1 /* SPDX-License-Identifier: LGPL-2.1+ */
15 #include <sys/inotify.h>
20 # define PCRE2_CODE_UNIT_WIDTH 8
25 #include "sd-device.h"
26 #include "sd-journal.h"
29 #include "alloc-util.h"
30 #include "bus-error.h"
33 #include "chattr-util.h"
35 #include "device-private.h"
40 #include "glob-util.h"
41 #include "hostname-util.h"
42 #include "id128-print.h"
44 #include "journal-def.h"
45 #include "journal-internal.h"
46 #include "journal-qrcode.h"
47 #include "journal-util.h"
48 #include "journal-vacuum.h"
49 #include "journal-verify.h"
50 #include "locale-util.h"
52 #include "logs-show.h"
53 #include "memory-util.h"
55 #include "nulstr-util.h"
57 #include "parse-util.h"
58 #include "path-util.h"
59 #include "pretty-print.h"
60 #include "rlimit-util.h"
63 #include "string-table.h"
65 #include "syslog-util.h"
66 #include "terminal-util.h"
67 #include "tmpfile-util.h"
68 #include "unit-name.h"
69 #include "user-util.h"
71 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
73 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
76 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
77 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
79 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
81 PCRE2_SIZE erroroffset
;
84 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
85 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
87 unsigned char buf
[LINE_MAX
];
89 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
91 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
92 "Bad pattern \"%s\": %s", pattern
,
93 r
< 0 ? "unknown error" : (char *)buf
);
103 /* Special values for arg_lines */
104 ARG_LINES_DEFAULT
= -2,
108 static OutputMode arg_output
= OUTPUT_SHORT
;
109 static bool arg_utc
= false;
110 static bool arg_follow
= false;
111 static bool arg_full
= true;
112 static bool arg_all
= false;
113 static PagerFlags arg_pager_flags
= 0;
114 static int arg_lines
= ARG_LINES_DEFAULT
;
115 static bool arg_no_tail
= false;
116 static bool arg_quiet
= false;
117 static bool arg_merge
= false;
118 static bool arg_boot
= false;
119 static sd_id128_t arg_boot_id
= {};
120 static int arg_boot_offset
= 0;
121 static bool arg_dmesg
= false;
122 static bool arg_no_hostname
= false;
123 static const char *arg_cursor
= NULL
;
124 static const char *arg_cursor_file
= NULL
;
125 static const char *arg_after_cursor
= NULL
;
126 static bool arg_show_cursor
= false;
127 static const char *arg_directory
= NULL
;
128 static char **arg_file
= NULL
;
129 static bool arg_file_stdin
= false;
130 static int arg_priorities
= 0xFF;
131 static char *arg_verify_key
= NULL
;
133 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
134 static bool arg_force
= false;
136 static usec_t arg_since
, arg_until
;
137 static bool arg_since_set
= false, arg_until_set
= false;
138 static char **arg_syslog_identifier
= NULL
;
139 static char **arg_system_units
= NULL
;
140 static char **arg_user_units
= NULL
;
141 static const char *arg_field
= NULL
;
142 static bool arg_catalog
= false;
143 static bool arg_reverse
= false;
144 static int arg_journal_type
= 0;
145 static char *arg_root
= NULL
;
146 static const char *arg_machine
= NULL
;
147 static uint64_t arg_vacuum_size
= 0;
148 static uint64_t arg_vacuum_n_files
= 0;
149 static usec_t arg_vacuum_time
= 0;
150 static char **arg_output_fields
= NULL
;
153 static const char *arg_pattern
= NULL
;
154 static pcre2_code
*arg_compiled_pattern
= NULL
;
155 static int arg_case_sensitive
= -1; /* -1 means be smart */
167 ACTION_UPDATE_CATALOG
,
173 ACTION_ROTATE_AND_VACUUM
,
175 ACTION_LIST_FIELD_NAMES
,
176 } arg_action
= ACTION_SHOW
;
178 typedef struct BootId
{
182 LIST_FIELDS(struct BootId
, boot_list
);
185 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
186 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
194 if (!path_startswith(devpath
, "/dev/")) {
195 log_error("Devpath does not start with /dev/");
199 if (stat(devpath
, &st
) < 0)
200 return log_error_errno(errno
, "Couldn't stat file: %m");
202 r
= device_new_from_stat_rdev(&device
, &st
);
204 return log_error_errno(r
, "Failed to get device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
206 for (d
= device
; d
; ) {
207 _cleanup_free_
char *match
= NULL
;
208 const char *subsys
, *sysname
, *devnode
;
211 r
= sd_device_get_subsystem(d
, &subsys
);
215 r
= sd_device_get_sysname(d
, &sysname
);
219 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
223 r
= sd_journal_add_match(j
, match
, 0);
225 return log_error_errno(r
, "Failed to add match: %m");
227 if (sd_device_get_devname(d
, &devnode
) >= 0) {
228 _cleanup_free_
char *match1
= NULL
;
230 r
= stat(devnode
, &st
);
232 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
234 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
238 r
= sd_journal_add_match(j
, match1
, 0);
240 return log_error_errno(r
, "Failed to add match: %m");
244 if (sd_device_get_parent(d
, &parent
) < 0)
250 r
= add_match_this_boot(j
, arg_machine
);
252 return log_error_errno(r
, "Failed to add match for the current boot: %m");
257 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
260 return format_timestamp_utc(buf
, l
, t
);
262 return format_timestamp(buf
, l
, t
);
265 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
266 sd_id128_t id
= SD_ID128_NULL
;
269 if (streq(x
, "all")) {
270 *boot_id
= SD_ID128_NULL
;
273 } else if (strlen(x
) >= 32) {
277 r
= sd_id128_from_string(t
, &id
);
281 if (!IN_SET(*x
, 0, '-', '+'))
285 r
= safe_atoi(x
, &off
);
290 r
= safe_atoi(x
, &off
);
304 static int help(void) {
305 _cleanup_free_
char *link
= NULL
;
308 (void) pager_open(arg_pager_flags
);
310 r
= terminal_urlify_man("journalctl", "1", &link
);
314 printf("%s [OPTIONS...] [MATCHES...]\n\n"
315 "Query the journal.\n\n"
317 " --system Show the system journal\n"
318 " --user Show the user journal for the current user\n"
319 " -M --machine=CONTAINER Operate on local container\n"
320 " -S --since=DATE Show entries not older than the specified date\n"
321 " -U --until=DATE Show entries not newer than the specified date\n"
322 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
323 " --after-cursor=CURSOR Show entries after the specified cursor\n"
324 " --show-cursor Print the cursor after all the entries\n"
325 " --cursor-file=FILE Show entries after cursor in FILE and update FILE\n"
326 " -b --boot[=ID] Show current boot or the specified boot\n"
327 " --list-boots Show terse information about recorded boots\n"
328 " -k --dmesg Show kernel message log from the current boot\n"
329 " -u --unit=UNIT Show logs from the specified unit\n"
330 " --user-unit=UNIT Show logs from the specified user unit\n"
331 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
332 " -p --priority=RANGE Show entries with the specified priority\n"
333 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
334 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
