1 /* SPDX-License-Identifier: LGPL-2.1+ */
15 #include <sys/inotify.h>
20 # define PCRE2_CODE_UNIT_WIDTH 8
25 #include "sd-device.h"
26 #include "sd-journal.h"
29 #include "alloc-util.h"
30 #include "bus-error.h"
33 #include "chattr-util.h"
35 #include "device-private.h"
40 #include "glob-util.h"
41 #include "hostname-util.h"
42 #include "id128-print.h"
44 #include "journal-def.h"
45 #include "journal-internal.h"
46 #include "journal-qrcode.h"
47 #include "journal-util.h"
48 #include "journal-vacuum.h"
49 #include "journal-verify.h"
50 #include "locale-util.h"
52 #include "logs-show.h"
53 #include "memory-util.h"
55 #include "nulstr-util.h"
57 #include "parse-util.h"
58 #include "path-util.h"
59 #include "pretty-print.h"
60 #include "rlimit-util.h"
63 #include "string-table.h"
65 #include "syslog-util.h"
66 #include "terminal-util.h"
67 #include "tmpfile-util.h"
68 #include "unit-name.h"
69 #include "user-util.h"
72 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
74 #define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
77 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data
*, pcre2_match_data_free
);
78 DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code
*, pcre2_code_free
);
80 static int pattern_compile(const char *pattern
, unsigned flags
, pcre2_code
**out
) {
82 PCRE2_SIZE erroroffset
;
85 p
= pcre2_compile((PCRE2_SPTR8
) pattern
,
86 PCRE2_ZERO_TERMINATED
, flags
, &errorcode
, &erroroffset
, NULL
);
88 unsigned char buf
[LINE_MAX
];
90 r
= pcre2_get_error_message(errorcode
, buf
, sizeof buf
);
92 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
93 "Bad pattern \"%s\": %s", pattern
,
94 r
< 0 ? "unknown error" : (char *)buf
);
104 /* Special values for arg_lines */
105 ARG_LINES_DEFAULT
= -2,
109 static OutputMode arg_output
= OUTPUT_SHORT
;
110 static bool arg_utc
= false;
111 static bool arg_follow
= false;
112 static bool arg_full
= true;
113 static bool arg_all
= false;
114 static PagerFlags arg_pager_flags
= 0;
115 static int arg_lines
= ARG_LINES_DEFAULT
;
116 static bool arg_no_tail
= false;
117 static bool arg_quiet
= false;
118 static bool arg_merge
= false;
119 static bool arg_boot
= false;
120 static sd_id128_t arg_boot_id
= {};
121 static int arg_boot_offset
= 0;
122 static bool arg_dmesg
= false;
123 static bool arg_no_hostname
= false;
124 static const char *arg_cursor
= NULL
;
125 static const char *arg_cursor_file
= NULL
;
126 static const char *arg_after_cursor
= NULL
;
127 static bool arg_show_cursor
= false;
128 static const char *arg_directory
= NULL
;
129 static char **arg_file
= NULL
;
130 static bool arg_file_stdin
= false;
131 static int arg_priorities
= 0xFF;
132 static char *arg_verify_key
= NULL
;
134 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
135 static bool arg_force
= false;
137 static usec_t arg_since
, arg_until
;
138 static bool arg_since_set
= false, arg_until_set
= false;
139 static char **arg_syslog_identifier
= NULL
;
140 static char **arg_system_units
= NULL
;
141 static char **arg_user_units
= NULL
;
142 static const char *arg_field
= NULL
;
143 static bool arg_catalog
= false;
144 static bool arg_reverse
= false;
145 static int arg_journal_type
= 0;
146 static char *arg_root
= NULL
;
147 static const char *arg_machine
= NULL
;
148 static uint64_t arg_vacuum_size
= 0;
149 static uint64_t arg_vacuum_n_files
= 0;
150 static usec_t arg_vacuum_time
= 0;
151 static char **arg_output_fields
= NULL
;
154 static const char *arg_pattern
= NULL
;
155 static pcre2_code
*arg_compiled_pattern
= NULL
;
156 static int arg_case_sensitive
= -1; /* -1 means be smart */
168 ACTION_UPDATE_CATALOG
,
174 ACTION_ROTATE_AND_VACUUM
,
176 ACTION_LIST_FIELD_NAMES
,
177 } arg_action
= ACTION_SHOW
;
179 typedef struct BootId
{
183 LIST_FIELDS(struct BootId
, boot_list
);
186 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
187 _cleanup_(sd_device_unrefp
) sd_device
*device
= NULL
;
195 if (!path_startswith(devpath
, "/dev/")) {
196 log_error("Devpath does not start with /dev/");
200 if (stat(devpath
, &st
) < 0)
201 return log_error_errno(errno
, "Couldn't stat file: %m");
203 r
= device_new_from_stat_rdev(&device
, &st
);
205 return log_error_errno(r
, "Failed to get device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
207 for (d
= device
; d
; ) {
208 _cleanup_free_
char *match
= NULL
;
209 const char *subsys
, *sysname
, *devnode
;
212 r
= sd_device_get_subsystem(d
, &subsys
);
216 r
= sd_device_get_sysname(d
, &sysname
);
220 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
224 r
= sd_journal_add_match(j
, match
, 0);
226 return log_error_errno(r
, "Failed to add match: %m");
228 if (sd_device_get_devname(d
, &devnode
) >= 0) {
229 _cleanup_free_
char *match1
= NULL
;
231 r
= stat(devnode
, &st
);
233 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
235 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
239 r
= sd_journal_add_match(j
, match1
, 0);
241 return log_error_errno(r
, "Failed to add match: %m");
245 if (sd_device_get_parent(d
, &parent
) < 0)
251 r
= add_match_this_boot(j
, arg_machine
);
253 return log_error_errno(r
, "Failed to add match for the current boot: %m");
258 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
261 return format_timestamp_utc(buf
, l
, t
);
263 return format_timestamp(buf
, l
, t
);
266 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
267 sd_id128_t id
= SD_ID128_NULL
;
270 if (streq(x
, "all")) {
271 *boot_id
= SD_ID128_NULL
;
274 } else if (strlen(x
) >= 32) {
278 r
= sd_id128_from_string(t
, &id
);
282 if (!IN_SET(*x
, 0, '-', '+'))
286 r
= safe_atoi(x
, &off
);
291 r
= safe_atoi(x
, &off
);
305 static int help(void) {
306 _cleanup_free_
char *link
= NULL
;
309 (void) pager_open(arg_pager_flags
);
311 r
= terminal_urlify_man("journalctl", "1", &link
);
315 printf("%s [OPTIONS...] [MATCHES...]\n\n"
316 "Query the journal.\n\n"
318 " --system Show the system journal\n"
319 " --user Show the user journal for the current user\n"
320 " -M --machine=CONTAINER Operate on local container\n"
321 " -S --since=DATE Show entries not older than the specified date\n"
322 " -U --until=DATE Show entries not newer than the specified date\n"
