2 This file is part of systemd.
4 Copyright 2011 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
32 #include <sys/inotify.h>
37 #include "sd-journal.h"
40 #include "alloc-util.h"
41 #include "bus-error.h"
44 #include "chattr-util.h"
49 #include "glob-util.h"
50 #include "hostname-util.h"
52 #include "journal-def.h"
53 #include "journal-internal.h"
54 #include "journal-qrcode.h"
55 #include "journal-util.h"
56 #include "journal-vacuum.h"
57 #include "journal-verify.h"
58 #include "locale-util.h"
60 #include "logs-show.h"
63 #include "parse-util.h"
64 #include "path-util.h"
65 #include "rlimit-util.h"
69 #include "syslog-util.h"
70 #include "terminal-util.h"
72 #include "udev-util.h"
73 #include "unit-name.h"
74 #include "user-util.h"
76 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
79 /* Special values for arg_lines */
80 ARG_LINES_DEFAULT
= -2,
84 static OutputMode arg_output
= OUTPUT_SHORT
;
85 static bool arg_utc
= false;
86 static bool arg_pager_end
= false;
87 static bool arg_follow
= false;
88 static bool arg_full
= true;
89 static bool arg_all
= false;
90 static bool arg_no_pager
= false;
91 static int arg_lines
= ARG_LINES_DEFAULT
;
92 static bool arg_no_tail
= false;
93 static bool arg_quiet
= false;
94 static bool arg_merge
= false;
95 static bool arg_boot
= false;
96 static sd_id128_t arg_boot_id
= {};
97 static int arg_boot_offset
= 0;
98 static bool arg_dmesg
= false;
99 static bool arg_no_hostname
= false;
100 static const char *arg_cursor
= NULL
;
101 static const char *arg_after_cursor
= NULL
;
102 static bool arg_show_cursor
= false;
103 static const char *arg_directory
= NULL
;
104 static char **arg_file
= NULL
;
105 static bool arg_file_stdin
= false;
106 static int arg_priorities
= 0xFF;
107 static char *arg_verify_key
= NULL
;
109 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
110 static bool arg_force
= false;
112 static usec_t arg_since
, arg_until
;
113 static bool arg_since_set
= false, arg_until_set
= false;
114 static char **arg_syslog_identifier
= NULL
;
115 static char **arg_system_units
= NULL
;
116 static char **arg_user_units
= NULL
;
117 static const char *arg_field
= NULL
;
118 static bool arg_catalog
= false;
119 static bool arg_reverse
= false;
120 static int arg_journal_type
= 0;
121 static char *arg_root
= NULL
;
122 static const char *arg_machine
= NULL
;
123 static uint64_t arg_vacuum_size
= 0;
124 static uint64_t arg_vacuum_n_files
= 0;
125 static usec_t arg_vacuum_time
= 0;
136 ACTION_UPDATE_CATALOG
,
143 ACTION_LIST_FIELD_NAMES
,
144 } arg_action
= ACTION_SHOW
;
146 typedef struct BootId
{
150 LIST_FIELDS(struct BootId
, boot_list
);
153 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
155 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
156 _cleanup_udev_device_unref_
struct udev_device
*device
= NULL
;
157 struct udev_device
*d
= NULL
;
163 if (!path_startswith(devpath
, "/dev/")) {
164 log_error("Devpath does not start with /dev/");
172 r
= stat(devpath
, &st
);
174 log_error_errno(errno
, "Couldn't stat file: %m");
176 d
= device
= udev_device_new_from_devnum(udev
, S_ISBLK(st
.st_mode
) ? 'b' : 'c', st
.st_rdev
);
178 return log_error_errno(errno
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
181 _cleanup_free_
char *match
= NULL
;
182 const char *subsys
, *sysname
, *devnode
;
184 subsys
= udev_device_get_subsystem(d
);
186 d
= udev_device_get_parent(d
);
190 sysname
= udev_device_get_sysname(d
);
192 d
= udev_device_get_parent(d
);
196 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
200 r
= sd_journal_add_match(j
, match
, 0);
202 return log_error_errno(r
, "Failed to add match: %m");
204 devnode
= udev_device_get_devnode(d
);
206 _cleanup_free_
char *match1
= NULL
;
208 r
= stat(devnode
, &st
);
210 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
212 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
216 r
= sd_journal_add_match(j
, match1
, 0);
218 return log_error_errno(r
, "Failed to add match: %m");
221 d
= udev_device_get_parent(d
);
224 r
= add_match_this_boot(j
, arg_machine
);
226 return log_error_errno(r
, "Failed to add match for the current boot: %m");
231 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
234 return format_timestamp_utc(buf
, l
, t
);
236 return format_timestamp(buf
, l
, t
);
239 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
240 sd_id128_t id
= SD_ID128_NULL
;
243 if (strlen(x
) >= 32) {
247 r
= sd_id128_from_string(t
, &id
);
251 if (!IN_SET(*x
, 0, '-', '+'))
255 r
= safe_atoi(x
, &off
);
260 r
= safe_atoi(x
, &off
);
274 static void help(void) {
276 pager_open(arg_no_pager
, arg_pager_end
);
278 printf("%s [OPTIONS...] [MATCHES...]\n\n"
279 "Query the journal.\n\n"
281 " --system Show the system journal\n"
282 " --user Show the user journal for the current user\n"
283 " -M --machine=CONTAINER Operate on local container\n"
284 " -S --since=DATE Show entries not older than the specified date\n"
285 " -U --until=DATE Show entries not newer than the specified date\n"
286 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
287 " --after-cursor=CURSOR Show entries after the specified cursor\n"
288 " --show-cursor Print the cursor after all the entries\n"
289 " -b --boot[=ID] Show current boot or the specified boot\n"
290 " --list-boots Show terse information about recorded boots\n"
291 " -k --dmesg Show kernel message log from the current boot\n"
292 " -u --unit=UNIT Show logs from the specified unit\n"
293 " --user-unit=UNIT Show logs from the specified user unit\n"
294 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