335 " -e --pager-end Immediately jump to the end in the pager\n"
336 " -f --follow Follow the journal\n"
337 " -n --lines[=INTEGER] Number of journal entries to show\n"
338 " --no-tail Show all lines, even in follow mode\n"
339 " -r --reverse Show the newest entries first\n"
340 " -o --output=STRING Change journal output mode (short, short-precise,\n"
341 " short-iso, short-iso-precise, short-full,\n"
342 " short-monotonic, short-unix, verbose, export,\n"
343 " json, json-pretty, json-sse, json-seq, cat,\n"
345 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
346 " --utc Express time in Coordinated Universal Time (UTC)\n"
347 " -x --catalog Add message explanations where available\n"
348 " --no-full Ellipsize fields\n"
349 " -a --all Show all fields, including long and unprintable\n"
350 " -q --quiet Do not show info messages and privilege warning\n"
351 " --no-pager Do not pipe output into a pager\n"
352 " --no-hostname Suppress output of hostname field\n"
353 " -m --merge Show entries from all available journals\n"
354 " -D --directory=PATH Show journal files from directory\n"
355 " --file=PATH Show journal file\n"
356 " --root=ROOT Operate on files below a root directory\n"
357 " --interval=TIME Time interval for changing the FSS sealing key\n"
358 " --verify-key=KEY Specify FSS verification key\n"
359 " --force Override of the FSS key pair with --setup-keys\n"
361 " -h --help Show this help text\n"
362 " --version Show package version\n"
363 " -N --fields List all field names currently used\n"
364 " -F --field=FIELD List all values that a specified field takes\n"
365 " --disk-usage Show total disk usage of all journal files\n"
366 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
367 " --vacuum-files=INT Leave only the specified number of journal files\n"
368 " --vacuum-time=TIME Remove journal files older than specified time\n"
369 " --verify Verify journal file consistency\n"
370 " --sync Synchronize unwritten journal messages to disk\n"
371 " --flush Flush all journal data from /run into /var\n"
372 " --rotate Request immediate rotation of the journal files\n"
373 " --header Show journal header information\n"
374 " --list-catalog Show all message IDs in the catalog\n"
375 " --dump-catalog Show entries in the message catalog\n"
376 " --update-catalog Update the message catalog database\n"
377 " --setup-keys Generate a new FSS key pair\n"
378 "\nSee the %s for details.\n"
379 , program_invocation_short_name
386 static int parse_argv(int argc
, char *argv
[]) {
426 static const struct option options
[] = {
427 { "help", no_argument
, NULL
, 'h' },
428 { "version" , no_argument
, NULL
, ARG_VERSION
},
429 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
430 { "pager-end", no_argument
, NULL
, 'e' },
431 { "follow", no_argument
, NULL
, 'f' },
432 { "force", no_argument
, NULL
, ARG_FORCE
},
433 { "output", required_argument
, NULL
, 'o' },
434 { "all", no_argument
, NULL
, 'a' },
435 { "full", no_argument
, NULL
, 'l' },
436 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
437 { "lines", optional_argument
, NULL
, 'n' },
438 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
439 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
}, /* deprecated */
440 { "quiet", no_argument
, NULL
, 'q' },
441 { "merge", no_argument
, NULL
, 'm' },
442 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
443 { "boot", optional_argument
, NULL
, 'b' },
444 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
445 { "dmesg", no_argument
, NULL
, 'k' },
446 { "system", no_argument
, NULL
, ARG_SYSTEM
},
447 { "user", no_argument
, NULL
, ARG_USER
},
448 { "directory", required_argument
, NULL
, 'D' },
449 { "file", required_argument
, NULL
, ARG_FILE
},
450 { "root", required_argument
, NULL
, ARG_ROOT
},
451 { "header", no_argument
, NULL
, ARG_HEADER
},
452 { "identifier", required_argument
, NULL
, 't' },
453 { "priority", required_argument
, NULL
, 'p' },
454 { "grep", required_argument
, NULL
, 'g' },
455 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
456 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
457 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
458 { "verify", no_argument
, NULL
, ARG_VERIFY
},
459 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
460 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
461 { "cursor", required_argument
, NULL
, 'c' },
462 { "cursor-file", required_argument
, NULL
, ARG_CURSOR_FILE
},
463 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
464 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
465 { "since", required_argument
, NULL
, 'S' },
466 { "until", required_argument
, NULL
, 'U' },
467 { "unit", required_argument
, NULL
, 'u' },
468 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
469 { "field", required_argument
, NULL
, 'F' },
470 { "fields", no_argument
, NULL
, 'N' },
471 { "catalog", no_argument
, NULL
, 'x' },
472 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
473 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
474 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
475 { "reverse", no_argument
, NULL
, 'r' },
476 { "machine", required_argument
, NULL
, 'M' },
477 { "utc", no_argument
, NULL
, ARG_UTC
},
478 { "flush", no_argument
, NULL
, ARG_FLUSH
},
479 { "sync", no_argument
, NULL
, ARG_SYNC
},
480 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
481 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
482 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
483 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
484 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
485 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
494 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
505 arg_pager_flags
|= PAGER_DISABLE
;
509 arg_pager_flags
|= PAGER_JUMP_TO_END
;
511 if (arg_lines
== ARG_LINES_DEFAULT
)
521 if (streq(optarg
, "help")) {
522 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
526 arg_output
= output_mode_from_string(optarg
);
527 if (arg_output
< 0) {
528 log_error("Unknown output format '%s'.", optarg
);
532 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_JSON_SEQ
, OUTPUT_CAT
))
551 if (streq(optarg
, "all"))
552 arg_lines
= ARG_LINES_ALL
;
554 r
= safe_atoi(optarg
, &arg_lines
);
555 if (r
< 0 || arg_lines
< 0) {
556 log_error("Failed to parse lines '%s'", optarg
);
563 /* Hmm, no argument? Maybe the next
564 * word on the command line is
565 * supposed to be the argument? Let's
566 * see if there is one, and is
570 if (streq(argv
[optind
], "all")) {
571 arg_lines
= ARG_LINES_ALL
;
573 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
587 arg_action
= ACTION_NEW_ID128
;
600 arg_boot_id
= SD_ID128_NULL
;
606 arg_boot_id
= SD_ID128_NULL
;
610 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
612 return log_error_errno(r
, "Failed to parse boot descriptor '%s'", optarg
);
616 /* Hmm, no argument? Maybe the next
617 * word on the command line is