323 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
324 " --after-cursor=CURSOR Show entries after the specified cursor\n"
325 " --show-cursor Print the cursor after all the entries\n"
326 " --cursor-file=FILE Show entries after cursor in FILE and update FILE\n"
327 " -b --boot[=ID] Show current boot or the specified boot\n"
328 " --list-boots Show terse information about recorded boots\n"
329 " -k --dmesg Show kernel message log from the current boot\n"
330 " -u --unit=UNIT Show logs from the specified unit\n"
331 " --user-unit=UNIT Show logs from the specified user unit\n"
332 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
333 " -p --priority=RANGE Show entries with the specified priority\n"
334 " -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
335 " --case-sensitive[=BOOL] Force case sensitive or insenstive matching\n"
336 " -e --pager-end Immediately jump to the end in the pager\n"
337 " -f --follow Follow the journal\n"
338 " -n --lines[=INTEGER] Number of journal entries to show\n"
339 " --no-tail Show all lines, even in follow mode\n"
340 " -r --reverse Show the newest entries first\n"
341 " -o --output=STRING Change journal output mode (short, short-precise,\n"
342 " short-iso, short-iso-precise, short-full,\n"
343 " short-monotonic, short-unix, verbose, export,\n"
344 " json, json-pretty, json-sse, json-seq, cat,\n"
346 " --output-fields=LIST Select fields to print in verbose/export/json modes\n"
347 " --utc Express time in Coordinated Universal Time (UTC)\n"
348 " -x --catalog Add message explanations where available\n"
349 " --no-full Ellipsize fields\n"
350 " -a --all Show all fields, including long and unprintable\n"
351 " -q --quiet Do not show info messages and privilege warning\n"
352 " --no-pager Do not pipe output into a pager\n"
353 " --no-hostname Suppress output of hostname field\n"
354 " -m --merge Show entries from all available journals\n"
355 " -D --directory=PATH Show journal files from directory\n"
356 " --file=PATH Show journal file\n"
357 " --root=ROOT Operate on files below a root directory\n"
358 " --interval=TIME Time interval for changing the FSS sealing key\n"
359 " --verify-key=KEY Specify FSS verification key\n"
360 " --force Override of the FSS key pair with --setup-keys\n"
362 " -h --help Show this help text\n"
363 " --version Show package version\n"
364 " -N --fields List all field names currently used\n"
365 " -F --field=FIELD List all values that a specified field takes\n"
366 " --disk-usage Show total disk usage of all journal files\n"
367 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
368 " --vacuum-files=INT Leave only the specified number of journal files\n"
369 " --vacuum-time=TIME Remove journal files older than specified time\n"
370 " --verify Verify journal file consistency\n"
371 " --sync Synchronize unwritten journal messages to disk\n"
372 " --flush Flush all journal data from /run into /var\n"
373 " --rotate Request immediate rotation of the journal files\n"
374 " --header Show journal header information\n"
375 " --list-catalog Show all message IDs in the catalog\n"
376 " --dump-catalog Show entries in the message catalog\n"
377 " --update-catalog Update the message catalog database\n"
378 " --setup-keys Generate a new FSS key pair\n"
379 "\nSee the %s for details.\n"
380 , program_invocation_short_name
387 static int parse_argv(int argc
, char *argv
[]) {
427 static const struct option options
[] = {
428 { "help", no_argument
, NULL
, 'h' },
429 { "version" , no_argument
, NULL
, ARG_VERSION
},
430 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
431 { "pager-end", no_argument
, NULL
, 'e' },
432 { "follow", no_argument
, NULL
, 'f' },
433 { "force", no_argument
, NULL
, ARG_FORCE
},
434 { "output", required_argument
, NULL
, 'o' },
435 { "all", no_argument
, NULL
, 'a' },
436 { "full", no_argument
, NULL
, 'l' },
437 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
438 { "lines", optional_argument
, NULL
, 'n' },
439 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
440 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
}, /* deprecated */
441 { "quiet", no_argument
, NULL
, 'q' },
442 { "merge", no_argument
, NULL
, 'm' },
443 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
444 { "boot", optional_argument
, NULL
, 'b' },
445 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
446 { "dmesg", no_argument
, NULL
, 'k' },
447 { "system", no_argument
, NULL
, ARG_SYSTEM
},
448 { "user", no_argument
, NULL
, ARG_USER
},
449 { "directory", required_argument
, NULL
, 'D' },
450 { "file", required_argument
, NULL
, ARG_FILE
},
451 { "root", required_argument
, NULL
, ARG_ROOT
},
452 { "header", no_argument
, NULL
, ARG_HEADER
},
453 { "identifier", required_argument
, NULL
, 't' },
454 { "priority", required_argument
, NULL
, 'p' },
455 { "grep", required_argument
, NULL
, 'g' },
456 { "case-sensitive", optional_argument
, NULL
, ARG_CASE_SENSITIVE
},
457 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
458 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
459 { "verify", no_argument
, NULL
, ARG_VERIFY
},
460 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
461 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
462 { "cursor", required_argument
, NULL
, 'c' },
463 { "cursor-file", required_argument
, NULL
, ARG_CURSOR_FILE
},
464 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
465 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
466 { "since", required_argument
, NULL
, 'S' },
467 { "until", required_argument
, NULL
, 'U' },
468 { "unit", required_argument
, NULL
, 'u' },
469 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
470 { "field", required_argument
, NULL
, 'F' },
471 { "fields", no_argument
, NULL
, 'N' },
472 { "catalog", no_argument
, NULL
, 'x' },
473 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
474 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
475 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
476 { "reverse", no_argument
, NULL
, 'r' },
477 { "machine", required_argument
, NULL
, 'M' },
478 { "utc", no_argument
, NULL
, ARG_UTC