295 " -p --priority=RANGE Show entries with the specified priority\n"
296 " -e --pager-end Immediately jump to the end in the pager\n"
297 " -f --follow Follow the journal\n"
298 " -n --lines[=INTEGER] Number of journal entries to show\n"
299 " --no-tail Show all lines, even in follow mode\n"
300 " -r --reverse Show the newest entries first\n"
301 " -o --output=STRING Change journal output mode (short, short-precise,\n"
302 " short-iso, short-iso-precise, short-full,\n"
303 " short-monotonic, short-unix, verbose, export,\n"
304 " json, json-pretty, json-sse, cat)\n"
305 " --utc Express time in Coordinated Universal Time (UTC)\n"
306 " -x --catalog Add message explanations where available\n"
307 " --no-full Ellipsize fields\n"
308 " -a --all Show all fields, including long and unprintable\n"
309 " -q --quiet Do not show info messages and privilege warning\n"
310 " --no-pager Do not pipe output into a pager\n"
311 " --no-hostname Suppress output of hostname field\n"
312 " -m --merge Show entries from all available journals\n"
313 " -D --directory=PATH Show journal files from directory\n"
314 " --file=PATH Show journal file\n"
315 " --root=ROOT Operate on files below a root directory\n"
317 " --interval=TIME Time interval for changing the FSS sealing key\n"
318 " --verify-key=KEY Specify FSS verification key\n"
319 " --force Override of the FSS key pair with --setup-keys\n"
322 " -h --help Show this help text\n"
323 " --version Show package version\n"
324 " -N --fields List all field names currently used\n"
325 " -F --field=FIELD List all values that a specified field takes\n"
326 " --disk-usage Show total disk usage of all journal files\n"
327 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
328 " --vacuum-files=INT Leave only the specified number of journal files\n"
329 " --vacuum-time=TIME Remove journal files older than specified time\n"
330 " --verify Verify journal file consistency\n"
331 " --sync Synchronize unwritten journal messages to disk\n"
332 " --flush Flush all journal data from /run into /var\n"
333 " --rotate Request immediate rotation of the journal files\n"
334 " --header Show journal header information\n"
335 " --list-catalog Show all message IDs in the catalog\n"
336 " --dump-catalog Show entries in the message catalog\n"
337 " --update-catalog Update the message catalog database\n"
338 " --new-id128 Generate a new 128-bit ID\n"
340 " --setup-keys Generate a new FSS key pair\n"
342 , program_invocation_short_name
);
345 static int parse_argv(int argc
, char *argv
[]) {
382 static const struct option options
[] = {
383 { "help", no_argument
, NULL
, 'h' },
384 { "version" , no_argument
, NULL
, ARG_VERSION
},
385 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
386 { "pager-end", no_argument
, NULL
, 'e' },
387 { "follow", no_argument
, NULL
, 'f' },
388 { "force", no_argument
, NULL
, ARG_FORCE
},
389 { "output", required_argument
, NULL
, 'o' },
390 { "all", no_argument
, NULL
, 'a' },
391 { "full", no_argument
, NULL
, 'l' },
392 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
393 { "lines", optional_argument
, NULL
, 'n' },
394 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
395 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
396 { "quiet", no_argument
, NULL
, 'q' },
397 { "merge", no_argument
, NULL
, 'm' },
398 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
399 { "boot", optional_argument
, NULL
, 'b' },
400 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
401 { "dmesg", no_argument
, NULL
, 'k' },
402 { "system", no_argument
, NULL
, ARG_SYSTEM
},
403 { "user", no_argument
, NULL
, ARG_USER
},
404 { "directory", required_argument
, NULL
, 'D' },
405 { "file", required_argument
, NULL
, ARG_FILE
},
406 { "root", required_argument
, NULL
, ARG_ROOT
},
407 { "header", no_argument
, NULL
, ARG_HEADER
},
408 { "identifier", required_argument
, NULL
, 't' },
409 { "priority", required_argument
, NULL
, 'p' },
410 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
411 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
412 { "verify", no_argument
, NULL
, ARG_VERIFY
},
413 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
414 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
415 { "cursor", required_argument
, NULL
, 'c' },
416 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
417 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
418 { "since", required_argument
, NULL
, 'S' },
419 { "until", required_argument
, NULL
, 'U' },
420 { "unit", required_argument
, NULL
, 'u' },
421 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
422 { "field", required_argument
, NULL
, 'F' },
423 { "fields", no_argument
, NULL
, 'N' },
424 { "catalog", no_argument
, NULL
, 'x' },
425 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
426 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
427 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
428 { "reverse", no_argument
, NULL
, 'r' },
429 { "machine", required_argument
, NULL
, 'M' },
430 { "utc", no_argument
, NULL
, ARG_UTC
},
431 { "flush", no_argument
, NULL
, ARG_FLUSH
},
432 { "sync", no_argument
, NULL
, ARG_SYNC
},
433 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
434 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
435 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
436 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
437 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
446 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
462 arg_pager_end
= true;
464 if (arg_lines
== ARG_LINES_DEFAULT
)
474 arg_output
= output_mode_from_string(optarg
);
475 if (arg_output
< 0) {
