1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2011 Lennart Poettering
7 systemd is free software; you can redistribute it and/or modify it
8 under the terms of the GNU Lesser General Public License as published by
9 the Free Software Foundation; either version 2.1 of the License, or
10 (at your option) any later version.
12 systemd is distributed in the hope that it will be useful, but
13 WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
17 You should have received a copy of the GNU Lesser General Public License
18 along with systemd; If not, see <http://www.gnu.org/licenses/>.
33 #include <sys/inotify.h>
38 #include "sd-journal.h"
41 #include "alloc-util.h"
42 #include "bus-error.h"
45 #include "chattr-util.h"
50 #include "glob-util.h"
51 #include "hostname-util.h"
53 #include "journal-def.h"
54 #include "journal-internal.h"
55 #include "journal-qrcode.h"
56 #include "journal-util.h"
57 #include "journal-vacuum.h"
58 #include "journal-verify.h"
59 #include "locale-util.h"
61 #include "logs-show.h"
64 #include "parse-util.h"
65 #include "path-util.h"
66 #include "rlimit-util.h"
70 #include "syslog-util.h"
71 #include "terminal-util.h"
73 #include "udev-util.h"
74 #include "unit-name.h"
75 #include "user-util.h"
77 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
80 /* Special values for arg_lines */
81 ARG_LINES_DEFAULT
= -2,
85 static OutputMode arg_output
= OUTPUT_SHORT
;
86 static bool arg_utc
= false;
87 static bool arg_pager_end
= false;
88 static bool arg_follow
= false;
89 static bool arg_full
= true;
90 static bool arg_all
= false;
91 static bool arg_no_pager
= false;
92 static int arg_lines
= ARG_LINES_DEFAULT
;
93 static bool arg_no_tail
= false;
94 static bool arg_quiet
= false;
95 static bool arg_merge
= false;
96 static bool arg_boot
= false;
97 static sd_id128_t arg_boot_id
= {};
98 static int arg_boot_offset
= 0;
99 static bool arg_dmesg
= false;
100 static bool arg_no_hostname
= false;
101 static const char *arg_cursor
= NULL
;
102 static const char *arg_after_cursor
= NULL
;
103 static bool arg_show_cursor
= false;
104 static const char *arg_directory
= NULL
;
105 static char **arg_file
= NULL
;
106 static bool arg_file_stdin
= false;
107 static int arg_priorities
= 0xFF;
108 static char *arg_verify_key
= NULL
;
110 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
111 static bool arg_force
= false;
113 static usec_t arg_since
, arg_until
;
114 static bool arg_since_set
= false, arg_until_set
= false;
115 static char **arg_syslog_identifier
= NULL
;
116 static char **arg_system_units
= NULL
;
117 static char **arg_user_units
= NULL
;
118 static const char *arg_field
= NULL
;
119 static bool arg_catalog
= false;
120 static bool arg_reverse
= false;
121 static int arg_journal_type
= 0;
122 static char *arg_root
= NULL
;
123 static const char *arg_machine
= NULL
;
124 static uint64_t arg_vacuum_size
= 0;
125 static uint64_t arg_vacuum_n_files
= 0;
126 static usec_t arg_vacuum_time
= 0;
127 static char **arg_output_fields
= NULL
;
138 ACTION_UPDATE_CATALOG
,
145 ACTION_LIST_FIELD_NAMES
,
146 } arg_action
= ACTION_SHOW
;
148 typedef struct BootId
{
152 LIST_FIELDS(struct BootId
, boot_list
);
155 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
157 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
158 _cleanup_udev_device_unref_
struct udev_device
*device
= NULL
;
159 struct udev_device
*d
= NULL
;
165 if (!path_startswith(devpath
, "/dev/")) {
166 log_error("Devpath does not start with /dev/");
174 r
= stat(devpath
, &st
);
176 log_error_errno(errno
, "Couldn't stat file: %m");
178 d
= device
= udev_device_new_from_devnum(udev
, S_ISBLK(st
.st_mode
) ? 'b' : 'c', st
.st_rdev
);
180 return log_error_errno(errno
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
183 _cleanup_free_
char *match
= NULL
;
184 const char *subsys
, *sysname
, *devnode
;
186 subsys
= udev_device_get_subsystem(d
);
188 d
= udev_device_get_parent(d
);
192 sysname
= udev_device_get_sysname(d
);
194 d
= udev_device_get_parent(d
);
198 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
202 r
= sd_journal_add_match(j
, match
, 0);
204 return log_error_errno(r
, "Failed to add match: %m");
206 devnode
= udev_device_get_devnode(d
);
208 _cleanup_free_
char *match1
= NULL
;
210 r
= stat(devnode
, &st
);
212 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
214 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
218 r
= sd_journal_add_match(j
, match1
, 0);
220 return log_error_errno(r
, "Failed to add match: %m");
223 d
= udev_device_get_parent(d
);
226 r
= add_match_this_boot(j
, arg_machine
);
228 return log_error_errno(r
, "Failed to add match for the current boot: %m");
233 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
236 return format_timestamp_utc(buf
, l
, t
);
238 return format_timestamp(buf
, l
, t
);
241 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
242 sd_id128_t id
= SD_ID128_NULL
;
245 if (strlen(x
) >= 32) {
249 r
= sd_id128_from_string(t
, &id
);
253 if (!IN_SET(*x
, 0, '-', '+'))
257 r
= safe_atoi(x
, &off
);
262 r
= safe_atoi(x
, &off
);
276 static void help(void) {
278 pager_open(arg_no_pager
, arg_pager_end
);
280 printf("%s [OPTIONS...] [MATCHES...]\n\n"
281 "Query the journal.\n\n"
283 " --system Show the system journal\n"
284 " --user Show the user journal for the current user\n"
285 " -M --machine=CONTAINER Operate on local container\n"
286 " -S --since=DATE Show entries not older than the specified date\n"
287 " -U --until=DATE Show entries not newer than the specified date\n"
288 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
289 " --after-cursor=CURSOR Show entries after the specified cursor\n"
290 " --show-cursor Print the cursor after all the entries\n"
291 " -b --boot[=ID] Show current boot or the specified boot\n"