},
479 { "flush", no_argument
, NULL
, ARG_FLUSH
},
480 { "sync", no_argument
, NULL
, ARG_SYNC
},
481 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
482 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
483 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
484 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
485 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
486 { "output-fields", required_argument
, NULL
, ARG_OUTPUT_FIELDS
},
495 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
506 arg_pager_flags
|= PAGER_DISABLE
;
510 arg_pager_flags
|= PAGER_JUMP_TO_END
;
512 if (arg_lines
== ARG_LINES_DEFAULT
)
522 if (streq(optarg
, "help")) {
523 DUMP_STRING_TABLE(output_mode
, OutputMode
, _OUTPUT_MODE_MAX
);
527 arg_output
= output_mode_from_string(optarg
);
528 if (arg_output
< 0) {
529 log_error("Unknown output format '%s'.", optarg
);
533 if (IN_SET(arg_output
, OUTPUT_EXPORT
, OUTPUT_JSON
, OUTPUT_JSON_PRETTY
, OUTPUT_JSON_SSE
, OUTPUT_JSON_SEQ
, OUTPUT_CAT
))
552 if (streq(optarg
, "all"))
553 arg_lines
= ARG_LINES_ALL
;
555 r
= safe_atoi(optarg
, &arg_lines
);
556 if (r
< 0 || arg_lines
< 0) {
557 log_error("Failed to parse lines '%s'", optarg
);
564 /* Hmm, no argument? Maybe the next
565 * word on the command line is
566 * supposed to be the argument? Let's
567 * see if there is one, and is
571 if (streq(argv
[optind
], "all")) {
572 arg_lines
= ARG_LINES_ALL
;
574 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
588 arg_action
= ACTION_NEW_ID128
;
601 arg_boot_id
= SD_ID128_NULL
;
607 arg_boot_id
= SD_ID128_NULL
;
611 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
613 return log_error_errno(r
, "Failed to parse boot descriptor '%s'", optarg
);
617 /* Hmm, no argument? Maybe the next
618 * word on the command line is
619 * supposed to be the argument? Let's
620 * see if there is one and is parsable
621 * as a boot descriptor... */
622 } else if (optind
< argc
) {
623 r
= parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
);
632 arg_action
= ACTION_LIST_BOOTS
;
636 arg_boot
= arg_dmesg
= true;
640 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
644 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
648 arg_machine
= optarg
;
652 arg_directory
= optarg
;
656 if (streq(optarg
, "-"))
657 /* An undocumented feature: we can read journal files from STDIN. We don't document
658 * this though, since after all we only support this for mmap-able, seekable files, and
659 * not for example pipes which are probably the primary usecase for reading things from
660 * STDIN. To avoid confusion we hence don't document this feature. */
661 arg_file_stdin
= true;
663 r
= glob_extend(&arg_file
, optarg
);
665 return log_error_errno(r
, "Failed to add paths: %m");
670 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
679 case ARG_CURSOR_FILE
:
680 arg_cursor_file
= optarg
;
683 case ARG_AFTER_CURSOR
:
684 arg_after_cursor
= optarg
;
687 case ARG_SHOW_CURSOR
:
688 arg_show_cursor
= true;
692 arg_action
= ACTION_PRINT_HEADER
;
696 arg_action
= ACTION_VERIFY
;
700 arg_action
= ACTION_DISK_USAGE
;
703 case ARG_VACUUM_SIZE
:
704 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
706 log_error("Failed to parse vacuum size: %s", optarg
);
710 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
713 case ARG_VACUUM_FILES
:
714 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
716 log_error("Failed to parse vacuum files: %s", optarg
);
720 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
723 case ARG_VACUUM_TIME
:
724 r
= parse_sec(optarg
, &arg_vacuum_time
);
726 log_error("Failed to parse vacuum time: %s", optarg
);
730 arg_action
= arg_action
== ACTION_ROTATE
? ACTION_ROTATE_AND_VACUUM
: ACTION_VACUUM
;
739 arg_action
= ACTION_SETUP_KEYS
;
743 arg_action
= ACTION_VERIFY
;
744 r
= free_and_strdup(&arg_verify_key
, optarg
);
747 /* Use memset not string_erase so this doesn't look confusing
748 * in ps or htop output. */
749 memset(optarg
, 'x', strlen(optarg
));
755 r
= parse_sec(optarg
, &arg_interval
);
756 if (r
< 0 || arg_interval
<= 0) {
757 log_error("Failed to parse sealing key change interval: %s", optarg
);
766 log_error("Compiled without forward-secure sealing support.");
773 dots
= strstr(optarg
, "..");
779 a
= strndup(optarg
, dots
- optarg
);
783 from
= log_level_from_string(a
);
784 to
= log_level_from_string(dots
+ 2);
787 if (from
< 0 || to
< 0) {
788 log_error("Failed to parse log level range %s", optarg
);
795 for (i
= from
; i
<= to
; i
++)
796 arg_priorities
|= 1 << i
;
798 for (i
= to
; i
<= from
; i
++)
799 arg_priorities
|= 1 << i
;
805 p
= log_level_from_string(optarg
);
807 log_error("Unknown log level %s", optarg
);
813 for (i
= 0; i
<= p
; i
++)
814 arg_priorities
|= 1 << i
;
822 arg_pattern
= optarg
;
825 case ARG_CASE_SENSITIVE
:
827 r
= parse_boolean(optarg
);
829 return log_error_errno(r
, "Bad --case-sensitive= argument \"%s\": %m", optarg
);
830 arg_case_sensitive
= r
;
832 arg_case_sensitive
= true;
837 case ARG_CASE_SENSITIVE
:
838 return log_error("Compiled without pattern matching support");
842 r
= parse_timestamp(optarg
, &arg_since
);
844 log_error("Failed to parse timestamp: %s", optarg
);
847 arg_since_set
= true;
851 r
= parse_timestamp(optarg
, &arg_until
);
853 log_error("Failed to parse timestamp: %s", optarg
);
856 arg_until_set
= true;
860 r
= strv_extend(&arg_syslog_identifier
, optarg
);
866 r
= strv_extend(&arg_system_units
, optarg
);
872 r
= strv_extend(&arg_user_units
, optarg
);
878 arg_action
= ACTION_LIST_FIELDS
;
883 arg_action
= ACTION_LIST_FIELD_NAMES
;
886 case ARG_NO_HOSTNAME
:
887 arg_no_hostname
= true;
894 case ARG_LIST_CATALOG
:
895 arg_action
= ACTION_LIST_CATALOG
;
898 case ARG_DUMP_CATALOG
:
899 arg_action
= ACTION_DUMP_CATALOG
;
902 case ARG_UPDATE_CATALOG
:
903 arg_action
= ACTION_UPDATE_CATALOG
;
915 arg_action
= ACTION_FLUSH
;
919 arg_action
= arg_action
== ACTION_VACUUM
? ACTION_ROTATE_AND_VACUUM
: ACTION_ROTATE
;
923 arg_action
= ACTION_SYNC
;
926 case ARG_OUTPUT_FIELDS
: {
927 _cleanup_strv_free_
char **v
= NULL
;
929 v
= strv_split(optarg
, ",");
933 if (!arg_output_fields
)
934 arg_output_fields
= TAKE_PTR(v