476 log_error("Unknown output format '%s'.", optarg
);
480 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_CAT
))
499 if (streq(optarg
, "all"))
500 arg_lines
= ARG_LINES_ALL
;
502 r
= safe_atoi(optarg
, &arg_lines
);
503 if (r
< 0 || arg_lines
< 0) {
504 log_error("Failed to parse lines '%s'", optarg
);
511 /* Hmm, no argument? Maybe the next
512 * word on the command line is
513 * supposed to be the argument? Let's
514 * see if there is one, and is
518 if (streq(argv
[optind
], "all")) {
519 arg_lines
= ARG_LINES_ALL
;
521 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
535 arg_action
= ACTION_NEW_ID128
;
554 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
556 log_error("Failed to parse boot descriptor '%s'", optarg
);
561 /* Hmm, no argument? Maybe the next
562 * word on the command line is
563 * supposed to be the argument? Let's
564 * see if there is one and is parsable
565 * as a boot descriptor... */
568 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
575 arg_action
= ACTION_LIST_BOOTS
;
579 arg_boot
= arg_dmesg
= true;
583 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
587 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
591 arg_machine
= optarg
;
595 arg_directory
= optarg
;
599 if (streq(optarg
, "-"))
600 /* An undocumented feature: we can read journal files from STDIN. We don't document
601 * this though, since after all we only support this for mmap-able, seekable files, and
602 * not for example pipes which are probably the primary usecase for reading things from
603 * STDIN. To avoid confusion we hence don't document this feature. */
604 arg_file_stdin
= true;
606 r
= glob_extend(&arg_file
, optarg
);
608 return log_error_errno(r
, "Failed to add paths: %m");
613 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
622 case ARG_AFTER_CURSOR
:
623 arg_after_cursor
= optarg
;
626 case ARG_SHOW_CURSOR
:
627 arg_show_cursor
= true;
631 arg_action
= ACTION_PRINT_HEADER
;
635 arg_action
= ACTION_VERIFY
;
639 arg_action
= ACTION_DISK_USAGE
;
642 case ARG_VACUUM_SIZE
:
643 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
645 log_error("Failed to parse vacuum size: %s", optarg
);
649 arg_action
= ACTION_VACUUM
;
652 case ARG_VACUUM_FILES
:
653 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
655 log_error("Failed to parse vacuum files: %s", optarg
);
659 arg_action
= ACTION_VACUUM
;
662 case ARG_VACUUM_TIME
:
663 r
= parse_sec(optarg
, &arg_vacuum_time
);
665 log_error("Failed to parse vacuum time: %s", optarg
);
669 arg_action
= ACTION_VACUUM
;
678 arg_action
= ACTION_SETUP_KEYS
;
683 arg_action
= ACTION_VERIFY
;
684 r
= free_and_strdup(&arg_verify_key
, optarg
);
687 /* Use memset not string_erase so this doesn't look confusing
688 * in ps or htop output. */
689 memset(optarg
, 'x', strlen(optarg
));
695 r
= parse_sec(optarg
, &arg_interval
);
696 if (r
< 0 || arg_interval
<= 0) {
697 log_error("Failed to parse sealing key change interval: %s", optarg
);
706 log_error("Forward-secure sealing not available.");
713 dots
= strstr(optarg
, "..");
719 a
= strndup(optarg
, dots
- optarg
);
723 from
= log_level_from_string(a
);
724 to
= log_level_from_string(dots
+ 2);
727 if (from
< 0 || to
< 0) {
728 log_error("Failed to parse log level range %s", optarg
);
735 for (i
= from
; i
<= to
; i
++)
736 arg_priorities
|= 1 << i
;
738 for (i
= to
; i
<= from
; i
++)
739 arg_priorities
|= 1 << i
;
745 p
= log_level_from_string(optarg
);
747 log_error("Unknown log level %s", optarg
);
753 for (i
= 0; i
<= p
; i
++)
754 arg_priorities
|= 1 << i
;
761 r
= parse_timestamp(optarg
, &arg_since
);
763 log_error("Failed to parse timestamp: %s", optarg
);
766 arg_since_set
= true;
770 r
= parse_timestamp(optarg
, &arg_until
);
772 log_error("Failed to parse timestamp: %s", optarg
);
775 arg_until_set
= true;
779 r
= strv_extend(&arg_syslog_identifier
, optarg
);
785 r
= strv_extend(&arg_system_units
, optarg
);
791 r
= strv_extend(&arg_user_units
, optarg
);
797 arg_action
= ACTION_LIST_FIELDS
;
802 arg_action
= ACTION_LIST_FIELD_NAMES
;
805 case ARG_NO_HOSTNAME
:
806 arg_no_hostname
= true;
813 case ARG_LIST_CATALOG
:
814 arg_action
= ACTION_LIST_CATALOG
;
817 case ARG_DUMP_CATALOG
:
818 arg_action
= ACTION_DUMP_CATALOG
;
821 case ARG_UPDATE_CATALOG
:
822 arg_action
= ACTION_UPDATE_CATALOG
;
834 arg_action
= ACTION_FLUSH
;
838 arg_action
= ACTION_ROTATE
;
842 arg_action
= ACTION_SYNC
;
849 assert_not_reached("Unhandled option");
852 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
855 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
856 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
860 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
861 log_error("--since= must be before --until=.");
865 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
866 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
870 if (arg_follow
&& arg_reverse
) {
871 log_error("Please specify either --reverse= or --follow=, not both.");
875 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
876 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
880 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
881 log_error("Using --boot or --list-boots with --merge is not supported.");
885 if (!strv_isempty(arg_system_units
) && (arg_journal_type
== SD_JOURNAL_CURRENT_USER
)) {
887 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
888 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
889 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
890 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
894 arg_system_units
= strv_free(arg_system_units
);