292 " --list-boots Show terse information about recorded boots\n"
293 " -k --dmesg Show kernel message log from the current boot\n"
294 " -u --unit=UNIT Show logs from the specified unit\n"
295 " --user-unit=UNIT Show logs from the specified user unit\n"
296 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
297 " -p --priority=RANGE Show entries with the specified priority\n"
298 " -e --pager-end Immediately jump to the end in the pager\n"
299 " -f --follow Follow the journal\n"
300 " -n --lines[=INTEGER] Number of journal entries to show\n"
301 " --no-tail Show all lines, even in follow mode\n"
302 " -r --reverse Show the newest entries first\n"
303 " -o --output=STRING Change journal output mode (short, short-precise,\n"
304 " short-iso, short-iso-precise, short-full,\n"
305 " short-monotonic, short-unix, verbose, export,\n"
306 " json, json-pretty, json-sse, cat)\n"
307 " --utc Express time in Coordinated Universal Time (UTC)\n"
308 " -x --catalog Add message explanations where available\n"
309 " --no-full Ellipsize fields\n"
310 " -a --all Show all fields, including long and unprintable\n"
311 " -q --quiet Do not show info messages and privilege warning\n"
312 " --no-pager Do not pipe output into a pager\n"
313 " --no-hostname Suppress output of hostname field\n"
314 " -m --merge Show entries from all available journals\n"
315 " -D --directory=PATH Show journal files from directory\n"
316 " --file=PATH Show journal file\n"
317 " --root=ROOT Operate on files below a root directory\n"
319 " --interval=TIME Time interval for changing the FSS sealing key\n"
320 " --verify-key=KEY Specify FSS verification key\n"
321 " --force Override of the FSS key pair with --setup-keys\n"
324 " -h --help Show this help text\n"
325 " --version Show package version\n"
326 " -N --fields List all field names currently used\n"
327 " -F --field=FIELD List all values that a specified field takes\n"
328 " --disk-usage Show total disk usage of all journal files\n"
329 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
330 " --vacuum-files=INT Leave only the specified number of journal files\n"
331 " --vacuum-time=TIME Remove journal files older than specified time\n"
332 " --verify Verify journal file consistency\n"
333 " --sync Synchronize unwritten journal messages to disk\n"
334 " --flush Flush all journal data from /run into /var\n"
335 " --rotate Request immediate rotation of the journal files\n"
336 " --header Show journal header information\n"
337 " --list-catalog Show all message IDs in the catalog\n"
338 " --dump-catalog Show entries in the message catalog\n"
339 " --update-catalog Update the message catalog database\n"
340 " --new-id128 Generate a new 128-bit ID\n"
342 " --setup-keys Generate a new FSS key pair\n"
344 , program_invocation_short_name
);
347 static int parse_argv(int argc
, char *argv
[]) {
385 static const struct option options
[] = {
386 { "help", no_argument
, NULL
, 'h' },
387 { "version" , no_argument
, NULL
, ARG_VERSION
},
388 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
389 { "pager-end", no_argument
, NULL
, 'e' },
390 { "follow", no_argument
, NULL
, 'f' },
391 { "force", no_argument
, NULL
, ARG_FORCE
},
392 { "output", required_argument
, NULL
, 'o' },
393 { "all", no_argument
, NULL
, 'a' },
394 { "full", no_argument
, NULL
, 'l' },
395 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
396 { "lines", optional_argument
, NULL
, 'n' },
397 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
398 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
399 { "quiet", no_argument
, NULL
, 'q' },
400 { "merge", no_argument
, NULL
, 'm' },
401 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
402 { "boot", optional_argument
, NULL
, 'b' },
403 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
404 { "dmesg", no_argument
, NULL
, 'k' },
405 { "system", no_argument
, NULL
, ARG_SYSTEM
},
406 { "user", no_argument
, NULL
, ARG_USER
},
407 { "directory", required_argument
, NULL
, 'D' },
408 { "file", required_argument
, NULL
, ARG_FILE
},
409 { "root", required_argument
, NULL
, ARG_ROOT
},
410 { "header", no_argument
, NULL
, ARG_HEADER
},
411 { "identifier", required_argument
, NULL
, 't' },
412 { "priority", required_argument
, NULL
, 'p' },
413 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
414 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
415 { "verify", no_argument
, NULL
, ARG_VERIFY
},
416 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
417 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
418 { "cursor", required_argument
, NULL
, 'c' },
419 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
420 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
421 { "since", required_argument
, NULL
, 'S' },
422 { "until", required_argument
, NULL
, 'U' },
423 { "unit", required_argument
, NULL
, 'u' },
424 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
425 { "field", required_argument
, NULL
, 'F' },
426 { "fields", no_argument
, NULL
, 'N' },
427 { "catalog", no_argument
, NULL
, 'x' },
428 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
429 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
430 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
431 { "reverse", no_argument
, NULL
, 'r' },
432 { "machine", required_argument
, NULL
, 'M' },
433 { "utc", no_argument
, NULL
, ARG_UTC
},
434 { "flush", no_argument
, NULL
, ARG_FLUSH
},
435 { "sync", no_argument
, NULL
, ARG_SYNC
},
436 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
437 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
438 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
439 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
440 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
441 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