);
936 r
= strv_extend_strv(&arg_output_fields
, v
, true);
947 assert_not_reached("Unhandled option");
950 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
953 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
954 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
958 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
959 log_error("--since= must be before --until=.");
963 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
964 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
968 if (arg_follow
&& arg_reverse
) {
969 log_error("Please specify either --reverse= or --follow=, not both.");
973 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
974 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
978 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
979 log_error("Using --boot or --list-boots with --merge is not supported.");
983 if (!strv_isempty(arg_system_units
) && arg_journal_type
== SD_JOURNAL_CURRENT_USER
) {
984 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
985 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
986 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
987 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
991 arg_system_units
= strv_free(arg_system_units
);
998 if (arg_case_sensitive
>= 0)
999 flags
= !arg_case_sensitive
* PCRE2_CASELESS
;
1001 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
1003 _cleanup_(pcre2_code_freep
) pcre2_code
*cs
= NULL
;
1005 md
= pcre2_match_data_create(1, NULL
);
1009 r
= pattern_compile("[[:upper:]]", 0, &cs
);
1013 r
= pcre2_match(cs
, (PCRE2_SPTR8
) arg_pattern
, PCRE2_ZERO_TERMINATED
, 0, 0, md
, NULL
);
1016 flags
= !has_case
* PCRE2_CASELESS
;
1019 log_debug("Doing case %s matching based on %s",
1020 flags
& PCRE2_CASELESS
? "insensitive" : "sensitive",
1021 arg_case_sensitive
>= 0 ? "request" : "pattern casing");
1023 r
= pattern_compile(arg_pattern
, flags
, &arg_compiled_pattern
);
1032 static int add_matches(sd_journal
*j
, char **args
) {
1034 bool have_term
= false;
1038 STRV_FOREACH(i
, args
) {
1041 if (streq(*i
, "+")) {
1044 r
= sd_journal_add_disjunction(j
);
1047 } else if (path_is_absolute(*i
)) {
1048 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
1051 r
= chase_symlinks(*i
, NULL
, CHASE_TRAIL_SLASH
, &p
);
1053 return log_error_errno(r
, "Couldn't canonicalize path: %m");
1055 if (lstat(p
, &st
) < 0)
1056 return log_error_errno(errno
, "Couldn't stat file: %m");
1058 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
1059 if (executable_is_script(p
, &interpreter
) > 0) {
1060 _cleanup_free_
char *comm
;
1062 comm
= strndup(basename(p
), 15);
1066 t
= strappend("_COMM=", comm
);
1070 /* Append _EXE only if the interpreter is not a link.
1071 Otherwise, it might be outdated often. */
1072 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
1073 t2
= strappend("_EXE=", interpreter
);
1078 t
= strappend("_EXE=", p
);
1083 r
= sd_journal_add_match(j
, t
, 0);
1086 r
= sd_journal_add_match(j
, t2
, 0);
1088 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
1089 r
= add_matches_for_device(j
, p
);
1093 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1094 "File is neither a device node, nor regular file, nor executable: %s",
1099 r
= sd_journal_add_match(j
, *i
, 0);
1104 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1107 if (!strv_isempty(args
) && !have_term
)
1108 return log_error_errno(SYNTHETIC_ERRNO(EINVAL
),
1109 "\"+\" can only be used between terms");
1114 static void boot_id_free_all(BootId
*l
) {
1118 LIST_REMOVE(boot_list
, l
, i
);
1123 static int discover_next_boot(sd_journal
*j
,
1124 sd_id128_t previous_boot_id
,
1128 _cleanup_free_ BootId
*next_boot
= NULL
;
1129 char match
[9+32+1] = "_BOOT_ID=";
1136 /* We expect the journal to be on the last position of a boot
1137 * (in relation to the direction we are going), so that the next
1138 * invocation of sd_journal_next/previous will be from a different
1139 * boot. We then collect any information we desire and then jump
1140 * to the last location of the new boot by using a _BOOT_ID match
1141 * coming from the other journal direction. */
1143 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1144 * we can actually advance to a *different* boot. */
1145 sd_journal_flush_matches(j
);
1149 r
= sd_journal_previous(j
);
1151 r
= sd_journal_next(j
);
1155 return 0; /* End of journal, yay. */
1157 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1161 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1162 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1163 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1164 * complete than the main entry array, and hence might reference an entry that's not actually the last
1165 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1166 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1169 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1171 next_boot
= new0(BootId
, 1);
1175 next_boot
->id
= boot_id
;
1177 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1181 /* Now seek to the last occurrence of this boot ID. */
1182 sd_id128_to_string(next_boot
->id
, match
+ 9);
1183 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1188 r
= sd_journal_seek_head(j
);
1190 r
= sd_journal_seek_tail(j
);
1195 r
= sd_journal_next(j
);
1197 r
= sd_journal_previous(j
);
1201 return log_debug_errno(SYNTHETIC_ERRNO(ENODATA
),
1202 "Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
1204 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1208 *ret
= TAKE_PTR(next_boot
);
1213 static int get_boots(
1216 sd_id128_t
*boot_id
,
1221 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1222 const bool advance_older
= boot_id
&& offset
<= 0;
1223 sd_id128_t previous_boot_id
;
1227 /* Adjust for the asymmetry that offset 0 is
1228 * the last (and current) boot, while 1 is considered the
1229 * (chronological) first boot in the journal. */
1230 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1232 /* Advance to the earliest/latest occurrence of our reference
1233 * boot ID (taking our lookup direction into account), so that
1234 * discover_next_boot() can do its job.