900 static int generate_new_id128(void) {
905 r
= sd_id128_randomize(&id
);
907 return log_error_errno(r
, "Failed to generate ID: %m");
909 printf("As string:\n"
910 SD_ID128_FORMAT_STR
"\n\n"
912 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
913 "As man:sd-id128(3) macro:\n"
914 "#define MESSAGE_XYZ SD_ID128_MAKE(",
915 SD_ID128_FORMAT_VAL(id
),
916 SD_ID128_FORMAT_VAL(id
));
917 for (i
= 0; i
< 16; i
++)
918 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
919 fputs(")\n\n", stdout
);
921 printf("As Python constant:\n"
923 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
924 SD_ID128_FORMAT_VAL(id
));
929 static int add_matches(sd_journal
*j
, char **args
) {
931 bool have_term
= false;
935 STRV_FOREACH(i
, args
) {
938 if (streq(*i
, "+")) {
941 r
= sd_journal_add_disjunction(j
);
944 } else if (path_is_absolute(*i
)) {
945 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
948 r
= chase_symlinks(*i
, NULL
, 0, &p
);
950 return log_error_errno(r
, "Couldn't canonicalize path: %m");
952 if (lstat(p
, &st
) < 0)
953 return log_error_errno(errno
, "Couldn't stat file: %m");
955 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
956 if (executable_is_script(p
, &interpreter
) > 0) {
957 _cleanup_free_
char *comm
;
959 comm
= strndup(basename(p
), 15);
963 t
= strappend("_COMM=", comm
);
967 /* Append _EXE only if the interpreter is not a link.
968 Otherwise, it might be outdated often. */
969 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
970 t2
= strappend("_EXE=", interpreter
);
975 t
= strappend("_EXE=", p
);
980 r
= sd_journal_add_match(j
, t
, 0);
983 r
= sd_journal_add_match(j
, t2
, 0);
985 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
986 r
= add_matches_for_device(j
, p
);
990 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
996 r
= sd_journal_add_match(j
, *i
, 0);
1001 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1004 if (!strv_isempty(args
) && !have_term
) {
1005 log_error("\"+\" can only be used between terms");
1012 static void boot_id_free_all(BootId
*l
) {
1016 LIST_REMOVE(boot_list
, l
, i
);
1021 static int discover_next_boot(sd_journal
*j
,
1022 sd_id128_t previous_boot_id
,
1026 _cleanup_free_ BootId
*next_boot
= NULL
;
1027 char match
[9+32+1] = "_BOOT_ID=";
1034 /* We expect the journal to be on the last position of a boot
1035 * (in relation to the direction we are going), so that the next
1036 * invocation of sd_journal_next/previous will be from a different
1037 * boot. We then collect any information we desire and then jump
1038 * to the last location of the new boot by using a _BOOT_ID match
1039 * coming from the other journal direction. */
1041 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1042 * we can actually advance to a *different* boot. */
1043 sd_journal_flush_matches(j
);
1047 r
= sd_journal_previous(j
);
1049 r
= sd_journal_next(j
);
1053 return 0; /* End of journal, yay. */
1055 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1059 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1060 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1061 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1062 * complete than the main entry array, and hence might reference an entry that's not actually the last
1063 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1064 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1067 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1069 next_boot
= new0(BootId
, 1);
1073 next_boot
->id
= boot_id
;
1075 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1079 /* Now seek to the last occurrence of this boot ID. */
1080 sd_id128_to_string(next_boot
->id
, match
+ 9);
1081 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1086 r
= sd_journal_seek_head(j
);
1088 r
= sd_journal_seek_tail(j
);
1093 r
= sd_journal_next(j
);
1095 r
= sd_journal_previous(j
);
1099 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1100 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1103 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1113 static int get_boots(
1116 sd_id128_t
*boot_id
,
1121 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1122 const bool advance_older
= boot_id
&& offset
<= 0;
1123 sd_id128_t previous_boot_id
;
1127 /* Adjust for the asymmetry that offset 0 is
1128 * the last (and current) boot, while 1 is considered the
1129 * (chronological) first boot in the journal. */
1130 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1132 /* Advance to the earliest/latest occurrence of our reference
1133 * boot ID (taking our lookup direction into account), so that
1134 * discover_next_boot() can do its job.
1135 * If no reference is given, the journal head/tail will do,
1136 * they're "virtual" boots after all. */
1137 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1138 char match
[9+32+1] = "_BOOT_ID=";
1140 sd_journal_flush_matches(j
);
1142 sd_id128_to_string(*boot_id
, match
+ 9);
1143 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1148 r
= sd_journal_seek_head(j
); /* seek to oldest */
1150 r
= sd_journal_seek_tail(j
); /* seek to newest */
1155 r
= sd_journal_next(j
); /* read the oldest entry */
1157 r
= sd_journal_previous(j
); /* read the most recently added entry */
1162 else if (offset
== 0) {
1167 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1168 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1169 * the following entry, which must then have an older/newer boot ID */
1173 r
= sd_journal_seek_tail(j
); /* seek to newest */
1175 r
= sd_journal_seek_head(j
); /* seek to oldest */
1179 /* No sd_journal_next()/_previous() here.