450 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
466 arg_pager_end
= true;
468 if (arg_lines
== ARG_LINES_DEFAULT
)
478 arg_output
= output_mode_from_string(optarg
);
479 if (arg_output
< 0) {
480 log_error("Unknown output format '%s'.", optarg
);
484 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
503 if (streq(optarg
, "all"))
504 arg_lines
= ARG_LINES_ALL
;
506 r
= safe_atoi(optarg
, &arg_lines
);
507 if (r
< 0 || arg_lines
< 0) {
508 log_error("Failed to parse lines '%s'", optarg
);
515 /* Hmm, no argument? Maybe the next
516 * word on the command line is
517 * supposed to be the argument? Let's
518 * see if there is one, and is
522 if (streq(argv
[optind
], "all")) {
523 arg_lines
= ARG_LINES_ALL
;
525 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
539 arg_action
= ACTION_NEW_ID128
;
558 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
560 log_error("Failed to parse boot descriptor '%s'", optarg
);
565 /* Hmm, no argument? Maybe the next
566 * word on the command line is
567 * supposed to be the argument? Let's
568 * see if there is one and is parsable
569 * as a boot descriptor... */
572 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
579 arg_action
= ACTION_LIST_BOOTS
;
583 arg_boot
= arg_dmesg
= true;
587 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
591 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
595 arg_machine
= optarg
;
599 arg_directory
= optarg
;
603 if (streq(optarg
, "-"))
604 /* An undocumented feature: we can read journal files from STDIN. We don't document
605 * this though, since after all we only support this for mmap-able, seekable files, and
606 * not for example pipes which are probably the primary usecase for reading things from
607 * STDIN. To avoid confusion we hence don't document this feature. */
608 arg_file_stdin
= true;
610 r
= glob_extend(&arg_file
, optarg
);
612 return log_error_errno(r
, "Failed to add paths: %m");
617 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
626 case ARG_AFTER_CURSOR
:
627 arg_after_cursor
= optarg
;
630 case ARG_SHOW_CURSOR
:
631 arg_show_cursor
= true;
635 arg_action
= ACTION_PRINT_HEADER
;
639 arg_action
= ACTION_VERIFY
;
643 arg_action
= ACTION_DISK_USAGE
;
646 case ARG_VACUUM_SIZE
:
647 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
649 log_error("Failed to parse vacuum size: %s", optarg
);
653 arg_action
= ACTION_VACUUM
;
656 case ARG_VACUUM_FILES
:
657 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
659 log_error("Failed to parse vacuum files: %s", optarg
);
663 arg_action
= ACTION_VACUUM
;
666 case ARG_VACUUM_TIME
:
667 r
= parse_sec(optarg
, &arg_vacuum_time
);
669 log_error("Failed to parse vacuum time: %s", optarg
);
673 arg_action
= ACTION_VACUUM
;
682 arg_action
= ACTION_SETUP_KEYS
;
687 arg_action
= ACTION_VERIFY
;
688 r
= free_and_strdup(&arg_verify_key
, optarg
);
691 /* Use memset not string_erase so this doesn't look confusing
692 * in ps or htop output. */
693 memset(optarg
, 'x', strlen(optarg
));
699 r
= parse_sec(optarg
, &arg_interval
);
700 if (r
< 0 || arg_interval
<= 0) {
701 log_error("Failed to parse sealing key change interval: %s", optarg
);
710 log_error("Forward-secure sealing not available.");
717 dots
= strstr(optarg
, "..");
723 a
= strndup(optarg
, dots
- optarg
);
727 from
= log_level_from_string(a
);
728 to
= log_level_from_string(dots
+ 2);
731 if (from
< 0 || to
< 0) {
732 log_error("Failed to parse log level range %s", optarg
);
739 for (i
= from
; i
<= to
; i
++)
740 arg_priorities
|= 1 << i
;
742 for (i
= to
; i
<= from
; i
++)
743 arg_priorities
|= 1 << i
;
749 p
= log_level_from_string(optarg
);
751 log_error("Unknown log level %s", optarg
);
757 for (i
= 0; i
<= p
; i
++)
758 arg_priorities
|= 1 << i
;
765 r
= parse_timestamp(optarg
, &arg_since
);
767 log_error("Failed to parse timestamp: %s", optarg
);
770 arg_since_set
= true;
774 r
= parse_timestamp(optarg
, &arg_until
);
776 log_error("Failed to parse timestamp: %s", optarg
);
779 arg_until_set
= true;
783 r
= strv_extend(&arg_syslog_identifier
, optarg
);
789 r
= strv_extend(&arg_system_units
, optarg
);
795 r
= strv_extend(&arg_user_units
, optarg
);
801 arg_action
= ACTION_LIST_FIELDS
;
806 arg_action
= ACTION_LIST_FIELD_NAMES
;
809 case ARG_NO_HOSTNAME
:
810 arg_no_hostname
= true;
817 case ARG_LIST_CATALOG
:
818 arg_action
= ACTION_LIST_CATALOG
;
821 case ARG_DUMP_CATALOG
:
822 arg_action
= ACTION_DUMP_CATALOG
;
825 case ARG_UPDATE_CATALOG
:
826 arg_action
= ACTION_UPDATE_CATALOG
;
838 arg_action
= ACTION_FLUSH
;
842 arg_action
= ACTION_ROTATE
;
846 arg_action
= ACTION_SYNC
;
849 case ARG_OUTPUT_FIELDS
: {
850 _cleanup_strv_free_
char **v
= NULL
;
852 v
= strv_split(optarg
, ",");
856 if (!arg_output_fields
) {
857 arg_output_fields
= v
;
860 r
= strv_extend_strv(&arg_output_fields
, v
, true);
871 assert_not_reached("Unhandled option");
874 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
877 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
878 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
882 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
883 log_error("--since= must be before --until=.");
887 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
888 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
892 if (arg_follow
&& arg_reverse
) {
893 log_error("Please specify either --reverse= or --follow=, not both.");
897 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
898 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
902 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
903 log_error("Using --boot or --list-boots with --merge is not supported.");
907 if (!strv_isempty(arg_system_units
) && (arg_journal_type
== SD_JOURNAL_CURRENT_USER
)) {
909 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
910 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