1235 * If no reference is given, the journal head/tail will do,
1236 * they're "virtual" boots after all. */
1237 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1238 char match
[9+32+1] = "_BOOT_ID=";
1240 sd_journal_flush_matches(j
);
1242 sd_id128_to_string(*boot_id
, match
+ 9);
1243 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1248 r
= sd_journal_seek_head(j
); /* seek to oldest */
1250 r
= sd_journal_seek_tail(j
); /* seek to newest */
1255 r
= sd_journal_next(j
); /* read the oldest entry */
1257 r
= sd_journal_previous(j
); /* read the most recently added entry */
1262 else if (offset
== 0) {
1267 /* At this point the read pointer is positioned at the oldest/newest occurrence of the reference boot
1268 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1269 * the following entry, which must then have an older/newer boot ID */
1273 r
= sd_journal_seek_tail(j
); /* seek to newest */
1275 r
= sd_journal_seek_head(j
); /* seek to oldest */
1279 /* No sd_journal_next()/_previous() here.
1281 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1282 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1286 previous_boot_id
= SD_ID128_NULL
;
1288 _cleanup_free_ BootId
*current
= NULL
;
1290 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1292 boot_id_free_all(head
);
1299 previous_boot_id
= current
->id
;
1303 offset
+= advance_older
? 1 : -1;
1308 *boot_id
= current
->id
;
1312 LIST_FOREACH(boot_list
, id
, head
) {
1313 if (sd_id128_equal(id
->id
, current
->id
)) {
1314 /* boot id already stored, something wrong with the journal files */
1315 /* exiting as otherwise this problem would cause forever loop */
1319 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1320 tail
= TAKE_PTR(current
);
1329 sd_journal_flush_matches(j
);
1334 static int list_boots(sd_journal
*j
) {
1336 BootId
*id
, *all_ids
;
1340 count
= get_boots(j
, &all_ids
, NULL
, 0);
1342 return log_error_errno(count
, "Failed to determine boots: %m");
1346 (void) pager_open(arg_pager_flags
);
1348 /* numbers are one less, but we need an extra char for the sign */
1349 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1352 LIST_FOREACH(boot_list
, id
, all_ids
) {
1353 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1355 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1357 SD_ID128_FORMAT_VAL(id
->id
),
1358 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1359 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1363 boot_id_free_all(all_ids
);
1368 static int add_boot(sd_journal
*j
) {
1369 char match
[9+32+1] = "_BOOT_ID=";
1378 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1379 * We can do this only when we logs are coming from the current machine,
1380 * so take the slow path if log location is specified. */
1381 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1382 !arg_directory
&& !arg_file
&& !arg_root
)
1384 return add_match_this_boot(j
, arg_machine
);
1386 boot_id
= arg_boot_id
;
1387 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1390 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1392 if (sd_id128_is_null(arg_boot_id
))
1393 log_error("Data from the specified boot (%+i) is not available: %s",
1394 arg_boot_offset
, reason
);
1396 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1397 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1399 return r
== 0 ? -ENODATA
: r
;
1402 sd_id128_to_string(boot_id
, match
+ 9);
1404 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1406 return log_error_errno(r
, "Failed to add match: %m");
1408 r
= sd_journal_add_conjunction(j
);
1410 return log_error_errno(r
, "Failed to add conjunction: %m");
1415 static int add_dmesg(sd_journal
*j
) {
1422 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel",
1423 STRLEN("_TRANSPORT=kernel"));
1425 return log_error_errno(r
, "Failed to add match: %m");
1427 r
= sd_journal_add_conjunction(j
);
1429 return log_error_errno(r
, "Failed to add conjunction: %m");
1434 static int get_possible_units(
1440 _cleanup_set_free_free_ Set
*found
;
1444 found
= set_new(&string_hash_ops
);
1448 NULSTR_FOREACH(field
, fields
) {
1452 r
= sd_journal_query_unique(j
, field
);
1456 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1457 char **pattern
, *eq
;
1459 _cleanup_free_
char *u
= NULL
;
1461 eq
= memchr(data
, '=', size
);
1463 prefix
= eq
- (char*) data
+ 1;
1467 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1471 STRV_FOREACH(pattern
, patterns
)
1472 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1473 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1475 r
= set_consume(found
, u
);
1477 if (r
< 0 && r
!= -EEXIST
)
1485 *units
= TAKE_PTR(found
);
1490 /* This list is supposed to return the superset of unit names
1491 * possibly matched by rules added with add_matches_for_unit... */
1492 #define SYSTEM_UNITS \
1496 "OBJECT_SYSTEMD_UNIT\0" \
1499 /* ... and add_matches_for_user_unit */
1500 #define USER_UNITS \
1501 "_SYSTEMD_USER_UNIT\0" \
1503 "COREDUMP_USER_UNIT\0" \
1504 "OBJECT_SYSTEMD_USER_UNIT\0"
1506 static int add_units(sd_journal
*j
) {
1507 _cleanup_strv_free_
char **patterns
= NULL
;
1513 STRV_FOREACH(i
, arg_system_units
) {
1514 _cleanup_free_
char *u
= NULL
;
1516 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1520 if (string_is_glob(u
)) {
1521 r
= strv_push(&patterns
, u
);
1526 r
= add_matches_for_unit(j
, u
);
1529 r
= sd_journal_add_disjunction(j
);
1536 if (!strv_isempty(patterns
)) {
1537 _cleanup_set_free_free_ Set
*units
= NULL
;
1541 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1545 SET_FOREACH(u
, units
, it
) {
1546 r
= add_matches_for_unit(j
, u
);
1549 r
= sd_journal_add_disjunction(j
);
1556 patterns
= strv_free(patterns
);
1558 STRV_FOREACH(i
, arg_user_units
) {
1559 _cleanup_free_
char *u
= NULL
;
1561 r
= unit_name_mangle(*i
, UNIT_NAME_MANGLE_GLOB
| (arg_quiet
? 0 : UNIT_NAME_MANGLE_WARN
), &u
);
1565 if (string_is_glob(u
)) {
1566 r
= strv_push(&patterns
, u
);
1571 r
= add_matches_for_user_unit(j
, u
, getuid());
1574 r
= sd_journal_add_disjunction(j
);
1581 if (!strv_isempty(patterns
)) {
1582 _cleanup_set_free_free_ Set
*units
= NULL
;
1586 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1590 SET_FOREACH(u
, units
, it
) {
1591 r
= add_matches_for_user_unit(j
, u
, getuid());
1594 r
= sd_journal_add_disjunction(j
);