1181 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1182 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1186 previous_boot_id
= SD_ID128_NULL
;
1188 _cleanup_free_ BootId
*current
= NULL
;
1190 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1192 boot_id_free_all(head
);
1199 previous_boot_id
= current
->id
;
1203 offset
+= advance_older
? 1 : -1;
1208 *boot_id
= current
->id
;
1212 LIST_FOREACH(boot_list
, id
, head
) {
1213 if (sd_id128_equal(id
->id
, current
->id
)) {
1214 /* boot id already stored, something wrong with the journal files */
1215 /* exiting as otherwise this problem would cause forever loop */
1219 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1230 sd_journal_flush_matches(j
);
1235 static int list_boots(sd_journal
*j
) {
1237 BootId
*id
, *all_ids
;
1241 count
= get_boots(j
, &all_ids
, NULL
, 0);
1243 return log_error_errno(count
, "Failed to determine boots: %m");
1247 pager_open(arg_no_pager
, arg_pager_end
);
1249 /* numbers are one less, but we need an extra char for the sign */
1250 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1253 LIST_FOREACH(boot_list
, id
, all_ids
) {
1254 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1256 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1258 SD_ID128_FORMAT_VAL(id
->id
),
1259 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1260 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1264 boot_id_free_all(all_ids
);
1269 static int add_boot(sd_journal
*j
) {
1270 char match
[9+32+1] = "_BOOT_ID=";
1279 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1280 * We can do this only when we logs are coming from the current machine,
1281 * so take the slow path if log location is specified. */
1282 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1283 !arg_directory
&& !arg_file
&& !arg_root
)
1285 return add_match_this_boot(j
, arg_machine
);
1287 boot_id
= arg_boot_id
;
1288 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1291 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1293 if (sd_id128_is_null(arg_boot_id
))
1294 log_error("Data from the specified boot (%+i) is not available: %s",
1295 arg_boot_offset
, reason
);
1297 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1298 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1300 return r
== 0 ? -ENODATA
: r
;
1303 sd_id128_to_string(boot_id
, match
+ 9);
1305 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1307 return log_error_errno(r
, "Failed to add match: %m");
1309 r
= sd_journal_add_conjunction(j
);
1311 return log_error_errno(r
, "Failed to add conjunction: %m");
1316 static int add_dmesg(sd_journal
*j
) {
1323 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1325 return log_error_errno(r
, "Failed to add match: %m");
1327 r
= sd_journal_add_conjunction(j
);
1329 return log_error_errno(r
, "Failed to add conjunction: %m");
1334 static int get_possible_units(
1340 _cleanup_set_free_free_ Set
*found
;
1344 found
= set_new(&string_hash_ops
);
1348 NULSTR_FOREACH(field
, fields
) {
1352 r
= sd_journal_query_unique(j
, field
);
1356 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1357 char **pattern
, *eq
;
1359 _cleanup_free_
char *u
= NULL
;
1361 eq
= memchr(data
, '=', size
);
1363 prefix
= eq
- (char*) data
+ 1;
1367 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1371 STRV_FOREACH(pattern
, patterns
)
1372 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1373 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1375 r
= set_consume(found
, u
);
1377 if (r
< 0 && r
!= -EEXIST
)
1390 /* This list is supposed to return the superset of unit names
1391 * possibly matched by rules added with add_matches_for_unit... */
1392 #define SYSTEM_UNITS \
1396 "OBJECT_SYSTEMD_UNIT\0" \
1399 /* ... and add_matches_for_user_unit */
1400 #define USER_UNITS \
1401 "_SYSTEMD_USER_UNIT\0" \
1403 "COREDUMP_USER_UNIT\0" \
1404 "OBJECT_SYSTEMD_USER_UNIT\0"
1406 static int add_units(sd_journal
*j
) {
1407 _cleanup_strv_free_
char **patterns
= NULL
;
1413 STRV_FOREACH(i
, arg_system_units
) {
1414 _cleanup_free_
char *u
= NULL
;
1416 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1420 if (string_is_glob(u
)) {
1421 r
= strv_push(&patterns
, u
);
1426 r
= add_matches_for_unit(j
, u
);
1429 r
= sd_journal_add_disjunction(j
);
1436 if (!strv_isempty(patterns
)) {
1437 _cleanup_set_free_free_ Set
*units
= NULL
;
1441 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1445 SET_FOREACH(u
, units
, it
) {
1446 r
= add_matches_for_unit(j
, u
);
1449 r
= sd_journal_add_disjunction(j
);
1456 patterns
= strv_free(patterns
);
1458 STRV_FOREACH(i
, arg_user_units
) {
1459 _cleanup_free_
char *u
= NULL
;
1461 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1465 if (string_is_glob(u
)) {
1466 r
= strv_push(&patterns
, u
);
1471 r
= add_matches_for_user_unit(j
, u
, getuid());
1474 r
= sd_journal_add_disjunction(j
);
1481 if (!strv_isempty(patterns
)) {
1482 _cleanup_set_free_free_ Set
*units
= NULL
;
1486 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1490 SET_FOREACH(u
, units
, it
) {
1491 r
= add_matches_for_user_unit(j
, u
, getuid());
1494 r
= sd_journal_add_disjunction(j
);
1501 /* Complain if the user request matches but nothing whatsoever was
1502 * found, since otherwise everything would be matched. */
1503 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1506 r
= sd_journal_add_conjunction(j
);
1513 static int add_priorities(sd_journal
*j
) {
1514 char match
[] = "PRIORITY=0";
1518 if (arg_priorities
== 0xFF)
1521 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1522 if (arg_priorities
& (1 << i
)) {
1523 match
[sizeof(match
)-2] = '0' + i
;
1525 r
= sd_journal_add_match(j
, match
, strlen(match
));
1527 return log_error_errno(r
, "Failed to add match: %m");
1530 r
= sd_journal_add_conjunction(j
);
1532 return log_error_errno(r
, "Failed to add conjunction: %m");
1538 static int add_syslog_identifier(sd_journal
*j
) {
1544 STRV_FOREACH(i
, arg_syslog_identifier
) {
1547 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1548 r
= sd_journal_add_match(j
, u
, 0);
1551 r
= sd_journal_add_disjunction(j
);
1556 r
= sd_journal_add_conjunction(j
);
1563 static int setup_keys(void) {
1565 size_t mpk_size
, seed_size
, state_size
, i
;
1566 uint8_t *mpk
, *seed
, *state
;
1568 sd_id128_t machine
, boot
;
1569 char *p
= NULL
, *k
= NULL
;
1574 r
= stat("/var/log/journal", &st
);