618 * supposed to be the argument? Let's
619 * see if there is one and is parsable
620 * as a boot descriptor... */
621 } else if (optind
< argc
) {
622 r
= parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
);
631 arg_action
= ACTION_LIST_BOOTS
;
635 arg_boot
= arg_dmesg
= true;
639 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
643 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
647 arg_machine
= optarg
;
651 arg_directory
= optarg
;
655 if (streq(optarg
, "-"))
656 /* An undocumented feature: we can read journal files from STDIN. We don't document
657 * this though, since after all we only support this for mmap-able, seekable files, and
658 * not for example pipes which are probably the primary usecase for reading things from
659 * STDIN. To avoid confusion we hence don't document this feature. */
660 arg_file_stdin
= true;
662 r
= glob_extend(&arg_file
, optarg
);
664 return log_error_errno(r
, "Failed to add paths: %m");
669 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
678 case ARG_CURSOR_FILE
:
679 arg_cursor_file
= optarg
;
682 case ARG_AFTER_CURSOR
:
683 arg_after_cursor
= optarg
;
686 case ARG_SHOW_CURSOR
:
687 arg_show_cursor
= true;
691 arg_action
= ACTION_PRINT_HEADER
;
695 arg_action
= ACTION_VERIFY
;
699 arg_action
= ACTION_DISK_USAGE
;
702 case ARG_VACUUM_SIZE
:
703 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
705 log_error("Failed to parse vacuum size: %s", optarg
);
709 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
712 case ARG_VACUUM_FILES
:
713 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
715 log_error("Failed to parse vacuum files: %s", optarg
);
719 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
722 case ARG_VACUUM_TIME
:
723 r
= parse_sec(optarg
, &arg_vacuum_time
);
725 log_error("Failed to parse vacuum time: %s", optarg
);
729 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
738 arg_action
= ACTION_SETUP_KEYS
;
742 arg_action
= ACTION_VERIFY
;
743 r
= free_and_strdup(&arg_verify_key
, optarg
);
746 /* Use memset not string_erase so this doesn't look confusing
747 * in ps or htop output. */
748 memset(optarg
, 'x', strlen(optarg
));
754 r
= parse_sec(optarg
, &arg_interval
);
755 if (r
< 0 || arg_interval
<= 0) {
756 log_error("Failed to parse sealing key change interval: %s", optarg
);
765 log_error("Compiled without forward-secure sealing support.");
772 dots
= strstr(optarg
, "..");
778 a
= strndup(optarg
, dots
- optarg
);
782 from
= log_level_from_string(a
);
783 to
= log_level_from_string(dots
+ 2);
786 if (from
< 0 || to
< 0) {
787 log_error("Failed to parse log level range %s", optarg
);
794 for (i
= from
; i
<= to
; i
++)
795 arg_priorities
|= 1 << i
;
797 for (i
= to
; i
<= from
; i
++)
798 arg_priorities
|= 1 << i
;
804 p
= log_level_from_string(optarg
);
806 log_error("Unknown log level %s", optarg
);
812 for (i
= 0; i
<= p
; i
++)
813 arg_priorities
|= 1 << i
;
821 arg_pattern
= optarg
;
824 case ARG_CASE_SENSITIVE
:
826 r
= parse_boolean(optarg
);
828 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
829 arg_case_sensitive
= r
;
831 arg_case_sensitive
= true;
836 case ARG_CASE_SENSITIVE
:
837 return log_error("Compiled without pattern matching support");
841 r
= parse_timestamp(optarg
, &arg_since
);
843 log_error("Failed to parse timestamp: %s", optarg
);
846 arg_since_set
= true;
850 r
= parse_timestamp(optarg
, &arg_until
);
852 log_error("Failed to parse timestamp: %s", optarg
);
855 arg_until_set
= true;
859 r
= strv_extend(&arg_syslog_identifier
, optarg
);
865 r
= strv_extend(&arg_system_units
, optarg
);
871 r
= strv_extend(&arg_user_units
, optarg
);
877 arg_action
= ACTION_LIST_FIELDS
;
882 arg_action
= ACTION_LIST_FIELD_NAMES
;
885 case ARG_NO_HOSTNAME
:
886 arg_no_hostname
= true;
893 case ARG_LIST_CATALOG
:
894 arg_action
= ACTION_LIST_CATALOG
;
897 case ARG_DUMP_CATALOG
:
898 arg_action
= ACTION_DUMP_CATALOG
;
901 case ARG_UPDATE_CATALOG
:
902 arg_action
= ACTION_UPDATE_CATALOG
;
914 arg_action
= ACTION_FLUSH
;
918 arg_action
= arg_action
== ACTION_VACUUM
? ACTION_ROTATE_AND_VACUUM
: ACTION_ROTATE
;
922 arg_action
= ACTION_SYNC
;
925 case ARG_OUTPUT_FIELDS
: {
926 _cleanup_strv_free_
char **v
= NULL
;
928 v
= strv_split(optarg
, ",");
932 if (!arg_output_fields
)
933 arg_output_fields
= TAKE_PTR(v
);
935 r
= strv_extend_strv(&arg_output_fields
, v
, true);
946 assert_not_reached("Unhandled option");
949 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
952 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
953 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
957 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
958 log_error("--since= must be before --until=.");
962 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
963 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
967 if (arg_follow
&& arg_reverse
) {
968 log_error("Please specify either --reverse= or --follow=, not both.");
972 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
973 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
977 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
978 log_error("Using --boot or --list-boots with --merge is not supported.");
982 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
983 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
984 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
985 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
986 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
990 arg_system_units
= strv_free(arg_system_units
);
997 if (arg_case_sensitive
>= 0)
998 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
1000 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
1002 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
1004 md
= pcre2_match_data_create(1, NULL
);
1008 r
= pattern_compile("[[:upper:]]", 0, &cs
);
1012 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
1015 flags
= !has_case
* PCRE2_CASELESS
;
1018 log_debug("Doing case %s matching based on %s",
1019 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1020 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1022 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1031 static int add_matches(sd_journal
*j
, char **args
) {
1033 bool have_term
= false;
1037 STRV_FOREACH(i
, args
) {
1040 if (streq(*i
, "+")) {
1043 r
= sd_journal_add_disjunction(j
);
1046 } else if (path_is_absolute(*i
)) {
1047 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1050 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1052 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1054 if (lstat(p
, &st
) < 0)
1055 return log_error_errno(errno
, "Couldn't stat file: %m");
1057 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1058 if (executable_is_script(p
, &interpreter
) > 0) {
1059 _cleanup_free_
char *comm
;
1061 comm
= strndup(basename(p
), 15);
1065 t
= strappend("_COMM=", comm
);
1069 /* Append _EXE only if the interpreter is not a link.
