327 " -n --lines[=INTEGER] Number of journal entries to show\n"
328 " --no-tail Show all lines, even in follow mode\n"
329 " -r --reverse Show the newest entries first\n"
330 " -o --output=STRING Change journal output mode (short, short-precise,\n"
331 " short-iso, short-iso-precise, short-full,\n"
332 " short-monotonic, short-unix, verbose, export,\n"
333 " json, json-pretty, json-sse, cat, with-unit)\n"
334 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
335 " --utc Express time in Coordinated Universal Time (UTC)\n"
336 " -x --catalog Add message explanations where available\n"
337 " --no-full Ellipsize fields\n"
338 " -a --all Show all fields, including long and unprintable\n"
339 " -q --quiet Do not show info messages and privilege warning\n"
340 " --no-pager Do not pipe output into a pager\n"
341 " --no-hostname Suppress output of hostname field\n"
342 " -m --merge Show entries from all available journals\n"
343 " -D --directory=PATH Show journal files from directory\n"
344 " --file=PATH Show journal file\n"
345 " --root=ROOT Operate on files below a root directory\n"
346 " --interval=TIME Time interval for changing the FSS sealing key\n"
347 " --verify-key=KEY Specify FSS verification key\n"
348 " --force Override of the FSS key pair with --setup-keys\n"
350 " -h --help Show this help text\n"
351 " --version Show package version\n"
352 " -N --fields List all field names currently used\n"
353 " -F --field=FIELD List all values that a specified field takes\n"
354 " --disk-usage Show total disk usage of all journal files\n"
355 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
356 " --vacuum-files=INT Leave only the specified number of journal files\n"
357 " --vacuum-time=TIME Remove journal files older than specified time\n"
358 " --verify Verify journal file consistency\n"
359 " --sync Synchronize unwritten journal messages to disk\n"
360 " --flush Flush all journal data from /run into /var\n"
361 " --rotate Request immediate rotation of the journal files\n"
362 " --header Show journal header information\n"
363 " --list-catalog Show all message IDs in the catalog\n"
364 " --dump-catalog Show entries in the message catalog\n"
365 " --update-catalog Update the message catalog database\n"
366 " --setup-keys Generate a new FSS key pair\n"
367 "\nSee the %s for details.\n"
368 , program_invocation_short_name
375 static int parse_argv(int argc
, char *argv
[]) {
414 static const struct option options
[] = {
415 { "help", no_argument
, NULL
, 'h' },
416 { "version" , no_argument
, NULL
, ARG_VERSION
},
417 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
418 { "pager-end", no_argument
, NULL
, 'e' },
419 { "follow", no_argument
, NULL
, 'f' },
420 { "force", no_argument
, NULL
, ARG_FORCE
},
421 { "output", required_argument
, NULL
, 'o' },
422 { "all", no_argument
, NULL
, 'a' },
423 { "full", no_argument
, NULL
, 'l' },
424 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
425 { "lines", optional_argument
, NULL
, 'n' },
426 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
427 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
}, /* deprecated */
428 { "quiet", no_argument
, NULL
, 'q' },
429 { "merge", no_argument
, NULL
, 'm' },
430 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
431 { "boot", optional_argument
, NULL
, 'b' },
432 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
433 { "dmesg", no_argument
, NULL
, 'k' },
434 { "system", no_argument
, NULL
, ARG_SYSTEM
},
435 { "user", no_argument
, NULL
, ARG_USER
},
436 { "directory", required_argument
, NULL
, 'D' },
437 { "file", required_argument
, NULL
, ARG_FILE
},
438 { "root", required_argument
, NULL
, ARG_ROOT
},
439 { "header", no_argument
, NULL
, ARG_HEADER
},
440 { "identifier", required_argument
, NULL
, 't' },
441 { "priority", required_argument
, NULL
, 'p' },
442 { "grep", required_argument
, NULL
, 'g' },
443 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
444 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
445 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
446 { "verify", no_argument
, NULL
, ARG_VERIFY
},
447 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
448 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
449 { "cursor", required_argument
, NULL
, 'c' },
450 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
451 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
452 { "since", required_argument
, NULL
, 'S' },
453 { "until", required_argument
, NULL
, 'U' },
454 { "unit", required_argument
, NULL
, 'u' },
455 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
456 { "field", required_argument
, NULL
, 'F' },
457 { "fields", no_argument
, NULL
, 'N' },
458 { "catalog", no_argument
, NULL
, 'x' },
459 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
460 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
461 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
462 { "reverse", no_argument
, NULL
, 'r' },
463 { "machine", required_argument
, NULL
, 'M' },
464 { "utc", no_argument
, NULL
, ARG_UTC
},
465 { "flush", no_argument
, NULL
, ARG_FLUSH
},
466 { "sync", no_argument
, NULL
, ARG_SYNC
},
467 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
468 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
469 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
470 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
471 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
472 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
481 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