911 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
912 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
916 arg_system_units
= strv_free(arg_system_units
);
922 static int generate_new_id128(void) {
927 r
= sd_id128_randomize(&id
);
929 return log_error_errno(r
, "Failed to generate ID: %m");
931 printf("As string:\n"
932 SD_ID128_FORMAT_STR
"\n\n"
934 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
935 "As man:sd-id128(3) macro:\n"
936 "#define MESSAGE_XYZ SD_ID128_MAKE(",
937 SD_ID128_FORMAT_VAL(id
),
938 SD_ID128_FORMAT_VAL(id
));
939 for (i
= 0; i
< 16; i
++)
940 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
941 fputs(")\n\n", stdout
);
943 printf("As Python constant:\n"
945 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
946 SD_ID128_FORMAT_VAL(id
));
951 static int add_matches(sd_journal
*j
, char **args
) {
953 bool have_term
= false;
957 STRV_FOREACH(i
, args
) {
960 if (streq(*i
, "+")) {
963 r
= sd_journal_add_disjunction(j
);
966 } else if (path_is_absolute(*i
)) {
967 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
970 r
= chase_symlinks(*i
, NULL
, 0, &p
);
972 return log_error_errno(r
, "Couldn't canonicalize path: %m");
974 if (lstat(p
, &st
) < 0)
975 return log_error_errno(errno
, "Couldn't stat file: %m");
977 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
978 if (executable_is_script(p
, &interpreter
) > 0) {
979 _cleanup_free_
char *comm
;
981 comm
= strndup(basename(p
), 15);
985 t
= strappend("_COMM=", comm
);
989 /* Append _EXE only if the interpreter is not a link.
990 Otherwise, it might be outdated often. */
991 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
992 t2
= strappend("_EXE=", interpreter
);
997 t
= strappend("_EXE=", p
);
1002 r
= sd_journal_add_match(j
, t
, 0);
1005 r
= sd_journal_add_match(j
, t2
, 0);
1007 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1008 r
= add_matches_for_device(j
, p
);
1012 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
1018 r
= sd_journal_add_match(j
, *i
, 0);
1023 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1026 if (!strv_isempty(args
) && !have_term
) {
1027 log_error("\"+\" can only be used between terms");
1034 static void boot_id_free_all(BootId
*l
) {
1038 LIST_REMOVE(boot_list
, l
, i
);
1043 static int discover_next_boot(sd_journal
*j
,
1044 sd_id128_t previous_boot_id
,
1048 _cleanup_free_ BootId
*next_boot
= NULL
;
1049 char match
[9+32+1] = "_BOOT_ID=";
1056 /* We expect the journal to be on the last position of a boot
1057 * (in relation to the direction we are going), so that the next
1058 * invocation of sd_journal_next/previous will be from a different
1059 * boot. We then collect any information we desire and then jump
1060 * to the last location of the new boot by using a _BOOT_ID match
1061 * coming from the other journal direction. */
1063 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1064 * we can actually advance to a *different* boot. */
1065 sd_journal_flush_matches(j
);
1069 r
= sd_journal_previous(j
);
1071 r
= sd_journal_next(j
);
1075 return 0; /* End of journal, yay. */
1077 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1081 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1082 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1083 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1084 * complete than the main entry array, and hence might reference an entry that's not actually the last
1085 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1086 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1089 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1091 next_boot
= new0(BootId
, 1);
1095 next_boot
->id
= boot_id
;
1097 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1101 /* Now seek to the last occurrence of this boot ID. */
1102 sd_id128_to_string(next_boot
->id
, match
+ 9);
1103 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1108 r
= sd_journal_seek_head(j
);
1110 r
= sd_journal_seek_tail(j
);
1115 r
= sd_journal_next(j
);
1117 r
= sd_journal_previous(j
);
1121 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1122 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1125 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1135 static int get_boots(
1138 sd_id128_t
*boot_id
,
1143 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1144 const bool advance_older
= boot_id
&& offset
<= 0;
1145 sd_id128_t previous_boot_id
;
1149 /* Adjust for the asymmetry that offset 0 is
1150 * the last (and current) boot, while 1 is considered the
1151 * (chronological) first boot in the journal. */
1152 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1154 /* Advance to the earliest/latest occurrence of our reference
1155 * boot ID (taking our lookup direction into account), so that
1156 * discover_next_boot() can do its job.
1157 * If no reference is given, the journal head/tail will do,
1158 * they're "virtual" boots after all. */
1159 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1160 char match
[9+32+1] = "_BOOT_ID=";
1162 sd_journal_flush_matches(j
);
1164 sd_id128_to_string(*boot_id
, match
+ 9);
1165 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1170 r
= sd_journal_seek_head(j
); /* seek to oldest */
1172 r
= sd_journal_seek_tail(j
); /* seek to newest */
1177 r
= sd_journal_next(j
); /* read the oldest entry */
1179 r
= sd_journal_previous(j
); /* read the most recently added entry */
1184 else if (offset
== 0) {
1189 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1190 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1191 * the following entry, which must then have an older/newer boot ID */
1195 r
= sd_journal_seek_tail(j
); /* seek to newest */
1197 r
= sd_journal_seek_head(j
); /* seek to oldest */
1201 /* No sd_journal_next()/_previous() here.