1070 Otherwise, it might be outdated often. */
1071 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1072 t2
= strappend("_EXE=", interpreter
);
1077 t
= strappend("_EXE=", p
);
1082 r
= sd_journal_add_match(j
, t
, 0);
1085 r
= sd_journal_add_match(j
, t2
, 0);
1087 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1088 r
= add_matches_for_device(j
, p
);
1092 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1093 "File is neither a device node, nor regular file, nor executable: %s",
1098 r
= sd_journal_add_match(j
, *i
, 0);
1103 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1106 if (!strv_isempty(args
) && !have_term
)
1107 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1108 "\"+\" can only be used between terms");
1113 static void boot_id_free_all(BootId
*l
) {
1117 LIST_REMOVE(boot_list
, l
, i
);
1122 static int discover_next_boot(sd_journal
*j
,
1123 sd_id128_t previous_boot_id
,
1127 _cleanup_free_ BootId
*next_boot
= NULL
;
1128 char match
[9+32+1] = "_BOOT_ID=";
1135 /* We expect the journal to be on the last position of a boot
1136 * (in relation to the direction we are going), so that the next
1137 * invocation of sd_journal_next/previous will be from a different
1138 * boot. We then collect any information we desire and then jump
1139 * to the last location of the new boot by using a _BOOT_ID match
1140 * coming from the other journal direction. */
1142 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1143 * we can actually advance to a *different* boot. */
1144 sd_journal_flush_matches(j
);
1148 r
= sd_journal_previous(j
);
1150 r
= sd_journal_next(j
);
1154 return 0; /* End of journal, yay. */
1156 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1160 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1161 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1162 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1163 * complete than the main entry array, and hence might reference an entry that's not actually the last
1164 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1165 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1168 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1170 next_boot
= new0(BootId
, 1);
1174 next_boot
->id
= boot_id
;
1176 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1180 /* Now seek to the last occurrence of this boot ID. */
1181 sd_id128_to_string(next_boot
->id
, match
+ 9);
1182 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1187 r
= sd_journal_seek_head(j
);
1189 r
= sd_journal_seek_tail(j
);
1194 r
= sd_journal_next(j
);
1196 r
= sd_journal_previous(j
);
1200 return log_debug_errno(SYNTHETIC_ERRNO(ENODATA
),
1201 "Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
1203 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1207 *ret
= TAKE_PTR(next_boot
);
1212 static int get_boots(
1215 sd_id128_t
*boot_id
,
1220 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1221 const bool advance_older
= boot_id
&& offset
<= 0;
1222 sd_id128_t previous_boot_id
;
1226 /* Adjust for the asymmetry that offset 0 is
1227 * the last (and current) boot, while 1 is considered the
1228 * (chronological) first boot in the journal. */
1229 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1231 /* Advance to the earliest/latest occurrence of our reference
1232 * boot ID (taking our lookup direction into account), so that
1233 * discover_next_boot() can do its job.
1234 * If no reference is given, the journal head/tail will do,
1235 * they're "virtual" boots after all. */
1236 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1237 char match
[9+32+1] = "_BOOT_ID=";
1239 sd_journal_flush_matches(j
);
1241 sd_id128_to_string(*boot_id
, match
+ 9);
1242 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1247 r
= sd_journal_seek_head(j
); /* seek to oldest */
1249 r
= sd_journal_seek_tail(j
); /* seek to newest */
1254 r
= sd_journal_next(j
); /* read the oldest entry */
1256 r
= sd_journal_previous(j
); /* read the most recently added entry */
1261 else if (offset
== 0) {
1266 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1267 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1268 * the following entry, which must then have an older/newer boot ID */
1272 r
= sd_journal_seek_tail(j
); /* seek to newest */
1274 r
= sd_journal_seek_head(j
); /* seek to oldest */
1278 /* No sd_journal_next()/_previous() here.