496 arg_pager_end
= true;
498 if (arg_lines
== ARG_LINES_DEFAULT
)
508 if (streq(optarg
, "help")) {
509 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
513 arg_output
= output_mode_from_string(optarg
);
514 if (arg_output
< 0) {
515 log_error("Unknown output format '%s'.", optarg
);
519 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
538 if (streq(optarg
, "all"))
539 arg_lines
= ARG_LINES_ALL
;
541 r
= safe_atoi(optarg
, &arg_lines
);
542 if (r
< 0 || arg_lines
< 0) {
543 log_error("Failed to parse lines '%s'", optarg
);
550 /* Hmm, no argument? Maybe the next
551 * word on the command line is
552 * supposed to be the argument? Let's
553 * see if there is one, and is
557 if (streq(argv
[optind
], "all")) {
558 arg_lines
= ARG_LINES_ALL
;
560 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
574 arg_action
= ACTION_NEW_ID128
;
593 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
595 log_error("Failed to parse boot descriptor '%s'", optarg
);
600 /* Hmm, no argument? Maybe the next
601 * word on the command line is
602 * supposed to be the argument? Let's
603 * see if there is one and is parsable
604 * as a boot descriptor... */
607 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
614 arg_action
= ACTION_LIST_BOOTS
;
618 arg_boot
= arg_dmesg
= true;
622 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
626 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
630 arg_machine
= optarg
;
634 arg_directory
= optarg
;
638 if (streq(optarg
, "-"))
639 /* An undocumented feature: we can read journal files from STDIN. We don't document
640 * this though, since after all we only support this for mmap-able, seekable files, and
641 * not for example pipes which are probably the primary usecase for reading things from
642 * STDIN. To avoid confusion we hence don't document this feature. */
643 arg_file_stdin
= true;
645 r
= glob_extend(&arg_file
, optarg
);
647 return log_error_errno(r
, "Failed to add paths: %m");
652 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
661 case ARG_AFTER_CURSOR
:
662 arg_after_cursor
= optarg
;
665 case ARG_SHOW_CURSOR
:
666 arg_show_cursor
= true;
670 arg_action
= ACTION_PRINT_HEADER
;
674 arg_action
= ACTION_VERIFY
;
678 arg_action
= ACTION_DISK_USAGE
;
681 case ARG_VACUUM_SIZE
:
682 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
684 log_error("Failed to parse vacuum size: %s", optarg
);
688 arg_action
= ACTION_VACUUM
;
691 case ARG_VACUUM_FILES
:
692 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
694 log_error("Failed to parse vacuum files: %s", optarg
);
698 arg_action
= ACTION_VACUUM
;
701 case ARG_VACUUM_TIME
:
702 r
= parse_sec(optarg
, &arg_vacuum_time
);
704 log_error("Failed to parse vacuum time: %s", optarg
);
708 arg_action
= ACTION_VACUUM
;
717 arg_action
= ACTION_SETUP_KEYS
;
721 arg_action
= ACTION_VERIFY
;
722 r
= free_and_strdup(&arg_verify_key
, optarg
);
725 /* Use memset not string_erase so this doesn't look confusing
726 * in ps or htop output. */
727 memset(optarg
, 'x', strlen(optarg
));
733 r
= parse_sec(optarg
, &arg_interval
);
734 if (r
< 0 || arg_interval
<= 0) {
735 log_error("Failed to parse sealing key change interval: %s", optarg
);
744 log_error("Compiled without forward-secure sealing support.");
751 dots
= strstr(optarg
, "..");
757 a
= strndup(optarg
, dots
- optarg
);
761 from
= log_level_from_string(a
);
762 to
= log_level_from_string(dots
+ 2);
765 if (from
< 0 || to
< 0) {
766 log_error("Failed to parse log level range %s", optarg
);
773 for (i
= from
; i
<= to
; i
++)
774 arg_priorities
|= 1 << i
;
776 for (i
= to
; i
<= from
; i
++)
777 arg_priorities
|= 1 << i
;
783 p
= log_level_from_string(optarg
);
785 log_error("Unknown log level %s", optarg
);
791 for (i
= 0; i
<= p
; i
++)
792 arg_priorities
|= 1 << i
;
800 arg_pattern
= optarg
;
803 case ARG_CASE_SENSITIVE
:
805 r
= parse_boolean(optarg
);
807 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
808 arg_case_sensitive
= r
;
810 arg_case_sensitive
= true;
815 case ARG_CASE_SENSITIVE
:
816 return log_error("Compiled without pattern matching support");
820 r
= parse_timestamp(optarg
, &arg_since
);
822 log_error("Failed to parse timestamp: %s", optarg
);
825 arg_since_set
= true;
829 r
= parse_timestamp(optarg
, &arg_until
);
831 log_error("Failed to parse timestamp: %s", optarg
);
834 arg_until_set
= true;
838 r
= strv_extend(&arg_syslog_identifier
, optarg
);
844 r
= strv_extend(&arg_system_units
, optarg
);
850 r
= strv_extend(&arg_user_units
, optarg
);
856 arg_action
= ACTION_LIST_FIELDS
;
861 arg_action
= ACTION_LIST_FIELD_NAMES
;
864 case ARG_NO_HOSTNAME
:
865 arg_no_hostname
= true;
872 case ARG_LIST_CATALOG
:
873 arg_action
= ACTION_LIST_CATALOG
;
876 case ARG_DUMP_CATALOG
:
877 arg_action
= ACTION_DUMP_CATALOG
;
880 case ARG_UPDATE_CATALOG
:
881 arg_action
= ACTION_UPDATE_CATALOG
;
893 arg_action
= ACTION_FLUSH
;
897 arg_action
= ACTION_ROTATE
;
901 arg_action
= ACTION_SYNC
;
904 case ARG_OUTPUT_FIELDS
: {
905 _cleanup_strv_free_
char **v
= NULL
;
907 v
= strv_split(optarg
, ",");
911 if (!arg_output_fields
)
912 arg_output_fields
= TAKE_PTR(v
);
914 r
= strv_extend_strv(&arg_output_fields
, v
, true);
925 assert_not_reached("Unhandled option");
928 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
931 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
932 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
936 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
937 log_error("--since= must be before --until=.");