1203 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1204 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1208 previous_boot_id
= SD_ID128_NULL
;
1210 _cleanup_free_ BootId
*current
= NULL
;
1212 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1214 boot_id_free_all(head
);
1221 previous_boot_id
= current
->id
;
1225 offset
+= advance_older
? 1 : -1;
1230 *boot_id
= current
->id
;
1234 LIST_FOREACH(boot_list
, id
, head
) {
1235 if (sd_id128_equal(id
->id
, current
->id
)) {
1236 /* boot id already stored, something wrong with the journal files */
1237 /* exiting as otherwise this problem would cause forever loop */
1241 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1252 sd_journal_flush_matches(j
);
1257 static int list_boots(sd_journal
*j
) {
1259 BootId
*id
, *all_ids
;
1263 count
= get_boots(j
, &all_ids
, NULL
, 0);
1265 return log_error_errno(count
, "Failed to determine boots: %m");
1269 pager_open(arg_no_pager
, arg_pager_end
);
1271 /* numbers are one less, but we need an extra char for the sign */
1272 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1275 LIST_FOREACH(boot_list
, id
, all_ids
) {
1276 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1278 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1280 SD_ID128_FORMAT_VAL(id
->id
),
1281 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1282 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1286 boot_id_free_all(all_ids
);
1291 static int add_boot(sd_journal
*j
) {
1292 char match
[9+32+1] = "_BOOT_ID=";
1301 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1302 * We can do this only when we logs are coming from the current machine,
1303 * so take the slow path if log location is specified. */
1304 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1305 !arg_directory
&& !arg_file
&& !arg_root
)
1307 return add_match_this_boot(j
, arg_machine
);
1309 boot_id
= arg_boot_id
;
1310 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1313 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1315 if (sd_id128_is_null(arg_boot_id
))
1316 log_error("Data from the specified boot (%+i) is not available: %s",
1317 arg_boot_offset
, reason
);
1319 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1320 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1322 return r
== 0 ? -ENODATA
: r
;
1325 sd_id128_to_string(boot_id
, match
+ 9);
1327 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1329 return log_error_errno(r
, "Failed to add match: %m");
1331 r
= sd_journal_add_conjunction(j
);
1333 return log_error_errno(r
, "Failed to add conjunction: %m");
1338 static int add_dmesg(sd_journal
*j
) {
1345 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1347 return log_error_errno(r
, "Failed to add match: %m");
1349 r
= sd_journal_add_conjunction(j
);
1351 return log_error_errno(r
, "Failed to add conjunction: %m");
1356 static int get_possible_units(
1362 _cleanup_set_free_free_ Set
*found
;
1366 found
= set_new(&string_hash_ops
);
1370 NULSTR_FOREACH(field
, fields
) {
1374 r
= sd_journal_query_unique(j
, field
);
1378 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1379 char **pattern
, *eq
;
1381 _cleanup_free_
char *u
= NULL
;
1383 eq
= memchr(data
, '=', size
);
1385 prefix
= eq
- (char*) data
+ 1;
1389 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1393 STRV_FOREACH(pattern
, patterns
)
1394 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1395 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1397 r
= set_consume(found
, u
);
1399 if (r
< 0 && r
!= -EEXIST
)
1412 /* This list is supposed to return the superset of unit names
1413 * possibly matched by rules added with add_matches_for_unit... */
1414 #define SYSTEM_UNITS \
1418 "OBJECT_SYSTEMD_UNIT\0" \
1421 /* ... and add_matches_for_user_unit */
1422 #define USER_UNITS \
1423 "_SYSTEMD_USER_UNIT\0" \
1425 "COREDUMP_USER_UNIT\0" \
1426 "OBJECT_SYSTEMD_USER_UNIT\0"
1428 static int add_units(sd_journal
*j
) {
1429 _cleanup_strv_free_
char **patterns
= NULL
;
1435 STRV_FOREACH(i
, arg_system_units
) {
1436 _cleanup_free_
char *u
= NULL
;
1438 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1442 if (string_is_glob(u
)) {
1443 r
= strv_push(&patterns
, u
);
1448 r
= add_matches_for_unit(j
, u
);
1451 r
= sd_journal_add_disjunction(j
);
1458 if (!strv_isempty(patterns
)) {
1459 _cleanup_set_free_free_ Set
*units
= NULL
;
1463 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1467 SET_FOREACH(u
, units
, it
) {
1468 r
= add_matches_for_unit(j
, u
);
1471 r
= sd_journal_add_disjunction(j
);
1478 patterns
= strv_free(patterns
);
1480 STRV_FOREACH(i
, arg_user_units
) {
1481 _cleanup_free_
char *u
= NULL
;
1483 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1487 if (string_is_glob(u
)) {
1488 r
= strv_push(&patterns
, u
);
1493 r
= add_matches_for_user_unit(j
, u
, getuid());
1496 r
= sd_journal_add_disjunction(j
);
1503 if (!strv_isempty(patterns
)) {
1504 _cleanup_set_free_free_ Set
*units
= NULL
;
1508 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1512 SET_FOREACH(u
, units
, it
) {
1513 r
= add_matches_for_user_unit(j
, u
, getuid());
1516 r
= sd_journal_add_disjunction(j
);
1523 /* Complain if the user request matches but nothing whatsoever was
1524 * found, since otherwise everything would be matched. */
1525 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1528 r
= sd_journal_add_conjunction(j
);
1535 static int add_priorities(sd_journal
*j
) {
1536 char match
[] = "PRIORITY=0";
1540 if (arg_priorities
== 0xFF)
1543 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1544 if (arg_priorities
& (1 << i
)) {
1545 match
[sizeof(match
)-2] = '0' + i
;
1547 r
= sd_journal_add_match(j
, match
, strlen(match
));
1549 return log_error_errno(r
, "Failed to add match: %m");
1552 r
= sd_journal_add_conjunction(j
);
1554 return log_error_errno(r
, "Failed to add conjunction: %m");
1560 static int add_syslog_identifier(sd_journal
*j
) {
1566 STRV_FOREACH(i
, arg_syslog_identifier
) {
1569 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1570 r
= sd_journal_add_match(j
, u
, 0);
1573 r
= sd_journal_add_disjunction(j
);
1578 r
= sd_journal_add_conjunction(j
);
1585 static int setup_keys(void) {
1587 size_t mpk_size
, seed_size
, state_size
, i
;
1588 uint8_t *mpk
, *seed
, *state
;
1590 sd_id128_t machine
, boot
;
1591 char *p
= NULL
, *k
= NULL
;
1596 r
= stat("/var/log/journal", &st
);