1575 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1576 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1578 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1579 log_error("%s is not a directory, must be using persistent logging for FSS.",
1580 "/var/log/journal");
1581 return r
< 0 ? -errno
: -ENOTDIR
;
1584 r
= sd_id128_get_machine(&machine
);
1586 return log_error_errno(r
, "Failed to get machine ID: %m");
1588 r
= sd_id128_get_boot(&boot
);
1590 return log_error_errno(r
, "Failed to get boot ID: %m");
1592 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1593 SD_ID128_FORMAT_VAL(machine
)) < 0)
1598 if (r
< 0 && errno
!= ENOENT
) {
1599 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1602 } else if (access(p
, F_OK
) >= 0) {
1603 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1608 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1609 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1614 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1615 mpk
= alloca(mpk_size
);
1617 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1618 seed
= alloca(seed_size
);
1620 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1621 state
= alloca(state_size
);
1623 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1625 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1629 log_info("Generating seed...");
1630 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1632 log_error_errno(r
, "Failed to read random seed: %m");
1636 log_info("Generating key pair...");
1637 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1639 log_info("Generating sealing key...");
1640 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1642 assert(arg_interval
> 0);
1644 n
= now(CLOCK_REALTIME
);
1648 fd
= mkostemp_safe(k
);
1650 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1654 /* Enable secure remove, exclusion from dump, synchronous
1655 * writing and in-place updating */
1656 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1658 log_warning_errno(r
, "Failed to set file attributes: %m");
1661 memcpy(h
.signature
, "KSHHRHLP", 8);
1662 h
.machine_id
= machine
;
1664 h
.header_size
= htole64(sizeof(h
));
1665 h
.start_usec
= htole64(n
* arg_interval
);
1666 h
.interval_usec
= htole64(arg_interval
);
1667 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1668 h
.fsprg_state_size
= htole64(state_size
);
1670 r
= loop_write(fd
, &h
, sizeof(h
), false);
1672 log_error_errno(r
, "Failed to write header: %m");
1676 r
= loop_write(fd
, state
, state_size
, false);
1678 log_error_errno(r
, "Failed to write state: %m");
1682 if (link(k
, p
) < 0) {
1683 r
= log_error_errno(errno
, "Failed to link file: %m");
1690 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1691 "the following local file. This key file is automatically updated when the\n"
1692 "sealing key is advanced. It should not be used on multiple hosts.\n"
1696 "Please write down the following %ssecret verification key%s. It should be stored\n"
1697 "at a safe location and should not be saved locally on disk.\n"
1699 ansi_highlight(), ansi_normal(),
1701 ansi_highlight(), ansi_normal(),
1702 ansi_highlight_red());
1705 for (i
= 0; i
< seed_size
; i
++) {
1706 if (i
> 0 && i
% 3 == 0)
1708 printf("%02x", ((uint8_t*) seed
)[i
]);
1711 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1714 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1718 "The sealing key is automatically changed every %s.\n",
1720 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1722 hn
= gethostname_malloc();
1725 hostname_cleanup(hn
);
1726 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1728 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1731 /* If this is not an UTF-8 system don't print any QR codes */
1732 if (is_locale_utf8()) {
1733 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1734 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1754 log_error("Forward-secure sealing not available.");
1759 static int verify(sd_journal
*j
) {
1766 log_show_color(true);
1768 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1770 usec_t first
= 0, validated
= 0, last
= 0;
1773 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1774 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1777 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1779 /* If the key was invalid give up right-away. */
1782 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1785 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1786 log_info("PASS: %s", f
->path
);
1788 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1789 if (validated
> 0) {
1790 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1791 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1792 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1793 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1794 } else if (last
> 0)
1795 log_info("=> No sealing yet, %s of entries not sealed.",
1796 format_timespan(c
, sizeof(c
), last
- first
, 0));
1798 log_info("=> No sealing yet, no entries in file.");
1806 static int flush_to_var(void) {
1807 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1808 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1809 _cleanup_close_
int watch_fd
= -1;
1813 log_error("--flush is not supported in conjunction with --machine=.");
1818 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1821 /* OK, let's actually do the full logic, send SIGUSR1 to the
1822 * daemon and set up inotify to wait for the flushed file to appear */
1823 r
= bus_connect_system_systemd(&bus
);
1825 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1827 r
= sd_bus_call_method(
1829 "org.freedesktop.systemd1",
1830 "/org/freedesktop/systemd1",
1831 "org.freedesktop.systemd1.Manager",
1835 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1837 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1839 mkdir_p("/run/systemd/journal", 0755);
1841 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1843 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1845 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1847 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1850 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1853 if (errno
!= ENOENT
)
1854 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1856 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1858 return log_error_errno(r
, "Failed to wait for event: %m");
1860 r
= flush_fd(watch_fd
);
1862 return log_error_errno(r
, "Failed to flush inotify events: %m");