941 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
942 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
946 if (arg_follow
&& arg_reverse
) {
947 log_error("Please specify either --reverse= or --follow=, not both.");
951 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
952 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
956 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
957 log_error("Using --boot or --list-boots with --merge is not supported.");
961 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
962 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
963 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
964 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
965 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
969 arg_system_units
= strv_free(arg_system_units
);
976 if (arg_case_sensitive
>= 0)
977 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
979 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
981 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
983 md
= pcre2_match_data_create(1, NULL
);
987 r
= pattern_compile("[[:upper:]]", 0, &cs
);
991 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
994 flags
= !has_case
* PCRE2_CASELESS
;
997 log_debug("Doing case %s matching based on %s",
998 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
999 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1001 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1010 static int add_matches(sd_journal
*j
, char **args
) {
1012 bool have_term
= false;
1016 STRV_FOREACH(i
, args
) {
1019 if (streq(*i
, "+")) {
1022 r
= sd_journal_add_disjunction(j
);
1025 } else if (path_is_absolute(*i
)) {
1026 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1029 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1031 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1033 if (lstat(p
, &st
) < 0)
1034 return log_error_errno(errno
, "Couldn't stat file: %m");
1036 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1037 if (executable_is_script(p
, &interpreter
) > 0) {
1038 _cleanup_free_
char *comm
;
1040 comm
= strndup(basename(p
), 15);
1044 t
= strappend("_COMM=", comm
);
1048 /* Append _EXE only if the interpreter is not a link.
1049 Otherwise, it might be outdated often. */
1050 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1051 t2
= strappend("_EXE=", interpreter
);
1056 t
= strappend("_EXE=", p
);
1061 r
= sd_journal_add_match(j
, t
, 0);
1064 r
= sd_journal_add_match(j
, t2
, 0);
1066 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1067 r
= add_matches_for_device(j
, p
);
1071 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
1077 r
= sd_journal_add_match(j
, *i
, 0);
1082 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1085 if (!strv_isempty(args
) && !have_term
) {
1086 log_error("\"+\" can only be used between terms");
1093 static void boot_id_free_all(BootId
*l
) {
1097 LIST_REMOVE(boot_list
, l
, i
);
1102 static int discover_next_boot(sd_journal
*j
,
1103 sd_id128_t previous_boot_id
,
1107 _cleanup_free_ BootId
*next_boot
= NULL
;
1108 char match
[9+32+1] = "_BOOT_ID=";
1115 /* We expect the journal to be on the last position of a boot
1116 * (in relation to the direction we are going), so that the next
1117 * invocation of sd_journal_next/previous will be from a different
1118 * boot. We then collect any information we desire and then jump
1119 * to the last location of the new boot by using a _BOOT_ID match
1120 * coming from the other journal direction. */
1122 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1123 * we can actually advance to a *different* boot. */
1124 sd_journal_flush_matches(j
);
1128 r
= sd_journal_previous(j
);
1130 r
= sd_journal_next(j
);
1134 return 0; /* End of journal, yay. */
1136 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1140 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1141 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1142 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1143 * complete than the main entry array, and hence might reference an entry that's not actually the last
1144 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1145 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1148 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1150 next_boot
= new0(BootId
, 1);
1154 next_boot
->id
= boot_id
;
1156 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1160 /* Now seek to the last occurrence of this boot ID. */
1161 sd_id128_to_string(next_boot
->id
, match
+ 9);
1162 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1167 r
= sd_journal_seek_head(j
);
1169 r
= sd_journal_seek_tail(j
);
1174 r
= sd_journal_next(j
);
1176 r
= sd_journal_previous(j
);
1180 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1181 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1184 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1188 *ret
= TAKE_PTR(next_boot
);
1193 static int get_boots(
1196 sd_id128_t
*boot_id
,
1201 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1202 const bool advance_older
= boot_id
&& offset
<= 0;
1203 sd_id128_t previous_boot_id
;
1207 /* Adjust for the asymmetry that offset 0 is
1208 * the last (and current) boot, while 1 is considered the
1209 * (chronological) first boot in the journal. */
1210 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1212 /* Advance to the earliest/latest occurrence of our reference
1213 * boot ID (taking our lookup direction into account), so that
1214 * discover_next_boot() can do its job.