1597 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1598 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1600 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1601 log_error("%s is not a directory, must be using persistent logging for FSS.",
1602 "/var/log/journal");
1603 return r
< 0 ? -errno
: -ENOTDIR
;
1606 r
= sd_id128_get_machine(&machine
);
1608 return log_error_errno(r
, "Failed to get machine ID: %m");
1610 r
= sd_id128_get_boot(&boot
);
1612 return log_error_errno(r
, "Failed to get boot ID: %m");
1614 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1615 SD_ID128_FORMAT_VAL(machine
)) < 0)
1620 if (r
< 0 && errno
!= ENOENT
) {
1621 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1624 } else if (access(p
, F_OK
) >= 0) {
1625 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1630 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1631 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1636 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1637 mpk
= alloca(mpk_size
);
1639 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1640 seed
= alloca(seed_size
);
1642 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1643 state
= alloca(state_size
);
1645 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1647 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1651 log_info("Generating seed...");
1652 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1654 log_error_errno(r
, "Failed to read random seed: %m");
1658 log_info("Generating key pair...");
1659 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1661 log_info("Generating sealing key...");
1662 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1664 assert(arg_interval
> 0);
1666 n
= now(CLOCK_REALTIME
);
1670 fd
= mkostemp_safe(k
);
1672 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1676 /* Enable secure remove, exclusion from dump, synchronous
1677 * writing and in-place updating */
1678 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1680 log_warning_errno(r
, "Failed to set file attributes: %m");
1683 memcpy(h
.signature
, "KSHHRHLP", 8);
1684 h
.machine_id
= machine
;
1686 h
.header_size
= htole64(sizeof(h
));
1687 h
.start_usec
= htole64(n
* arg_interval
);
1688 h
.interval_usec
= htole64(arg_interval
);
1689 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1690 h
.fsprg_state_size
= htole64(state_size
);
1692 r
= loop_write(fd
, &h
, sizeof(h
), false);
1694 log_error_errno(r
, "Failed to write header: %m");
1698 r
= loop_write(fd
, state
, state_size
, false);
1700 log_error_errno(r
, "Failed to write state: %m");
1704 if (link(k
, p
) < 0) {
1705 r
= log_error_errno(errno
, "Failed to link file: %m");
1712 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1713 "the following local file. This key file is automatically updated when the\n"
1714 "sealing key is advanced. It should not be used on multiple hosts.\n"
1718 "Please write down the following %ssecret verification key%s. It should be stored\n"
1719 "at a safe location and should not be saved locally on disk.\n"
1721 ansi_highlight(), ansi_normal(),
1723 ansi_highlight(), ansi_normal(),
1724 ansi_highlight_red());
1727 for (i
= 0; i
< seed_size
; i
++) {
1728 if (i
> 0 && i
% 3 == 0)
1730 printf("%02x", ((uint8_t*) seed
)[i
]);
1733 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1736 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1740 "The sealing key is automatically changed every %s.\n",
1742 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1744 hn
= gethostname_malloc();
1747 hostname_cleanup(hn
);
1748 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1750 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1753 /* If this is not an UTF-8 system don't print any QR codes */
1754 if (is_locale_utf8()) {
1755 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1756 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1776 log_error("Forward-secure sealing not available.");
1781 static int verify(sd_journal
*j
) {
1788 log_show_color(true);
1790 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1792 usec_t first
= 0, validated
= 0, last
= 0;
1795 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1796 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1799 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1801 /* If the key was invalid give up right-away. */
1804 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1807 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1808 log_info("PASS: %s", f
->path
);
1810 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1811 if (validated
> 0) {
1812 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1813 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1814 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1815 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1816 } else if (last
> 0)
1817 log_info("=> No sealing yet, %s of entries not sealed.",
1818 format_timespan(c
, sizeof(c
), last
- first
, 0));
1820 log_info("=> No sealing yet, no entries in file.");
1828 static int flush_to_var(void) {
1829 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1830 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1831 _cleanup_close_
int watch_fd
= -1;
1835 log_error("--flush is not supported in conjunction with --machine=.");
1840 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1843 /* OK, let's actually do the full logic, send SIGUSR1 to the
1844 * daemon and set up inotify to wait for the flushed file to appear */
1845 r
= bus_connect_system_systemd(&bus
);
1847 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1849 r
= sd_bus_call_method(
1851 "org.freedesktop.systemd1",
1852 "/org/freedesktop/systemd1",
1853 "org.freedesktop.systemd1.Manager",
1857 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1859 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1861 mkdir_p("/run/systemd/journal", 0755);
1863 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1865 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1867 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1869 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1872 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1875 if (errno
!= ENOENT
)
1876 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1878 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1880 return log_error_errno(r
, "Failed to wait for event: %m");
1882 r
= flush_fd(watch_fd
);
1884 return log_error_errno(r
, "Failed to flush inotify events: %m");