1868 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1869 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1870 _cleanup_close_
int watch_fd
= -1;
1875 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1879 start
= now(CLOCK_MONOTONIC
);
1881 /* This call sends the specified signal to journald, and waits
1882 * for acknowledgment by watching the mtime of the specified
1883 * flag file. This is used to trigger syncing or rotation and
1884 * then wait for the operation to complete. */
1889 /* See if a sync happened by now. */
1890 r
= read_timestamp_file(watch_path
, &tstamp
);
1891 if (r
< 0 && r
!= -ENOENT
)
1892 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
1893 if (r
>= 0 && tstamp
>= start
)
1896 /* Let's ask for a sync, but only once. */
1898 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1900 r
= bus_connect_system_systemd(&bus
);
1902 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1904 r
= sd_bus_call_method(
1906 "org.freedesktop.systemd1",
1907 "/org/freedesktop/systemd1",
1908 "org.freedesktop.systemd1.Manager",
1912 "ssi", "systemd-journald.service", "main", sig
);
1914 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1919 /* Let's install the inotify watch, if we didn't do that yet. */
1922 mkdir_p("/run/systemd/journal", 0755);
1924 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1926 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1928 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1930 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1932 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
1936 /* OK, all preparatory steps done, let's wait until
1937 * inotify reports an event. */
1939 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1941 return log_error_errno(r
, "Failed to wait for event: %m");
1943 r
= flush_fd(watch_fd
);
1945 return log_error_errno(r
, "Failed to flush inotify events: %m");
1951 static int rotate(void) {
1952 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
1955 static int sync_journal(void) {
1956 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
1959 int main(int argc
, char *argv
[]) {
1961 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
1962 bool need_seek
= false;
1963 sd_id128_t previous_boot_id
;
1964 bool previous_boot_id_valid
= false, first_line
= true;
1966 bool ellipsized
= false;
1968 setlocale(LC_ALL
, "");
1969 log_parse_environment();
1972 r
= parse_argv(argc
, argv
);
1976 signal(SIGWINCH
, columns_lines_cache_reset
);
1979 /* Increase max number of open files to 16K if we can, we
1980 * might needs this when browsing journal files, which might
1981 * be split up into many files. */
1982 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
1984 switch (arg_action
) {
1986 case ACTION_NEW_ID128
:
1987 r
= generate_new_id128();
1990 case ACTION_SETUP_KEYS
:
1994 case ACTION_LIST_CATALOG
:
1995 case ACTION_DUMP_CATALOG
:
1996 case ACTION_UPDATE_CATALOG
: {
1997 _cleanup_free_
char *database
;
1999 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2005 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2006 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2008 log_error_errno(r
, "Failed to list catalog: %m");
2010 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2012 pager_open(arg_no_pager
, arg_pager_end
);
2015 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2017 r
= catalog_list(stdout
, database
, oneline
);
2019 log_error_errno(r
, "Failed to list catalog: %m");
2038 case ACTION_PRINT_HEADER
:
2040 case ACTION_DISK_USAGE
:
2041 case ACTION_LIST_BOOTS
:
2043 case ACTION_LIST_FIELDS
:
2044 case ACTION_LIST_FIELD_NAMES
:
2045 /* These ones require access to the journal files, continue below. */
2049 assert_not_reached("Unknown action");
2053 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2055 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2056 else if (arg_file_stdin
) {
2057 int ifd
= STDIN_FILENO
;
2058 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2059 } else if (arg_file
)
2060 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2061 else if (arg_machine
) {
2062 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2063 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2064 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2067 if (geteuid() != 0) {
2068 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2069 * the container, thus we need root privileges to override them. */
2070 log_error("Using the --machine= switch requires root privileges.");
2075 r
= sd_bus_open_system(&bus
);
2077 log_error_errno(r
, "Failed to open system bus: %m");
2081 r
= sd_bus_call_method(
2083 "org.freedesktop.machine1",
2084 "/org/freedesktop/machine1",
2085 "org.freedesktop.machine1.Manager",
2086 "OpenMachineRootDirectory",
2091 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2095 r
= sd_bus_message_read(reply
, "h", &fd
);
2097 bus_log_parse_error(r
);
2101 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2103 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2107 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2111 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2113 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2117 r
= journal_access_check_and_warn(j
, arg_quiet
);
2121 switch (arg_action
) {
2123 case ACTION_NEW_ID128
:
2124 case ACTION_SETUP_KEYS
:
2125 case ACTION_LIST_CATALOG
:
2126 case ACTION_DUMP_CATALOG
:
2127 case ACTION_UPDATE_CATALOG
:
2131 assert_not_reached("Unexpected action.");
2133 case ACTION_PRINT_HEADER
:
2134 journal_print_header(j
);
2142 case ACTION_DISK_USAGE
: {
2144 char sbytes
[FORMAT_BYTES_MAX
];
2146 r
= sd_journal_get_usage(j
, &bytes
);
2150 printf("Archived and active journals take up %s in the file system.\n",
2151 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2155 case ACTION_LIST_BOOTS
:
2159 case ACTION_VACUUM
: {
2163 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2169 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2171 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2179 case ACTION_LIST_FIELD_NAMES
: {
2182 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2183 printf("%s\n", field
);
2192 case ACTION_LIST_FIELDS
:
2196 assert_not_reached("Unknown action");
2199 if (arg_boot_offset
!= 0 &&
2200 sd_journal_has_runtime_files(j
) > 0 &&
2201 sd_journal_has_persistent_files(j
) == 0) {
2202 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2206 /* add_boot() must be called first!