1215 * If no reference is given, the journal head/tail will do,
1216 * they're "virtual" boots after all. */
1217 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1218 char match
[9+32+1] = "_BOOT_ID=";
1220 sd_journal_flush_matches(j
);
1222 sd_id128_to_string(*boot_id
, match
+ 9);
1223 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1228 r
= sd_journal_seek_head(j
); /* seek to oldest */
1230 r
= sd_journal_seek_tail(j
); /* seek to newest */
1235 r
= sd_journal_next(j
); /* read the oldest entry */
1237 r
= sd_journal_previous(j
); /* read the most recently added entry */
1242 else if (offset
== 0) {
1247 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1248 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1249 * the following entry, which must then have an older/newer boot ID */
1253 r
= sd_journal_seek_tail(j
); /* seek to newest */
1255 r
= sd_journal_seek_head(j
); /* seek to oldest */
1259 /* No sd_journal_next()/_previous() here.
1261 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1262 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1266 previous_boot_id
= SD_ID128_NULL
;
1268 _cleanup_free_ BootId
*current
= NULL
;
1270 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1272 boot_id_free_all(head
);
1279 previous_boot_id
= current
->id
;
1283 offset
+= advance_older
? 1 : -1;
1288 *boot_id
= current
->id
;
1292 LIST_FOREACH(boot_list
, id
, head
) {
1293 if (sd_id128_equal(id
->id
, current
->id
)) {
1294 /* boot id already stored, something wrong with the journal files */
1295 /* exiting as otherwise this problem would cause forever loop */
1299 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1300 tail
= TAKE_PTR(current
);
1309 sd_journal_flush_matches(j
);
1314 static int list_boots(sd_journal
*j
) {
1316 BootId
*id
, *all_ids
;
1320 count
= get_boots(j
, &all_ids
, NULL
, 0);
1322 return log_error_errno(count
, "Failed to determine boots: %m");
1326 (void) pager_open(arg_no_pager
, arg_pager_end
);
1328 /* numbers are one less, but we need an extra char for the sign */
1329 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1332 LIST_FOREACH(boot_list
, id
, all_ids
) {
1333 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1335 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1337 SD_ID128_FORMAT_VAL(id
->id
),
1338 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1339 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1343 boot_id_free_all(all_ids
);
1348 static int add_boot(sd_journal
*j
) {
1349 char match
[9+32+1] = "_BOOT_ID=";
1358 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1359 * We can do this only when we logs are coming from the current machine,
1360 * so take the slow path if log location is specified. */
1361 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1362 !arg_directory
&& !arg_file
&& !arg_root
)
1364 return add_match_this_boot(j
, arg_machine
);
1366 boot_id
= arg_boot_id
;
1367 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1370 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1372 if (sd_id128_is_null(arg_boot_id
))
1373 log_error("Data from the specified boot (%+i) is not available: %s",
1374 arg_boot_offset
, reason
);
1376 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1377 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1379 return r
== 0 ? -ENODATA
: r
;
1382 sd_id128_to_string(boot_id
, match
+ 9);
1384 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1386 return log_error_errno(r
, "Failed to add match: %m");
1388 r
= sd_journal_add_conjunction(j
);
1390 return log_error_errno(r
, "Failed to add conjunction: %m");
1395 static int add_dmesg(sd_journal
*j
) {
1402 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1403 STRLEN("_TRANSPORT=kernel"));
1405 return log_error_errno(r
, "Failed to add match: %m");
1407 r
= sd_journal_add_conjunction(j
);
1409 return log_error_errno(r
, "Failed to add conjunction: %m");
1414 static int get_possible_units(
1420 _cleanup_set_free_free_ Set
*found
;
1424 found
= set_new(&string_hash_ops
);
1428 NULSTR_FOREACH(field
, fields
) {
1432 r
= sd_journal_query_unique(j
, field
);
1436 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1437 char **pattern
, *eq
;
1439 _cleanup_free_
char *u
= NULL
;
1441 eq
= memchr(data
, '=', size
);
1443 prefix
= eq
- (char*) data
+ 1;
1447 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1451 STRV_FOREACH(pattern
, patterns
)
1452 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1453 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1455 r
= set_consume(found
, u
);
1457 if (r
< 0 && r
!= -EEXIST
)
1465 *units
= TAKE_PTR(found
);
1470 /* This list is supposed to return the superset of unit names
1471 * possibly matched by rules added with add_matches_for_unit... */
1472 #define SYSTEM_UNITS \
1476 "OBJECT_SYSTEMD_UNIT\0" \
1479 /* ... and add_matches_for_user_unit */
1480 #define USER_UNITS \
1481 "_SYSTEMD_USER_UNIT\0" \
1483 "COREDUMP_USER_UNIT\0" \
1484 "OBJECT_SYSTEMD_USER_UNIT\0"
1486 static int add_units(sd_journal
*j
) {
1487 _cleanup_strv_free_
char **patterns
= NULL
;
1493 STRV_FOREACH(i
, arg_system_units
) {
1494 _cleanup_free_
char *u
= NULL
;
1496 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1500 if (string_is_glob(u
)) {
1501 r
= strv_push(&patterns
, u
);
1506 r
= add_matches_for_unit(j
, u
);
1509 r
= sd_journal_add_disjunction(j
);
1516 if (!strv_isempty(patterns
)) {
1517 _cleanup_set_free_free_ Set