1890 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1891 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1892 _cleanup_close_
int watch_fd
= -1;
1897 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1901 start
= now(CLOCK_MONOTONIC
);
1903 /* This call sends the specified signal to journald, and waits
1904 * for acknowledgment by watching the mtime of the specified
1905 * flag file. This is used to trigger syncing or rotation and
1906 * then wait for the operation to complete. */
1911 /* See if a sync happened by now. */
1912 r
= read_timestamp_file(watch_path
, &tstamp
);
1913 if (r
< 0 && r
!= -ENOENT
)
1914 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
1915 if (r
>= 0 && tstamp
>= start
)
1918 /* Let's ask for a sync, but only once. */
1920 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1922 r
= bus_connect_system_systemd(&bus
);
1924 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1926 r
= sd_bus_call_method(
1928 "org.freedesktop.systemd1",
1929 "/org/freedesktop/systemd1",
1930 "org.freedesktop.systemd1.Manager",
1934 "ssi", "systemd-journald.service", "main", sig
);
1936 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1941 /* Let's install the inotify watch, if we didn't do that yet. */
1944 mkdir_p("/run/systemd/journal", 0755);
1946 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1948 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1950 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1952 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1954 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
1958 /* OK, all preparatory steps done, let's wait until
1959 * inotify reports an event. */
1961 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1963 return log_error_errno(r
, "Failed to wait for event: %m");
1965 r
= flush_fd(watch_fd
);
1967 return log_error_errno(r
, "Failed to flush inotify events: %m");
1973 static int rotate(void) {
1974 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
1977 static int sync_journal(void) {
1978 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
1981 int main(int argc
, char *argv
[]) {
1983 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
1984 bool need_seek
= false;
1985 sd_id128_t previous_boot_id
;
1986 bool previous_boot_id_valid
= false, first_line
= true;
1988 bool ellipsized
= false;
1990 setlocale(LC_ALL
, "");
1991 log_parse_environment();
1994 r
= parse_argv(argc
, argv
);
1998 signal(SIGWINCH
, columns_lines_cache_reset
);
2001 /* Increase max number of open files to 16K if we can, we
2002 * might needs this when browsing journal files, which might
2003 * be split up into many files. */
2004 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2006 switch (arg_action
) {
2008 case ACTION_NEW_ID128
:
2009 r
= generate_new_id128();
2012 case ACTION_SETUP_KEYS
:
2016 case ACTION_LIST_CATALOG
:
2017 case ACTION_DUMP_CATALOG
:
2018 case ACTION_UPDATE_CATALOG
: {
2019 _cleanup_free_
char *database
;
2021 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2027 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2028 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2030 log_error_errno(r
, "Failed to list catalog: %m");
2032 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2034 pager_open(arg_no_pager
, arg_pager_end
);
2037 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2039 r
= catalog_list(stdout
, database
, oneline
);
2041 log_error_errno(r
, "Failed to list catalog: %m");
2060 case ACTION_PRINT_HEADER
:
2062 case ACTION_DISK_USAGE
:
2063 case ACTION_LIST_BOOTS
:
2065 case ACTION_LIST_FIELDS
:
2066 case ACTION_LIST_FIELD_NAMES
:
2067 /* These ones require access to the journal files, continue below. */
2071 assert_not_reached("Unknown action");
2075 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2077 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2078 else if (arg_file_stdin
) {
2079 int ifd
= STDIN_FILENO
;
2080 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2081 } else if (arg_file
)
2082 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2083 else if (arg_machine
) {
2084 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2085 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2086 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2089 if (geteuid() != 0) {
2090 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2091 * the container, thus we need root privileges to override them. */
2092 log_error("Using the --machine= switch requires root privileges.");
2097 r
= sd_bus_open_system(&bus
);
2099 log_error_errno(r
, "Failed to open system bus: %m");
2103 r
= sd_bus_call_method(
2105 "org.freedesktop.machine1",
2106 "/org/freedesktop/machine1",
2107 "org.freedesktop.machine1.Manager",
2108 "OpenMachineRootDirectory",
2113 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2117 r
= sd_bus_message_read(reply
, "h", &fd
);
2119 bus_log_parse_error(r
);
2123 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2125 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2129 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2133 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2135 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2139 r
= journal_access_check_and_warn(j
, arg_quiet
);
2143 switch (arg_action
) {
2145 case ACTION_NEW_ID128
:
2146 case ACTION_SETUP_KEYS
:
2147 case ACTION_LIST_CATALOG
:
2148 case ACTION_DUMP_CATALOG
:
2149 case ACTION_UPDATE_CATALOG
:
2153 assert_not_reached("Unexpected action.");
2155 case ACTION_PRINT_HEADER
:
2156 journal_print_header(j
);
2164 case ACTION_DISK_USAGE
: {
2166 char sbytes
[FORMAT_BYTES_MAX
];
2168 r
= sd_journal_get_usage(j
, &bytes
);
2172 printf("Archived and active journals take up %s in the file system.\n",
2173 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2177 case ACTION_LIST_BOOTS
:
2181 case ACTION_VACUUM
: {
2185 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2191 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2193 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2201 case ACTION_LIST_FIELD_NAMES
: {
2204 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2205 printf("%s\n", field
);
2214 case ACTION_LIST_FIELDS
:
2218 assert_not_reached("Unknown action");
2221 if (arg_boot_offset
!= 0 &&
2222 sd_journal_has_runtime_files(j
) > 0 &&
2223 sd_journal_has_persistent_files(j
) == 0) {
2224 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2228 /* add_boot() must be called first!