1601 /* Complain if the user request matches but nothing whatsoever was
1602 * found, since otherwise everything would be matched. */
1603 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1606 r
= sd_journal_add_conjunction(j
);
1613 static int add_priorities(sd_journal
*j
) {
1614 char match
[] = "PRIORITY=0";
1618 if (arg_priorities
== 0xFF)
1621 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1622 if (arg_priorities
& (1 << i
)) {
1623 match
[sizeof(match
)-2] = '0' + i
;
1625 r
= sd_journal_add_match(j
, match
, strlen(match
));
1627 return log_error_errno(r
, "Failed to add match: %m");
1630 r
= sd_journal_add_conjunction(j
);
1632 return log_error_errno(r
, "Failed to add conjunction: %m");
1637 static int add_syslog_identifier(sd_journal
*j
) {
1643 STRV_FOREACH(i
, arg_syslog_identifier
) {
1646 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1647 r
= sd_journal_add_match(j
, u
, 0);
1650 r
= sd_journal_add_disjunction(j
);
1655 r
= sd_journal_add_conjunction(j
);
1662 static int setup_keys(void) {
1664 size_t mpk_size
, seed_size
, state_size
, i
;
1665 uint8_t *mpk
, *seed
, *state
;
1667 sd_id128_t machine
, boot
;
1668 char *p
= NULL
, *k
= NULL
;
1673 r
= stat("/var/log/journal", &st
);
1674 if (r
< 0 && !IN_SET(errno
, ENOENT
, ENOTDIR
))
1675 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1677 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1678 log_error("%s is not a directory, must be using persistent logging for FSS.",
1679 "/var/log/journal");
1680 return r
< 0 ? -errno
: -ENOTDIR
;
1683 r
= sd_id128_get_machine(&machine
);
1685 return log_error_errno(r
, "Failed to get machine ID: %m");
1687 r
= sd_id128_get_boot(&boot
);
1689 return log_error_errno(r
, "Failed to get boot ID: %m");
1691 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1692 SD_ID128_FORMAT_VAL(machine
)) < 0)
1697 if (r
< 0 && errno
!= ENOENT
) {
1698 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1701 } else if (access(p
, F_OK
) >= 0) {
1702 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1707 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1708 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1713 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1714 mpk
= alloca(mpk_size
);
1716 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1717 seed
= alloca(seed_size
);
1719 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1720 state
= alloca(state_size
);
1722 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1724 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1728 log_info("Generating seed...");
1729 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1731 log_error_errno(r
, "Failed to read random seed: %m");
1735 log_info("Generating key pair...");
1736 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1738 log_info("Generating sealing key...");
1739 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1741 assert(arg_interval
> 0);
1743 n
= now(CLOCK_REALTIME
);
1747 fd
= mkostemp_safe(k
);
1749 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1753 /* Enable secure remove, exclusion from dump, synchronous
1754 * writing and in-place updating */
1755 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, NULL
);
1757 log_warning_errno(r
, "Failed to set file attributes: %m");
1760 memcpy(h
.signature
, "KSHHRHLP", 8);
1761 h
.machine_id
= machine
;
1763 h
.header_size
= htole64(sizeof(h
));
1764 h
.start_usec
= htole64(n
* arg_interval
);
1765 h
.interval_usec
= htole64(arg_interval
);
1766 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1767 h
.fsprg_state_size
= htole64(state_size
);
1769 r
= loop_write(fd
, &h
, sizeof(h
), false);
1771 log_error_errno(r
, "Failed to write header: %m");
1775 r
= loop_write(fd
, state
, state_size
, false);
1777 log_error_errno(r
, "Failed to write state: %m");
1781 if (link(k
, p
) < 0) {
1782 r
= log_error_errno(errno
, "Failed to link file: %m");
1789 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1790 "the following local file. This key file is automatically updated when the\n"
1791 "sealing key is advanced. It should not be used on multiple hosts.\n"
1795 "Please write down the following %ssecret verification key%s. It should be stored\n"
1796 "at a safe location and should not be saved locally on disk.\n"
1798 ansi_highlight(), ansi_normal(),
1800 ansi_highlight(), ansi_normal(),
1801 ansi_highlight_red());
1804 for (i
= 0; i
< seed_size
; i
++) {
1805 if (i
> 0 && i
% 3 == 0)
1807 printf("%02x", ((uint8_t*) seed
)[i
]);
1810 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1813 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1817 "The sealing key is automatically changed every %s.\n",
1819 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1821 hn
= gethostname_malloc();
1824 hostname_cleanup(hn
);
1825 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1827 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1830 /* If this is not an UTF-8 system don't print any QR codes */
1831 if (is_locale_utf8()) {
1832 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1833 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1853 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
),
1854 "Forward-secure sealing not available.");
1858 static int verify(sd_journal
*j
) {
1865 log_show_color(true);
1867 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1869 usec_t first
= 0, validated
= 0, last
= 0;
1872 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1873 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1876 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1878 /* If the key was invalid give up right-away. */
1881 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1884 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1885 log_info("PASS: %s", f
->path
);
1887 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1888 if (validated
> 0) {
1889 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1890 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1891 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1892 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1893 } else if (last
> 0)
1894 log_info("=> No sealing yet, %s of entries not sealed.",
1895 format_timespan(c
, sizeof(c
), last
- first
, 0));
1897 log_info("=> No sealing yet, no entries in file.");
1905 static int simple_varlink_call(const char *option