*units
= NULL
;
1521 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1525 SET_FOREACH(u
, units
, it
) {
1526 r
= add_matches_for_unit(j
, u
);
1529 r
= sd_journal_add_disjunction(j
);
1536 patterns
= strv_free(patterns
);
1538 STRV_FOREACH(i
, arg_user_units
) {
1539 _cleanup_free_
char *u
= NULL
;
1541 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1545 if (string_is_glob(u
)) {
1546 r
= strv_push(&patterns
, u
);
1551 r
= add_matches_for_user_unit(j
, u
, getuid());
1554 r
= sd_journal_add_disjunction(j
);
1561 if (!strv_isempty(patterns
)) {
1562 _cleanup_set_free_free_ Set
*units
= NULL
;
1566 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1570 SET_FOREACH(u
, units
, it
) {
1571 r
= add_matches_for_user_unit(j
, u
, getuid());
1574 r
= sd_journal_add_disjunction(j
);
1581 /* Complain if the user request matches but nothing whatsoever was
1582 * found, since otherwise everything would be matched. */
1583 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1586 r
= sd_journal_add_conjunction(j
);
1593 static int add_priorities(sd_journal
*j
) {
1594 char match
[] = "PRIORITY=0";
1598 if (arg_priorities
== 0xFF)
1601 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1602 if (arg_priorities
& (1 << i
)) {
1603 match
[sizeof(match
)-2] = '0' + i
;
1605 r
= sd_journal_add_match(j
, match
, strlen(match
));
1607 return log_error_errno(r
, "Failed to add match: %m");
1610 r
= sd_journal_add_conjunction(j
);
1612 return log_error_errno(r
, "Failed to add conjunction: %m");
1617 static int add_syslog_identifier(sd_journal
*j
) {
1623 STRV_FOREACH(i
, arg_syslog_identifier
) {
1626 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1627 r
= sd_journal_add_match(j
, u
, 0);
1630 r
= sd_journal_add_disjunction(j
);
1635 r
= sd_journal_add_conjunction(j
);
1642 static int setup_keys(void) {
1644 size_t mpk_size
, seed_size
, state_size
, i
;
1645 uint8_t *mpk
, *seed
, *state
;
1647 sd_id128_t machine
, boot
;
1648 char *p
= NULL
, *k
= NULL
;
1653 r
= stat("/var/log/journal", &st
);
1654 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1655 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1657 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1658 log_error("%s is not a directory, must be using persistent logging for FSS.",
1659 "/var/log/journal");
1660 return r
< 0 ? -errno
: -ENOTDIR
;
1663 r
= sd_id128_get_machine(&machine
);
1665 return log_error_errno(r
, "Failed to get machine ID: %m");
1667 r
= sd_id128_get_boot(&boot
);
1669 return log_error_errno(r
, "Failed to get boot ID: %m");
1671 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1672 SD_ID128_FORMAT_VAL(machine
)) < 0)
1677 if (r
< 0 && errno
!= ENOENT
) {
1678 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1681 } else if (access(p
, F_OK
) >= 0) {
1682 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1687 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1688 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1693 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1694 mpk
= alloca(mpk_size
);
1696 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1697 seed
= alloca(seed_size
);
1699 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1700 state
= alloca(state_size
);
1702 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1704 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1708 log_info("Generating seed...");
1709 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1711 log_error_errno(r
, "Failed to read random seed: %m");
1715 log_info("Generating key pair...");
1716 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1718 log_info("Generating sealing key...");
1719 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1721 assert(arg_interval
> 0);
1723 n
= now(CLOCK_REALTIME
);
1727 fd
= mkostemp_safe(k
);
1729 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1733 /* Enable secure remove, exclusion from dump, synchronous
1734 * writing and in-place updating */
1735 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, NULL
);
1737 log_warning_errno(r
, "Failed to set file attributes: %m");
1740 memcpy(h
.signature
, "KSHHRHLP", 8);
1741 h
.machine_id
= machine
;
1743 h
.header_size
= htole64(sizeof(h
));
1744 h
.start_usec
= htole64(n
* arg_interval
);
1745 h
.interval_usec
= htole64(arg_interval
);
1746 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1747 h
.fsprg_state_size
= htole64(state_size
);
1749 r
= loop_write(fd
, &h
, sizeof(h
), false);
1751 log_error_errno(r
, "Failed to write header: %m");
1755 r
= loop_write(fd
, state
, state_size
, false);
1757 log_error_errno(r
, "Failed to write state: %m");
1761 if (link(k
, p
) < 0) {
1762 r
= log_error_errno(errno
, "Failed to link file: %m");
1769 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1770 "the following local file. This key file is automatically updated when the\n"
1771 "sealing key is advanced. It should not be used on multiple hosts.\n"
1775 "Please write down the following %ssecret verification key%s. It should be stored\n"
1776 "at a safe location and should not be saved locally on disk.\n"
1778 ansi_highlight(), ansi_normal(),
1780 ansi_highlight(), ansi_normal(),
1781 ansi_highlight_red());
1784 for (i
= 0; i
< seed_size
; i
++) {
1785 if (i
> 0 && i
% 3 == 0)
1787 printf("%02x", ((uint8_t*) seed
)[i
]);
1790 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1793 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1797 "The sealing key is automatically changed every %s.\n",