1280 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1281 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1285 previous_boot_id
= SD_ID128_NULL
;
1287 _cleanup_free_ BootId
*current
= NULL
;
1289 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1291 boot_id_free_all(head
);
1298 previous_boot_id
= current
->id
;
1302 offset
+= advance_older
? 1 : -1;
1307 *boot_id
= current
->id
;
1311 LIST_FOREACH(boot_list
, id
, head
) {
1312 if (sd_id128_equal(id
->id
, current
->id
)) {
1313 /* boot id already stored, something wrong with the journal files */
1314 /* exiting as otherwise this problem would cause forever loop */
1318 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1319 tail
= TAKE_PTR(current
);
1328 sd_journal_flush_matches(j
);
1333 static int list_boots(sd_journal
*j
) {
1335 BootId
*id
, *all_ids
;
1339 count
= get_boots(j
, &all_ids
, NULL
, 0);
1341 return log_error_errno(count
, "Failed to determine boots: %m");
1345 (void) pager_open(arg_pager_flags
);
1347 /* numbers are one less, but we need an extra char for the sign */
1348 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1351 LIST_FOREACH(boot_list
, id
, all_ids
) {
1352 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1354 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1356 SD_ID128_FORMAT_VAL(id
->id
),
1357 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1358 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1362 boot_id_free_all(all_ids
);
1367 static int add_boot(sd_journal
*j
) {
1368 char match
[9+32+1] = "_BOOT_ID=";
1377 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1378 * We can do this only when we logs are coming from the current machine,
1379 * so take the slow path if log location is specified. */
1380 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1381 !arg_directory
&& !arg_file
&& !arg_root
)
1383 return add_match_this_boot(j
, arg_machine
);
1385 boot_id
= arg_boot_id
;
1386 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1389 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1391 if (sd_id128_is_null(arg_boot_id
))
1392 log_error("Data from the specified boot (%+i) is not available: %s",
1393 arg_boot_offset
, reason
);
1395 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1396 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1398 return r
== 0 ? -ENODATA
: r
;
1401 sd_id128_to_string(boot_id
, match
+ 9);
1403 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1405 return log_error_errno(r
, "Failed to add match: %m");
1407 r
= sd_journal_add_conjunction(j
);
1409 return log_error_errno(r
, "Failed to add conjunction: %m");
1414 static int add_dmesg(sd_journal
*j
) {
1421 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1422 STRLEN("_TRANSPORT=kernel"));
1424 return log_error_errno(r
, "Failed to add match: %m");
1426 r
= sd_journal_add_conjunction(j
);
1428 return log_error_errno(r
, "Failed to add conjunction: %m");
1433 static int get_possible_units(
1439 _cleanup_set_free_free_ Set
*found
;
1443 found
= set_new(&string_hash_ops
);
1447 NULSTR_FOREACH(field
, fields
) {
1451 r
= sd_journal_query_unique(j
, field
);
1455 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1456 char **pattern
, *eq
;
1458 _cleanup_free_
char *u
= NULL
;
1460 eq
= memchr(data
, '=', size
);
1462 prefix
= eq
- (char*) data
+ 1;
1466 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1470 STRV_FOREACH(pattern
, patterns
)
1471 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1472 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1474 r
= set_consume(found
, u
);
1476 if (r
< 0 && r
!= -EEXIST
)
1484 *units
= TAKE_PTR(found
);
1489 /* This list is supposed to return the superset of unit names
1490 * possibly matched by rules added with add_matches_for_unit... */
1491 #define SYSTEM_UNITS \
1495 "OBJECT_SYSTEMD_UNIT\0" \
1498 /* ... and add_matches_for_user_unit */
1499 #define USER_UNITS \
1500 "_SYSTEMD_USER_UNIT\0" \
1502 "COREDUMP_USER_UNIT\0" \
1503 "OBJECT_SYSTEMD_USER_UNIT\0"
1505 static int add_units(sd_journal
*j
) {
1506 _cleanup_strv_free_
char **patterns
= NULL
;
1512 STRV_FOREACH(i
, arg_system_units
) {
1513 _cleanup_free_
char *u
= NULL
;
1515 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1519 if (string_is_glob(u
)) {
1520 r
= strv_push(&patterns
, u
);
1525 r
= add_matches_for_unit(j
, u
);
1528 r
= sd_journal_add_disjunction(j
);
1535 if (!strv_isempty(patterns
)) {
1536 _cleanup_set_free_free_ Set
*units
= NULL
;
1540 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1544 SET_FOREACH(u
, units
, it
) {
1545 r
= add_matches_for_unit(j
, u
);
1548 r
= sd_journal_add_disjunction(j
);
1555 patterns
= strv_free(patterns
);
1557 STRV_FOREACH(i
, arg_user_units
) {
1558 _cleanup_free_
char *u
= NULL
;
1560 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1564 if (string_is_glob(u
)) {
1565 r
= strv_push(&patterns
, u
);
1570 r
= add_matches_for_user_unit(j
, u
, getuid());
1573 r
= sd_journal_add_disjunction(j
);
1580 if (!strv_isempty(patterns
)) {
1581 _cleanup_set_free_free_ Set
*units
= NULL
;
1585 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1589 SET_FOREACH(u
, units
, it
) {
1590 r
= add_matches_for_user_unit(j
, u
, getuid());
1593 r
= sd_journal_add_disjunction(j
);
1600 /* Complain if the user request matches but nothing whatsoever was
1601 * found, since otherwise everything would be matched. */
1602 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1605 r
= sd_journal_add_conjunction(j
);
1612 static int add_priorities(sd_journal
*j
) {
1613 char match
[] = "PRIORITY=0";
1617 if (arg_priorities
== 0xFF)
1620 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1621 if (arg_priorities
& (1 << i
)) {
1622 match
[sizeof(match
)-2] = '0' + i
;
1624 r
= sd_journal_add_match(j
, match
, strlen(match
));
1626 return log_error_errno(r
, "Failed to add match: %m");
1629 r
= sd_journal_add_conjunction(j
);
1631 return log_error_errno(r
, "Failed to add conjunction: %m");
1636 static int add_syslog_identifier(sd_journal
*j
) {
1642 STRV_FOREACH(i
, arg_syslog_identifier
) {
1645 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1646 r
= sd_journal_add_match(j
, u
, 0);
1649 r
= sd_journal_add_disjunction(j
);
1654 r
= sd_journal_add_conjunction(j
);
1661 static int setup_keys(void) {
1663 size_t mpk_size
, seed_size
, state_size
, i
;
1664 uint8_t *mpk
, *seed
, *state
;
1666 sd_id128_t machine
, boot
;
1667 char *p
= NULL
, *k
= NULL
;
1672 r
= stat("/var/log/journal", &st
);
1673 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1674 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1676 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1677 log_error("%s is not a directory, must be using persistent logging for FSS.",
1678 "/var/log/journal");
1679 return r
< 0 ? -errno
: -ENOTDIR
;
1682 r
= sd_id128_get_machine(&machine
);