2229 * It may need to seek the journal to find parent boot IDs. */
2240 log_error_errno(r
, "Failed to add filter for units: %m");
2244 r
= add_syslog_identifier(j
);
2246 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2250 r
= add_priorities(j
);
2254 r
= add_matches(j
, argv
+ optind
);
2258 if (_unlikely_(log_get_max_level() >= LOG_DEBUG
)) {
2259 _cleanup_free_
char *filter
;
2261 filter
= journal_make_match_string(j
);
2265 log_debug("Journal filter: %s", filter
);
2268 if (arg_action
== ACTION_LIST_FIELDS
) {
2274 r
= sd_journal_set_data_threshold(j
, 0);
2276 log_error_errno(r
, "Failed to unset data size threshold: %m");
2280 r
= sd_journal_query_unique(j
, arg_field
);
2282 log_error_errno(r
, "Failed to query unique data objects: %m");
2286 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2289 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2292 eq
= memchr(data
, '=', size
);
2294 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2296 printf("%.*s\n", (int) size
, (const char*) data
);
2305 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2307 r
= sd_journal_get_fd(j
);
2308 if (r
== -EMEDIUMTYPE
) {
2309 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2313 log_error_errno(r
, "Failed to get journal fd: %m");
2318 if (arg_cursor
|| arg_after_cursor
) {
2319 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2321 log_error_errno(r
, "Failed to seek to cursor: %m");
2326 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2328 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2330 if (arg_after_cursor
&& r
< 2) {
2331 /* We couldn't find the next entry after the cursor. */
2338 } else if (arg_since_set
&& !arg_reverse
) {
2339 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2341 log_error_errno(r
, "Failed to seek to date: %m");
2344 r
= sd_journal_next(j
);
2346 } else if (arg_until_set
&& arg_reverse
) {
2347 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2349 log_error_errno(r
, "Failed to seek to date: %m");
2352 r
= sd_journal_previous(j
);
2354 } else if (arg_lines
>= 0) {
2355 r
= sd_journal_seek_tail(j
);
2357 log_error_errno(r
, "Failed to seek to tail: %m");
2361 r
= sd_journal_previous_skip(j
, arg_lines
);
2363 } else if (arg_reverse
) {
2364 r
= sd_journal_seek_tail(j
);
2366 log_error_errno(r
, "Failed to seek to tail: %m");
2370 r
= sd_journal_previous(j
);
2373 r
= sd_journal_seek_head(j
);
2375 log_error_errno(r
, "Failed to seek to head: %m");
2379 r
= sd_journal_next(j
);
2383 log_error_errno(r
, "Failed to iterate through journal: %m");
2390 pager_open(arg_no_pager
, arg_pager_end
);
2392 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2394 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2396 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2398 log_error_errno(r
, "Failed to get cutoff: %m");
2404 printf("-- Logs begin at %s. --\n",
2405 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2407 printf("-- Logs begin at %s, end at %s. --\n",
2408 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2409 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2414 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2419 r
= sd_journal_next(j
);
2421 r
= sd_journal_previous(j
);
2423 log_error_errno(r
, "Failed to iterate through journal: %m");
2430 if (arg_until_set
&& !arg_reverse
) {
2433 r
= sd_journal_get_realtime_usec(j
, &usec
);
2435 log_error_errno(r
, "Failed to determine timestamp: %m");
2438 if (usec
> arg_until
)
2442 if (arg_since_set
&& arg_reverse
) {
2445 r
= sd_journal_get_realtime_usec(j
, &usec
);
2447 log_error_errno(r
, "Failed to determine timestamp: %m");
2450 if (usec
< arg_since
)
2454 if (!arg_merge
&& !arg_quiet
) {
2457 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2459 if (previous_boot_id_valid
&&
2460 !sd_id128_equal(boot_id
, previous_boot_id
))
2461 printf("%s-- Reboot --%s\n",
2462 ansi_highlight(), ansi_normal());
2464 previous_boot_id
= boot_id
;
2465 previous_boot_id_valid
= true;
2470 arg_all
* OUTPUT_SHOW_ALL
|
2471 arg_full
* OUTPUT_FULL_WIDTH
|
2472 colors_enabled() * OUTPUT_COLOR
|
2473 arg_catalog
* OUTPUT_CATALOG
|
2474 arg_utc
* OUTPUT_UTC
|
2475 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2477 r
= output_journal(stdout
, j
, arg_output
, 0, flags
, arg_output_fields
, &ellipsized
);
2479 if (r
== -EADDRNOTAVAIL
)
2481 else if (r
< 0 || ferror(stdout
))
2488 if (n_shown
== 0 && !arg_quiet
)
2489 printf("-- No entries --\n");
2491 if (arg_show_cursor
) {
2492 _cleanup_free_
char *cursor
= NULL
;
2494 r
= sd_journal_get_cursor(j
, &cursor
);
2495 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2496 log_error_errno(r
, "Failed to get cursor: %m");
2498 printf("-- cursor: %s\n", cursor
);
2505 r
= sd_journal_wait(j
, (uint64_t) -1);
2507 log_error_errno(r
, "Couldn't wait for journal event: %m");
2518 strv_free(arg_file
);
2520 strv_free(arg_syslog_identifier
);
2521 strv_free(arg_system_units
);
2522 strv_free(arg_user_units
);
2523 strv_free(arg_output_fields
);
2526 free(arg_verify_key
);
2528 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;