1799 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1801 hn
= gethostname_malloc();
1804 hostname_cleanup(hn
);
1805 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1807 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1810 /* If this is not an UTF-8 system don't print any QR codes */
1811 if (is_locale_utf8()) {
1812 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1813 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1833 log_error("Forward-secure sealing not available.");
1838 static int verify(sd_journal
*j
) {
1845 log_show_color(true);
1847 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1849 usec_t first
= 0, validated
= 0, last
= 0;
1852 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1853 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1856 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1858 /* If the key was invalid give up right-away. */
1861 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1864 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1865 log_info("PASS: %s", f
->path
);
1867 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1868 if (validated
> 0) {
1869 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1870 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1871 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1872 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1873 } else if (last
> 0)
1874 log_info("=> No sealing yet, %s of entries not sealed.",
1875 format_timespan(c
, sizeof(c
), last
- first
, 0));
1877 log_info("=> No sealing yet, no entries in file.");
1885 static int flush_to_var(void) {
1886 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1887 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1888 _cleanup_close_
int watch_fd
= -1;
1892 log_error("--flush is not supported in conjunction with --machine=.");
1897 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1900 /* OK, let's actually do the full logic, send SIGUSR1 to the
1901 * daemon and set up inotify to wait for the flushed file to appear */
1902 r
= bus_connect_system_systemd(&bus
);
1904 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1906 r
= sd_bus_call_method(
1908 "org.freedesktop.systemd1",
1909 "/org/freedesktop/systemd1",
1910 "org.freedesktop.systemd1.Manager",
1914 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1916 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1918 mkdir_p("/run/systemd/journal", 0755);
1920 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1922 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1924 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1926 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1929 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1932 if (errno
!= ENOENT
)
1933 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1935 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1937 return log_error_errno(r
, "Failed to wait for event: %m");
1939 r
= flush_fd(watch_fd
);
1941 return log_error_errno(r
, "Failed to flush inotify events: %m");
1947 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1948 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1949 _cleanup_close_
int watch_fd
= -1;
1954 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1958 start
= now(CLOCK_MONOTONIC
);
1960 /* This call sends the specified signal to journald, and waits
1961 * for acknowledgment by watching the mtime of the specified
1962 * flag file. This is used to trigger syncing or rotation and
1963 * then wait for the operation to complete. */
1968 /* See if a sync happened by now. */
1969 r
= read_timestamp_file(watch_path
, &tstamp
);
1970 if (r
< 0 && r
!= -ENOENT
)
1971 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
1972 if (r
>= 0 && tstamp
>= start
)
1975 /* Let's ask for a sync, but only once. */
1977 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1979 r
= bus_connect_system_systemd(&bus
);
1981 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1983 r
= sd_bus_call_method(
1985 "org.freedesktop.systemd1",
1986 "/org/freedesktop/systemd1",
1987 "org.freedesktop.systemd1.Manager",
1991 "ssi", "systemd-journald.service", "main", sig
);
1993 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1998 /* Let's install the inotify watch, if we didn't do that yet. */
2001 mkdir_p("/run/systemd/journal", 0755);
2003 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2005 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2007 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2009 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2011 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2015 /* OK, all preparatory steps done, let's wait until
2016 * inotify reports an event. */
2018 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2020 return log_error_errno(r
, "Failed to wait for event: %m");
2022 r
= flush_fd(watch_fd
);
2024 return log_error_errno(r
, "Failed to flush inotify events: %m");
2030 static int rotate(void) {
2031 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2034 static int sync_journal(void) {
2035 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2038 int main(int argc
, char *argv
[]) {
2040 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2041 bool need_seek
= false;
2042 sd_id128_t previous_boot_id
;
2043 bool previous_boot_id_valid
= false, first_line
= true;
2045 bool ellipsized