, const char *method
) {
1906 _cleanup_(varlink_flush_close_unrefp
) Varlink
*link
= NULL
;
1911 return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP
), "%s is not supported in conjunction with --machine=.", option
);
1913 r
= varlink_connect_address(&link
, "/run/systemd/journal/io.systemd.journal");
1915 return log_error_errno(r
, "Failed to connect to journal: %m");
1917 r
= varlink_call(link
, method
, NULL
, NULL
, &error
, NULL
);
1919 return log_error_errno(r
, "Failed to execute operation: %s", error
);
1924 static int flush_to_var(void) {
1925 return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar");
1928 static int rotate(void) {
1929 return simple_varlink_call("--rotate", "io.systemd.Journal.Rotate");
1932 static int sync_journal(void) {
1933 return simple_varlink_call("--sync", "io.systemd.Journal.Synchronize");
1936 static int wait_for_change(sd_journal
*j
, int poll_fd
) {
1937 struct pollfd pollfds
[] = {
1938 { .fd
= poll_fd
, .events
= POLLIN
},
1939 { .fd
= STDOUT_FILENO
},
1947 assert(poll_fd
>= 0);
1949 /* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
1950 * i.e. when it is closed. */
1952 r
= sd_journal_get_timeout(j
, &timeout
);
1954 return log_error_errno(r
, "Failed to determine journal waiting time: %m");
1956 if (ppoll(pollfds
, ELEMENTSOF(pollfds
),
1957 timeout
== USEC_INFINITY
? NULL
: timespec_store(&ts
, timeout
), NULL
) < 0) {
1961 return log_error_errno(errno
, "Couldn't wait for journal event: %m");
1964 if (pollfds
[1].revents
& (POLLHUP
|POLLERR
)) /* STDOUT has been closed? */
1965 return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED
),
1966 "Standard output has been closed.");
1968 r
= sd_journal_process(j
);
1970 return log_error_errno(r
, "Failed to process journal events: %m");
1975 int main(int argc
, char *argv
[]) {
1976 bool previous_boot_id_valid
= false, first_line
= true, ellipsized
= false, need_seek
= false;
1977 bool use_cursor
= false, after_cursor
= false;
1978 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
1979 sd_id128_t previous_boot_id
;
1980 int n_shown
= 0, r
, poll_fd
= -1;
1982 setlocale(LC_ALL
, "");
1983 log_show_color(true);
1984 log_parse_environment();
1987 /* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
1988 * split up into many files. */
1989 (void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE
);
1991 r
= parse_argv(argc
, argv
);
1995 signal(SIGWINCH
, columns_lines_cache_reset
);
1998 switch (arg_action
) {
2000 case ACTION_NEW_ID128
:
2001 r
= id128_print_new(true);
2004 case ACTION_SETUP_KEYS
:
2008 case ACTION_LIST_CATALOG
:
2009 case ACTION_DUMP_CATALOG
:
2010 case ACTION_UPDATE_CATALOG
: {
2011 _cleanup_free_
char *database
;
2013 database
= path_join(arg_root
, CATALOG_DATABASE
);
2019 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2020 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2022 log_error_errno(r
, "Failed to list catalog: %m");
2024 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2026 (void) pager_open(arg_pager_flags
);
2029 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2031 r
= catalog_list(stdout
, database
, oneline
);
2033 log_error_errno(r
, "Failed to list catalog: %m");
2052 case ACTION_PRINT_HEADER
:
2054 case ACTION_DISK_USAGE
:
2055 case ACTION_LIST_BOOTS
:
2057 case ACTION_ROTATE_AND_VACUUM
:
2058 case ACTION_LIST_FIELDS
:
2059 case ACTION_LIST_FIELD_NAMES
:
2060 /* These ones require access to the journal files, continue below. */
2064 assert_not_reached("Unknown action");
2068 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2070 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2071 else if (arg_file_stdin
) {
2072 int ifd
= STDIN_FILENO
;
2073 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2074 } else if (arg_file
)
2075 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2076 else if (arg_machine
) {
2077 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2078 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2079 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2082 if (geteuid() != 0) {
2083 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2084 * the container, thus we need root privileges to override them. */
2085 log_error("Using the --machine= switch requires root privileges.");
2090 r
= sd_bus_open_system(&bus
);
2092 log_error_errno(r
, "Failed to open system bus: %m");
2096 r
= sd_bus_call_method(
2098 "org.freedesktop.machine1",
2099 "/org/freedesktop/machine1",
2100 "org.freedesktop.machine1.Manager",
2101 "OpenMachineRootDirectory",
2106 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2110 r
= sd_bus_message_read(reply
, "h", &fd
);
2112 bus_log_parse_error(r
);
2116 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2118 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2122 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2126 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2128 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2132 r
= journal_access_check_and_warn(j
, arg_quiet
,
2133 !(arg_journal_type
== SD_JOURNAL_CURRENT_USER
|| arg_user_units
));
2137 switch (arg_action
) {
2139 case ACTION_NEW_ID128
:
2140 case ACTION_SETUP_KEYS
:
2141 case ACTION_LIST_CATALOG
:
2142 case ACTION_DUMP_CATALOG
:
2143 case ACTION_UPDATE_CATALOG
:
2147 assert_not_reached("Unexpected action.");
2149 case ACTION_PRINT_HEADER
:
2150 journal_print_header(j
);
2158 case ACTION_DISK_USAGE
: {
2160 char sbytes
[FORMAT_BYTES_MAX
];
2162 r
= sd_journal_get_usage(j
, &bytes
);
2166 printf("Archived and active journals take up %s in the file system.\n",
2167 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2171 case ACTION_LIST_BOOTS
:
2175 case ACTION_ROTATE_AND_VACUUM
:
2183 case ACTION_VACUUM
: {
2187 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2193 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, !arg_quiet
);
2195 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2203 case ACTION_LIST_FIELD_NAMES
: {
2206 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2207 printf("%s\n", field
);
2216 case ACTION_LIST_FIELDS
:
2220 assert_not_reached("Unknown action");
2223 if (arg_boot_offset
!= 0 &&
2224 sd_journal_has_runtime_files(j
) > 0 &&
2225 sd_journal_has_persistent_files(j
) == 0) {
2226 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2230 /* add_boot() must be called first!