1684 return log_error_errno(r
, "Failed to get machine ID: %m");
1686 r
= sd_id128_get_boot(&boot
);
1688 return log_error_errno(r
, "Failed to get boot ID: %m");
1690 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1691 SD_ID128_FORMAT_VAL(machine
)) < 0)
1696 if (r
< 0 && errno
!= ENOENT
) {
1697 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1700 } else if (access(p
, F_OK
) >= 0) {
1701 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1706 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1707 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1712 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1713 mpk
= alloca(mpk_size
);
1715 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1716 seed
= alloca(seed_size
);
1718 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1719 state
= alloca(state_size
);
1721 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1723 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1727 log_info("Generating seed...");
1728 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1730 log_error_errno(r
, "Failed to read random seed: %m");
1734 log_info("Generating key pair...");
1735 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1737 log_info("Generating sealing key...");
1738 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1740 assert(arg_interval
> 0);
1742 n
= now(CLOCK_REALTIME
);
1746 fd
= mkostemp_safe(k
);
1748 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1752 /* Enable secure remove, exclusion from dump, synchronous
1753 * writing and in-place updating */
1754 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, NULL
);
1756 log_warning_errno(r
, "Failed to set file attributes: %m");
1759 memcpy(h
.signature
, "KSHHRHLP", 8);
1760 h
.machine_id
= machine
;
1762 h
.header_size
= htole64(sizeof(h
));
1763 h
.start_usec
= htole64(n
* arg_interval
);
1764 h
.interval_usec
= htole64(arg_interval
);
1765 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1766 h
.fsprg_state_size
= htole64(state_size
);
1768 r
= loop_write(fd
, &h
, sizeof(h
), false);
1770 log_error_errno(r
, "Failed to write header: %m");
1774 r
= loop_write(fd
, state
, state_size
, false);
1776 log_error_errno(r
, "Failed to write state: %m");
1780 if (link(k
, p
) < 0) {
1781 r
= log_error_errno(errno
, "Failed to link file: %m");
1788 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1789 "the following local file. This key file is automatically updated when the\n"
1790 "sealing key is advanced. It should not be used on multiple hosts.\n"
1794 "Please write down the following %ssecret verification key%s. It should be stored\n"
1795 "at a safe location and should not be saved locally on disk.\n"
1797 ansi_highlight(), ansi_normal(),
1799 ansi_highlight(), ansi_normal(),
1800 ansi_highlight_red());
1803 for (i
= 0; i
< seed_size
; i
++) {
1804 if (i
> 0 && i
% 3 == 0)
1806 printf("%02x", ((uint8_t*) seed
)[i
]);
1809 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1812 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1816 "The sealing key is automatically changed every %s.\n",
1818 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1820 hn
= gethostname_malloc();
1823 hostname_cleanup(hn
);
1824 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1826 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1829 /* If this is not an UTF-8 system don't print any QR codes */
1830 if (is_locale_utf8()) {
1831 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1832 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1852 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
1853 "Forward-secure sealing not available.");
1857 static int verify(sd_journal
*j
) {
1864 log_show_color(true);
1866 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1868 usec_t first
= 0, validated
= 0, last
= 0;
1871 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1872 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1875 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1877 /* If the key was invalid give up right-away. */
1880 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1883 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1884 log_info("PASS: %s", f
->path
);
1886 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1887 if (validated
> 0) {
1888 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1889 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1890 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1891 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1892 } else if (last
> 0)
1893 log_info("=> No sealing yet, %s of entries not sealed.",
1894 format_timespan(c
, sizeof(c
), last
- first
, 0));
1896 log_info("=> No sealing yet, no entries in file.");
1904 static int flush_to_var(void) {
1905 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1906 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1907 _cleanup_close_
int watch_fd
= -1;
1911 log_error("--flush is not supported in conjunction with --machine=.");
1916 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1919 /* OK, let's actually do the full logic, send SIGUSR1 to the
1920 * daemon and set up inotify to wait for the flushed file to appear */
1921 r
= bus_connect_system_systemd(&bus
);
1923 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1925 r
= sd_bus_call_method(
1927 "org.freedesktop.systemd1",
1928 "/org/freedesktop/systemd1",
1929 "org.freedesktop.systemd1.Manager",
1933 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1935 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1937 mkdir_p("/run/systemd/journal", 0755);
1939 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1941 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1943 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1945 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1948 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1951 if (errno
!= ENOENT
)
1952 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1954 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1956 return log_error_errno(r
, "Failed to wait for event: %m");
1958 r
= flush_fd(watch_fd
);
1960 return log_error_errno(r
, "Failed to flush inotify events: %m");
1966 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1967 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1968 _cleanup_close_
int watch_fd
= -1;
1973 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
1977 start
= now(CLOCK_MONOTONIC
);
1979 /* This call sends the specified signal to journald, and waits
1980 * for acknowledgment by watching the mtime of the specified
1981 * flag file. This is used to trigger syncing or rotation and
1982 * then wait for the operation to complete. */
1987 /* See if a sync happened by now. */
1988 r
= read_timestamp_file(watch_path
, &tstamp
);
1989 if (r
< 0 && r
!= -ENOENT
)
1990 return log_error_errno(r