= false;
2047 setlocale(LC_ALL
, "");
2048 log_parse_environment();
2051 r
= parse_argv(argc
, argv
);
2055 signal(SIGWINCH
, columns_lines_cache_reset
);
2058 /* Increase max number of open files to 16K if we can, we
2059 * might needs this when browsing journal files, which might
2060 * be split up into many files. */
2061 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2063 switch (arg_action
) {
2065 case ACTION_NEW_ID128
:
2066 r
= id128_print_new(true);
2069 case ACTION_SETUP_KEYS
:
2073 case ACTION_LIST_CATALOG
:
2074 case ACTION_DUMP_CATALOG
:
2075 case ACTION_UPDATE_CATALOG
: {
2076 _cleanup_free_
char *database
;
2078 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2084 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2085 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2087 log_error_errno(r
, "Failed to list catalog: %m");
2089 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2091 (void) pager_open(arg_no_pager
, arg_pager_end
);
2094 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2096 r
= catalog_list(stdout
, database
, oneline
);
2098 log_error_errno(r
, "Failed to list catalog: %m");
2117 case ACTION_PRINT_HEADER
:
2119 case ACTION_DISK_USAGE
:
2120 case ACTION_LIST_BOOTS
:
2122 case ACTION_LIST_FIELDS
:
2123 case ACTION_LIST_FIELD_NAMES
:
2124 /* These ones require access to the journal files, continue below. */
2128 assert_not_reached("Unknown action");
2132 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2134 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2135 else if (arg_file_stdin
) {
2136 int ifd
= STDIN_FILENO
;
2137 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2138 } else if (arg_file
)
2139 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2140 else if (arg_machine
) {
2141 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2142 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2143 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2146 if (geteuid() != 0) {
2147 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2148 * the container, thus we need root privileges to override them. */
2149 log_error("Using the --machine= switch requires root privileges.");
2154 r
= sd_bus_open_system(&bus
);
2156 log_error_errno(r
, "Failed to open system bus: %m");
2160 r
= sd_bus_call_method(
2162 "org.freedesktop.machine1",
2163 "/org/freedesktop/machine1",
2164 "org.freedesktop.machine1.Manager",
2165 "OpenMachineRootDirectory",
2170 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2174 r
= sd_bus_message_read(reply
, "h", &fd
);
2176 bus_log_parse_error(r
);
2180 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2182 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2186 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2190 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2192 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2196 r
= journal_access_check_and_warn(j
, arg_quiet
,
2197 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2201 switch (arg_action
) {
2203 case ACTION_NEW_ID128
:
2204 case ACTION_SETUP_KEYS
:
2205 case ACTION_LIST_CATALOG
:
2206 case ACTION_DUMP_CATALOG
:
2207 case ACTION_UPDATE_CATALOG
:
2211 assert_not_reached("Unexpected action.");
2213 case ACTION_PRINT_HEADER
:
2214 journal_print_header(j
);
2222 case ACTION_DISK_USAGE
: {
2224 char sbytes
[FORMAT_BYTES_MAX
];
2226 r
= sd_journal_get_usage(j
, &bytes
);
2230 printf("Archived and active journals take up %s in the file system.\n",
2231 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2235 case ACTION_LIST_BOOTS
:
2239 case ACTION_VACUUM
: {
2243 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2249 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2251 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2259 case ACTION_LIST_FIELD_NAMES
: {
2262 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2263 printf("%s\n", field
);
2272 case ACTION_LIST_FIELDS
:
2276 assert_not_reached("Unknown action");
2279 if (arg_boot_offset
!= 0 &&
2280 sd_journal_has_runtime_files(j
) > 0 &&
2281 sd_journal_has_persistent_files(j
) == 0) {
2282 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2286 /* add_boot() must be called first!
2287 * It may need to seek the journal to find parent boot IDs. */
2298 log_error_errno(r
, "Failed to add filter for units: %m");
2302 r
= add_syslog_identifier(j
);
2304 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2308 r
= add_priorities(j
);
2312 r
= add_matches(j
, argv
+ optind
);
2316 if (DEBUG_LOGGING
) {
2317 _cleanup_free_
char *filter
;
2319 filter
= journal_make_match_string(j
);
2323 log_debug("Journal filter: %s", filter
);
2326 if (arg_action
== ACTION_LIST_FIELDS
) {
2332 r
= sd_journal_set_data_threshold(j
, 0);
2334 log_error_errno(r
, "Failed to unset data size threshold: %m");
2338 r
= sd_journal_query_unique(j
, arg_field
);
2340 log_error_errno(r
, "Failed to query unique data objects: %m");
2344 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2347 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2350 eq
= memchr(data
, '=', size
);
2352 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2354 printf("%.*s\n", (int) size
, (const char*) data
);
2363 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2365 r
= sd_journal_get_fd(j
);
2367 log_warning("Insufficent watch descriptors available. Reverting to -n.");
2369 } else if (r
== -EMEDIUMTYPE
) {
2370 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2373 log_error_errno(r