2207 * It may need to seek the journal to find parent boot IDs. */
2218 log_error_errno(r
, "Failed to add filter for units: %m");
2222 r
= add_syslog_identifier(j
);
2224 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2228 r
= add_priorities(j
);
2232 r
= add_matches(j
, argv
+ optind
);
2236 if (_unlikely_(log_get_max_level() >= LOG_DEBUG
)) {
2237 _cleanup_free_
char *filter
;
2239 filter
= journal_make_match_string(j
);
2243 log_debug("Journal filter: %s", filter
);
2246 if (arg_action
== ACTION_LIST_FIELDS
) {
2252 r
= sd_journal_set_data_threshold(j
, 0);
2254 log_error_errno(r
, "Failed to unset data size threshold: %m");
2258 r
= sd_journal_query_unique(j
, arg_field
);
2260 log_error_errno(r
, "Failed to query unique data objects: %m");
2264 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2267 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2270 eq
= memchr(data
, '=', size
);
2272 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2274 printf("%.*s\n", (int) size
, (const char*) data
);
2283 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2285 r
= sd_journal_get_fd(j
);
2286 if (r
== -EMEDIUMTYPE
) {
2287 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2291 log_error_errno(r
, "Failed to get journal fd: %m");
2296 if (arg_cursor
|| arg_after_cursor
) {
2297 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2299 log_error_errno(r
, "Failed to seek to cursor: %m");
2304 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2306 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2308 if (arg_after_cursor
&& r
< 2) {
2309 /* We couldn't find the next entry after the cursor. */
2316 } else if (arg_since_set
&& !arg_reverse
) {
2317 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2319 log_error_errno(r
, "Failed to seek to date: %m");
2322 r
= sd_journal_next(j
);
2324 } else if (arg_until_set
&& arg_reverse
) {
2325 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2327 log_error_errno(r
, "Failed to seek to date: %m");
2330 r
= sd_journal_previous(j
);
2332 } else if (arg_lines
>= 0) {
2333 r
= sd_journal_seek_tail(j
);
2335 log_error_errno(r
, "Failed to seek to tail: %m");
2339 r
= sd_journal_previous_skip(j
, arg_lines
);
2341 } else if (arg_reverse
) {
2342 r
= sd_journal_seek_tail(j
);
2344 log_error_errno(r
, "Failed to seek to tail: %m");
2348 r
= sd_journal_previous(j
);
2351 r
= sd_journal_seek_head(j
);
2353 log_error_errno(r
, "Failed to seek to head: %m");
2357 r
= sd_journal_next(j
);
2361 log_error_errno(r
, "Failed to iterate through journal: %m");
2368 pager_open(arg_no_pager
, arg_pager_end
);
2370 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2372 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2374 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2376 log_error_errno(r
, "Failed to get cutoff: %m");
2382 printf("-- Logs begin at %s. --\n",
2383 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2385 printf("-- Logs begin at %s, end at %s. --\n",
2386 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2387 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2392 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2397 r
= sd_journal_next(j
);
2399 r
= sd_journal_previous(j
);
2401 log_error_errno(r
, "Failed to iterate through journal: %m");
2408 if (arg_until_set
&& !arg_reverse
) {
2411 r
= sd_journal_get_realtime_usec(j
, &usec
);
2413 log_error_errno(r
, "Failed to determine timestamp: %m");
2416 if (usec
> arg_until
)
2420 if (arg_since_set
&& arg_reverse
) {
2423 r
= sd_journal_get_realtime_usec(j
, &usec
);
2425 log_error_errno(r
, "Failed to determine timestamp: %m");
2428 if (usec
< arg_since
)
2432 if (!arg_merge
&& !arg_quiet
) {
2435 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2437 if (previous_boot_id_valid
&&
2438 !sd_id128_equal(boot_id
, previous_boot_id
))
2439 printf("%s-- Reboot --%s\n",
2440 ansi_highlight(), ansi_normal());
2442 previous_boot_id
= boot_id
;
2443 previous_boot_id_valid
= true;
2448 arg_all
* OUTPUT_SHOW_ALL
|
2449 arg_full
* OUTPUT_FULL_WIDTH
|
2450 colors_enabled() * OUTPUT_COLOR
|
2451 arg_catalog
* OUTPUT_CATALOG
|
2452 arg_utc
* OUTPUT_UTC
|
2453 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2455 r
= output_journal(stdout
, j
, arg_output
, 0, flags
, &ellipsized
);
2457 if (r
== -EADDRNOTAVAIL
)
2459 else if (r
< 0 || ferror(stdout
))
2466 if (n_shown
== 0 && !arg_quiet
)
2467 printf("-- No entries --\n");
2469 if (arg_show_cursor
) {
2470 _cleanup_free_
char *cursor
= NULL
;
2472 r
= sd_journal_get_cursor(j
, &cursor
);
2473 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2474 log_error_errno(r
, "Failed to get cursor: %m");
2476 printf("-- cursor: %s\n", cursor
);
2483 r
= sd_journal_wait(j
, (uint64_t) -1);
2485 log_error_errno(r
, "Couldn't wait for journal event: %m");
2496 strv_free(arg_file
);
2498 strv_free(arg_syslog_identifier
);
2499 strv_free(arg_system_units
);
2500 strv_free(arg_user_units
);
2503 free(arg_verify_key
);
2505 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;