, "Failed to read %s: %m", watch_path
);
1991 if (r
>= 0 && tstamp
>= start
)
1994 /* Let's ask for a sync, but only once. */
1996 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1998 r
= bus_connect_system_systemd(&bus
);
2000 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
2002 r
= sd_bus_call_method(
2004 "org.freedesktop.systemd1",
2005 "/org/freedesktop/systemd1",
2006 "org.freedesktop.systemd1.Manager",
2010 "ssi", "systemd-journald.service", "main", sig
);
2012 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
2017 /* Let's install the inotify watch, if we didn't do that yet. */
2020 mkdir_p("/run/systemd/journal", 0755);
2022 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2024 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2026 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2028 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2030 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2034 /* OK, all preparatory steps done, let's wait until
2035 * inotify reports an event. */
2037 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2039 return log_error_errno(r
, "Failed to wait for event: %m");
2041 r
= flush_fd(watch_fd
);
2043 return log_error_errno(r
, "Failed to flush inotify events: %m");
2049 static int rotate(void) {
2050 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2053 static int sync_journal(void) {
2054 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2057 static int wait_for_change(sd_journal
*j
, int poll_fd
) {
2058 struct pollfd pollfds
[] = {
2059 { .fd
= poll_fd
, .events
= POLLIN
},
2060 { .fd
= STDOUT_FILENO
},
2068 assert(poll_fd
>= 0);
2070 /* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
2071 * i.e. when it is closed. */
2073 r
= sd_journal_get_timeout(j
, &timeout
);
2075 return log_error_errno(r
, "Failed to determine journal waiting time: %m");
2077 if (ppoll(pollfds
, ELEMENTSOF(pollfds
),
2078 timeout
== USEC_INFINITY
? NULL
: timespec_store(&ts
, timeout
), NULL
) < 0) {
2082 return log_error_errno(errno
, "Couldn't wait for journal event: %m");
2085 if (pollfds
[1].revents
& (POLLHUP
|POLLERR
)) /* STDOUT has been closed? */
2086 return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED
),
2087 "Standard output has been closed.");
2089 r
= sd_journal_process(j
);
2091 return log_error_errno(r
, "Failed to process journal events: %m");
2096 int main(int argc
, char *argv
[]) {
2097 bool previous_boot_id_valid
= false, first_line
= true, ellipsized
= false, need_seek
= false;
2098 bool use_cursor
= false, after_cursor
= false;
2099 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2100 sd_id128_t previous_boot_id
;
2101 int n_shown
= 0, r
, poll_fd
= -1;
2103 setlocale(LC_ALL
, "");
2104 log_parse_environment();
2107 /* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
2108 * split up into many files. */
2109 (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE
);
2111 r
= parse_argv(argc
, argv
);
2115 signal(SIGWINCH
, columns_lines_cache_reset
);
2118 switch (arg_action
) {
2120 case ACTION_NEW_ID128
:
2121 r
= id128_print_new(true);
2124 case ACTION_SETUP_KEYS
:
2128 case ACTION_LIST_CATALOG
:
2129 case ACTION_DUMP_CATALOG
:
2130 case ACTION_UPDATE_CATALOG
: {
2131 _cleanup_free_
char *database
;
2133 database
= path_join(arg_root
, CATALOG_DATABASE
);
2139 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2140 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2142 log_error_errno(r
, "Failed to list catalog: %m");
2144 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2146 (void) pager_open(arg_pager_flags
);
2149 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2151 r
= catalog_list(stdout
, database
, oneline
);
2153 log_error_errno(r
, "Failed to list catalog: %m");
2172 case ACTION_PRINT_HEADER
:
2174 case ACTION_DISK_USAGE
:
2175 case ACTION_LIST_BOOTS
:
2177 case ACTION_ROTATE_AND_VACUUM
:
2178 case ACTION_LIST_FIELDS
:
2179 case ACTION_LIST_FIELD_NAMES
:
2180 /* These ones require access to the journal files, continue below. */
2184 assert_not_reached("Unknown action");
2188 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2190 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2191 else if (arg_file_stdin
) {
2192 int ifd
= STDIN_FILENO
;
2193 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2194 } else if (arg_file
)
2195 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2196 else if (arg_machine
) {
2197 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2198 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2199 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2202 if (geteuid() != 0) {
2203 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2204 * the container, thus we need root privileges to override them. */
2205 log_error("Using the --machine= switch requires root privileges.");
2210 r
= sd_bus_open_system(&bus
);
2212 log_error_errno(r
, "Failed to open system bus: %m");
2216 r
= sd_bus_call_method(
2218 "org.freedesktop.machine1",
2219 "/org/freedesktop/machine1",
2220 "org.freedesktop.machine1.Manager",
2221 "OpenMachineRootDirectory",
2226 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2230 r
= sd_bus_message_read(reply
, "h", &fd
);
2232 bus_log_parse_error(r
);
2236 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2238 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2242 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2246 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2248 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2252 r
= journal_access_check_and_warn(j
, arg_quiet
,
2253 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2257 switch (arg_action
) {
2259 case ACTION_NEW_ID128
:
2260 case ACTION_SETUP_KEYS
:
2261 case ACTION_LIST_CATALOG
:
2262 case ACTION_DUMP_CATALOG
:
2263 case ACTION_UPDATE_CATALOG
:
2267 assert_not_reached("Unexpected action.");
2269 case ACTION_PRINT_HEADER
:
2270 journal_print_header(j
);
2278 case ACTION_DISK_USAGE
: {
2280 char sbytes
[FORMAT_BYTES_MAX
];
2282 r
= sd_journal_get_usage(j
, &bytes
);
2286 printf("Archived and active journals take up %s in the file system.\n",
2287 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2291 case ACTION_LIST_BOOTS
:
2295 case ACTION_ROTATE_AND_VACUUM
:
2303 case ACTION_VACUUM
: {
2307 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2313 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2315 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2323 case ACTION_LIST_FIELD_NAMES
: {
2326 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2327 printf("%s\n", field
);
2336 case ACTION_LIST_FIELDS
:
2340 assert_not_reached("Unknown action");
2343 if (arg_boot_offset
!= 0 &&
2344 sd_journal_has_runtime_files(j
) > 0 &&
2345 sd_journal_has_persistent_files(j
) == 0) {
2346 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2350 /* add_boot() must be called first!