, "Failed to get journal fd: %m");
2378 if (arg_cursor
|| arg_after_cursor
) {
2379 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2381 log_error_errno(r
, "Failed to seek to cursor: %m");
2386 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2388 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2390 if (arg_after_cursor
&& r
< 2) {
2391 /* We couldn't find the next entry after the cursor. */
2398 } else if (arg_since_set
&& !arg_reverse
) {
2399 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2401 log_error_errno(r
, "Failed to seek to date: %m");
2404 r
= sd_journal_next(j
);
2406 } else if (arg_until_set
&& arg_reverse
) {
2407 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2409 log_error_errno(r
, "Failed to seek to date: %m");
2412 r
= sd_journal_previous(j
);
2414 } else if (arg_lines
>= 0) {
2415 r
= sd_journal_seek_tail(j
);
2417 log_error_errno(r
, "Failed to seek to tail: %m");
2421 r
= sd_journal_previous_skip(j
, arg_lines
);
2423 } else if (arg_reverse
) {
2424 r
= sd_journal_seek_tail(j
);
2426 log_error_errno(r
, "Failed to seek to tail: %m");
2430 r
= sd_journal_previous(j
);
2433 r
= sd_journal_seek_head(j
);
2435 log_error_errno(r
, "Failed to seek to head: %m");
2439 r
= sd_journal_next(j
);
2443 log_error_errno(r
, "Failed to iterate through journal: %m");
2450 (void) pager_open(arg_no_pager
, arg_pager_end
);
2452 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2454 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2456 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2458 log_error_errno(r
, "Failed to get cutoff: %m");
2464 printf("-- Logs begin at %s. --\n",
2465 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2467 printf("-- Logs begin at %s, end at %s. --\n",
2468 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2469 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2474 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2476 size_t highlight
[2] = {};
2480 r
= sd_journal_next(j
);
2482 r
= sd_journal_previous(j
);
2484 log_error_errno(r
, "Failed to iterate through journal: %m");
2491 if (arg_until_set
&& !arg_reverse
) {
2494 r
= sd_journal_get_realtime_usec(j
, &usec
);
2496 log_error_errno(r
, "Failed to determine timestamp: %m");
2499 if (usec
> arg_until
)
2503 if (arg_since_set
&& arg_reverse
) {
2506 r
= sd_journal_get_realtime_usec(j
, &usec
);
2508 log_error_errno(r
, "Failed to determine timestamp: %m");
2511 if (usec
< arg_since
)
2515 if (!arg_merge
&& !arg_quiet
) {
2518 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2520 if (previous_boot_id_valid
&&
2521 !sd_id128_equal(boot_id
, previous_boot_id
))
2522 printf("%s-- Reboot --%s\n",
2523 ansi_highlight(), ansi_normal());
2525 previous_boot_id
= boot_id
;
2526 previous_boot_id_valid
= true;
2531 if (arg_compiled_pattern
) {
2532 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2533 const void *message
;
2537 md
= pcre2_match_data_create(1, NULL
);
2541 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2548 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2552 assert_se(message
= startswith(message
, "MESSAGE="));
2554 r
= pcre2_match(arg_compiled_pattern
,
2556 len
- strlen("MESSAGE="),
2557 0, /* start at offset 0 in the subject */
2558 0, /* default options */
2561 if (r
== PCRE2_ERROR_NOMATCH
) {
2566 unsigned char buf
[LINE_MAX
];
2569 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2570 log_error("Pattern matching failed: %s",
2571 r2
< 0 ? "unknown error" : (char*) buf
);
2576 ovec
= pcre2_get_ovector_pointer(md
);
2577 highlight
[0] = ovec
[0];
2578 highlight
[1] = ovec
[1];
2583 arg_all
* OUTPUT_SHOW_ALL
|
2584 arg_full
* OUTPUT_FULL_WIDTH
|
2585 colors_enabled() * OUTPUT_COLOR
|
2586 arg_catalog
* OUTPUT_CATALOG
|
2587 arg_utc
* OUTPUT_UTC
|
2588 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2590 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2591 arg_output_fields
, highlight
, &ellipsized
);
2593 if (r
== -EADDRNOTAVAIL
)
2595 else if (r
< 0 || ferror(stdout
))
2600 /* If journalctl take a long time to process messages, and during that time journal file
2601 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2602 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2603 * in the "following" case. By periodically calling sd_journal_process() during the processing
2604 * loop we shrink the window of time a client instance has open file descriptors for rotated
2605 * (deleted) journal files. */
2606 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2607 r
= sd_journal_process(j
);
2609 log_error_errno(r
, "Failed to process inotify events: %m");
2616 if (n_shown
== 0 && !arg_quiet
)
2617 printf("-- No entries --\n");
2619 if (arg_show_cursor
) {
2620 _cleanup_free_
char *cursor
= NULL
;
2622 r
= sd_journal_get_cursor(j
, &cursor
);
2623 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2624 log_error_errno(r
, "Failed to get cursor: %m");
2626 printf("-- cursor: %s\n", cursor
);
2633 r
= sd_journal_wait(j
, (uint64_t) -1);
2635 log_error_errno(r
, "Couldn't wait for journal event: %m");
2646 strv_free(arg_file
);
2648 strv_free(arg_syslog_identifier
);
2649 strv_free(arg_system_units
);
2650 strv_free(arg_user_units
);
2651 strv_free(arg_output_fields
);
2654 free(arg_verify_key
);
2657 if (arg_compiled_pattern
)
2658 pcre2_code_free(arg_compiled_pattern
);
2661 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;