2351 * It may need to seek the journal to find parent boot IDs. */
2362 log_error_errno(r
, "Failed to add filter for units: %m");
2366 r
= add_syslog_identifier(j
);
2368 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2372 r
= add_priorities(j
);
2376 r
= add_matches(j
, argv
+ optind
);
2380 if (DEBUG_LOGGING
) {
2381 _cleanup_free_
char *filter
;
2383 filter
= journal_make_match_string(j
);
2387 log_debug("Journal filter: %s", filter
);
2390 if (arg_action
== ACTION_LIST_FIELDS
) {
2396 r
= sd_journal_set_data_threshold(j
, 0);
2398 log_error_errno(r
, "Failed to unset data size threshold: %m");
2402 r
= sd_journal_query_unique(j
, arg_field
);
2404 log_error_errno(r
, "Failed to query unique data objects: %m");
2408 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2411 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2414 eq
= memchr(data
, '=', size
);
2416 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2418 printf("%.*s\n", (int) size
, (const char*) data
);
2427 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2429 poll_fd
= sd_journal_get_fd(j
);
2430 if (poll_fd
== -EMFILE
) {
2431 log_warning_errno(poll_fd
, "Insufficent watch descriptors available. Reverting to -n.");
2433 } else if (poll_fd
== -EMEDIUMTYPE
) {
2434 log_error_errno(poll_fd
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2436 } else if (poll_fd
< 0) {
2437 log_error_errno(poll_fd
, "Failed to get journal fd: %m");
2442 if (arg_cursor
|| arg_after_cursor
|| arg_cursor_file
) {
2443 _cleanup_free_
char *cursor_from_file
= NULL
;
2444 const char *cursor
= arg_cursor
?: arg_after_cursor
;
2446 if (arg_cursor_file
) {
2447 r
= read_one_line_file(arg_cursor_file
, &cursor_from_file
);
2448 if (r
< 0 && r
!= -ENOENT
) {
2449 log_error_errno(r
, "Failed to read cursor file %s: %m", arg_cursor_file
);
2454 cursor
= cursor_from_file
;
2455 after_cursor
= true;
2458 after_cursor
= !!arg_after_cursor
;
2461 r
= sd_journal_seek_cursor(j
, cursor
);
2463 log_error_errno(r
, "Failed to seek to cursor: %m");
2472 r
= sd_journal_next_skip(j
, 1 + after_cursor
);
2474 r
= sd_journal_previous_skip(j
, 1 + after_cursor
);
2476 if (after_cursor
&& r
< 2) {
2477 /* We couldn't find the next entry after the cursor. */
2484 } else if (arg_since_set
&& !arg_reverse
) {
2485 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2487 log_error_errno(r
, "Failed to seek to date: %m");
2490 r
= sd_journal_next(j
);
2492 } else if (arg_until_set
&& arg_reverse
) {
2493 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2495 log_error_errno(r
, "Failed to seek to date: %m");
2498 r
= sd_journal_previous(j
);
2500 } else if (arg_lines
>= 0) {
2501 r
= sd_journal_seek_tail(j
);
2503 log_error_errno(r
, "Failed to seek to tail: %m");
2507 r
= sd_journal_previous_skip(j
, arg_lines
);
2509 } else if (arg_reverse
) {
2510 r
= sd_journal_seek_tail(j
);
2512 log_error_errno(r
, "Failed to seek to tail: %m");
2516 r
= sd_journal_previous(j
);
2519 r
= sd_journal_seek_head(j
);
2521 log_error_errno(r
, "Failed to seek to head: %m");
2525 r
= sd_journal_next(j
);
2529 log_error_errno(r
, "Failed to iterate through journal: %m");
2536 (void) pager_open(arg_pager_flags
);
2538 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2540 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2542 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2544 log_error_errno(r
, "Failed to get cutoff: %m");
2550 printf("-- Logs begin at %s. --\n",
2551 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2553 printf("-- Logs begin at %s, end at %s. --\n",
2554 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2555 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2560 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2562 size_t highlight
[2] = {};
2566 r
= sd_journal_next(j
);
2568 r
= sd_journal_previous(j
);
2570 log_error_errno(r
, "Failed to iterate through journal: %m");
2577 if (arg_until_set
&& !arg_reverse
) {
2580 r
= sd_journal_get_realtime_usec(j
, &usec
);
2582 log_error_errno(r
, "Failed to determine timestamp: %m");
2585 if (usec
> arg_until
)
2589 if (arg_since_set
&& arg_reverse
) {
2592 r
= sd_journal_get_realtime_usec(j
, &usec
);
2594 log_error_errno(r
, "Failed to determine timestamp: %m");
2597 if (usec
< arg_since
)
2601 if (!arg_merge
&& !arg_quiet
) {
2604 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2606 if (previous_boot_id_valid
&&
2607 !sd_id128_equal(boot_id
, previous_boot_id
))
2608 printf("%s-- Reboot --%s\n",
2609 ansi_highlight(), ansi_normal());
2611 previous_boot_id
= boot_id
;
2612 previous_boot_id_valid
= true;
2617 if (arg_compiled_pattern
) {
2618 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2619 const void *message
;
2623 md
= pcre2_match_data_create(1, NULL
);
2627 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2634 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2638 assert_se(message
= startswith(message
, "MESSAGE="));
2640 r
= pcre2_match(arg_compiled_pattern
,
2642 len
- strlen("MESSAGE="),
2643 0, /* start at offset 0 in the subject */
2644 0, /* default options */
2647 if (r
== PCRE2_ERROR_NOMATCH
) {
2652 unsigned char buf
[LINE_MAX
];
2655 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2656 log_error("Pattern matching failed: %s",
2657 r2
< 0 ? "unknown error" : (char*) buf
);
2662 ovec
= pcre2_get_ovector_pointer(md
);
2663 highlight
[0] = ovec
[0];
2664 highlight
[1] = ovec
[1];
2669 arg_all
* OUTPUT_SHOW_ALL
|
2670 arg_full
* OUTPUT_FULL_WIDTH
|
2671 colors_enabled() * OUTPUT_COLOR
|
2672 arg_catalog
* OUTPUT_CATALOG
|
2673 arg_utc
* OUTPUT_UTC
|
2674 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2676 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2677 arg_output_fields
, highlight
, &ellipsized
);
2679 if (r
== -EADDRNOTAVAIL
)
2686 /* If journalctl take a long time to process messages, and during that time journal file
2687 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2688 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2689 * in the "following" case. By periodically calling sd_journal_process() during the processing
2690 * loop we shrink the window of time a client instance has open file descriptors for rotated
2691 * (deleted) journal files. */
2692 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2693 r
= sd_journal_process(j
);
2695 log_error_errno(r
, "Failed to process inotify events: %m");
2702 if (n_shown
== 0 && !arg_quiet
)
2703 printf("-- No entries --\n");
2705 if (arg_show_cursor
|| arg_cursor_file
) {
2706 _cleanup_free_
char *cursor
= NULL
;
2708 r
= sd_journal_get_cursor(j
, &cursor
);
2709 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2710 log_error_errno(r
, "Failed to get cursor: %m");
2712 if (arg_show_cursor
)
2713 printf("-- cursor: %s\n", cursor
);
2715 if (arg_cursor_file
) {
2716 r
= write_string_file(arg_cursor_file
, cursor
,
2717 WRITE_STRING_FILE_CREATE
|
2718 WRITE_STRING_FILE_ATOMIC
);
2721 "Failed to write new cursor to %s: %m",
2732 r
= wait_for_change(j
, poll_fd
);
2743 strv_free(arg_file
);
2745 strv_free(arg_syslog_identifier
);
2746 strv_free(arg_system_units
);
2747 strv_free(arg_user_units
);
2748 strv_free(arg_output_fields
);
2751 free(arg_verify_key
);
2754 if (arg_compiled_pattern
)
2755 pcre2_code_free(arg_compiled_pattern
);
2758 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;