2231 * It may need to seek the journal to find parent boot IDs. */
2242 log_error_errno(r
, "Failed to add filter for units: %m");
2246 r
= add_syslog_identifier(j
);
2248 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2252 r
= add_priorities(j
);
2256 r
= add_matches(j
, argv
+ optind
);
2260 if (DEBUG_LOGGING
) {
2261 _cleanup_free_
char *filter
;
2263 filter
= journal_make_match_string(j
);
2267 log_debug("Journal filter: %s", filter
);
2270 if (arg_action
== ACTION_LIST_FIELDS
) {
2276 r
= sd_journal_set_data_threshold(j
, 0);
2278 log_error_errno(r
, "Failed to unset data size threshold: %m");
2282 r
= sd_journal_query_unique(j
, arg_field
);
2284 log_error_errno(r
, "Failed to query unique data objects: %m");
2288 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2291 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2294 eq
= memchr(data
, '=', size
);
2296 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2298 printf("%.*s\n", (int) size
, (const char*) data
);
2307 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2309 poll_fd
= sd_journal_get_fd(j
);
2310 if (poll_fd
== -EMFILE
) {
2311 log_warning_errno(poll_fd
, "Insufficient watch descriptors available. Reverting to -n.");
2313 } else if (poll_fd
== -EMEDIUMTYPE
) {
2314 log_error_errno(poll_fd
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2316 } else if (poll_fd
< 0) {
2317 log_error_errno(poll_fd
, "Failed to get journal fd: %m");
2322 if (arg_cursor
|| arg_after_cursor
|| arg_cursor_file
) {
2323 _cleanup_free_
char *cursor_from_file
= NULL
;
2324 const char *cursor
= arg_cursor
?: arg_after_cursor
;
2326 if (arg_cursor_file
) {
2327 r
= read_one_line_file(arg_cursor_file
, &cursor_from_file
);
2328 if (r
< 0 && r
!= -ENOENT
) {
2329 log_error_errno(r
, "Failed to read cursor file %s: %m", arg_cursor_file
);
2334 cursor
= cursor_from_file
;
2335 after_cursor
= true;
2338 after_cursor
= !!arg_after_cursor
;
2341 r
= sd_journal_seek_cursor(j
, cursor
);
2343 log_error_errno(r
, "Failed to seek to cursor: %m");
2352 r
= sd_journal_next_skip(j
, 1 + after_cursor
);
2354 r
= sd_journal_previous_skip(j
, 1 + after_cursor
);
2356 if (after_cursor
&& r
< 2) {
2357 /* We couldn't find the next entry after the cursor. */
2364 } else if (arg_since_set
&& !arg_reverse
) {
2365 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2367 log_error_errno(r
, "Failed to seek to date: %m");
2370 r
= sd_journal_next(j
);
2372 } else if (arg_until_set
&& arg_reverse
) {
2373 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2375 log_error_errno(r
, "Failed to seek to date: %m");
2378 r
= sd_journal_previous(j
);
2380 } else if (arg_lines
>= 0) {
2381 r
= sd_journal_seek_tail(j
);
2383 log_error_errno(r
, "Failed to seek to tail: %m");
2387 r
= sd_journal_previous_skip(j
, arg_lines
);
2389 } else if (arg_reverse
) {
2390 r
= sd_journal_seek_tail(j
);
2392 log_error_errno(r
, "Failed to seek to tail: %m");
2396 r
= sd_journal_previous(j
);
2399 r
= sd_journal_seek_head(j
);
2401 log_error_errno(r
, "Failed to seek to head: %m");
2405 r
= sd_journal_next(j
);
2409 log_error_errno(r
, "Failed to iterate through journal: %m");
2416 (void) pager_open(arg_pager_flags
);
2418 if (!arg_quiet
&& (arg_lines
!= 0 || arg_follow
)) {
2420 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2422 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2424 log_error_errno(r
, "Failed to get cutoff: %m");
2430 printf("-- Logs begin at %s. --\n",
2431 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2433 printf("-- Logs begin at %s, end at %s. --\n",
2434 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2435 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2440 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2442 size_t highlight
[2] = {};
2446 r
= sd_journal_next(j
);
2448 r
= sd_journal_previous(j
);
2450 log_error_errno(r
, "Failed to iterate through journal: %m");
2457 if (arg_until_set
&& !arg_reverse
) {
2460 r
= sd_journal_get_realtime_usec(j
, &usec
);
2462 log_error_errno(r
, "Failed to determine timestamp: %m");
2465 if (usec
> arg_until
)
2469 if (arg_since_set
&& arg_reverse
) {
2472 r
= sd_journal_get_realtime_usec(j
, &usec
);
2474 log_error_errno(r
, "Failed to determine timestamp: %m");
2477 if (usec
< arg_since
)
2481 if (!arg_merge
&& !arg_quiet
) {
2484 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2486 if (previous_boot_id_valid
&&
2487 !sd_id128_equal(boot_id
, previous_boot_id
))
2488 printf("%s-- Reboot --%s\n",
2489 ansi_highlight(), ansi_normal());
2491 previous_boot_id
= boot_id
;
2492 previous_boot_id_valid
= true;
2497 if (arg_compiled_pattern
) {
2498 _cleanup_(pcre2_match_data_freep
) pcre2_match_data
*md
= NULL
;
2499 const void *message
;
2503 md
= pcre2_match_data_create(1, NULL
);
2507 r
= sd_journal_get_data(j
, "MESSAGE", &message
, &len
);
2514 log_error_errno(r
, "Failed to get MESSAGE field: %m");
2518 assert_se(message
= startswith(message
, "MESSAGE="));
2520 r
= pcre2_match(arg_compiled_pattern
,
2522 len
- strlen("MESSAGE="),
2523 0, /* start at offset 0 in the subject */
2524 0, /* default options */
2527 if (r
== PCRE2_ERROR_NOMATCH
) {
2532 unsigned char buf
[LINE_MAX
];
2535 r2
= pcre2_get_error_message(r
, buf
, sizeof buf
);
2536 log_error("Pattern matching failed: %s",
2537 r2
< 0 ? "unknown error" : (char*) buf
);
2542 ovec
= pcre2_get_ovector_pointer(md
);
2543 highlight
[0] = ovec
[0];
2544 highlight
[1] = ovec
[1];
2549 arg_all
* OUTPUT_SHOW_ALL
|
2550 arg_full
* OUTPUT_FULL_WIDTH
|
2551 colors_enabled() * OUTPUT_COLOR
|
2552 arg_catalog
* OUTPUT_CATALOG
|
2553 arg_utc
* OUTPUT_UTC
|
2554 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2556 r
= show_journal_entry(stdout
, j
, arg_output
, 0, flags
,
2557 arg_output_fields
, highlight
, &ellipsized
);
2559 if (r
== -EADDRNOTAVAIL
)
2566 /* If journalctl take a long time to process messages, and during that time journal file
2567 * rotation occurs, a journalctl client will keep those rotated files open until it calls
2568 * sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
2569 * in the "following" case. By periodically calling sd_journal_process() during the processing
2570 * loop we shrink the window of time a client instance has open file descriptors for rotated
2571 * (deleted) journal files. */
2572 if ((n_shown
% PROCESS_INOTIFY_INTERVAL
) == 0) {
2573 r
= sd_journal_process(j
);
2575 log_error_errno(r
, "Failed to process inotify events: %m");
2582 if (n_shown
== 0 && !arg_quiet
)
2583 printf("-- No entries --\n");
2585 if (arg_show_cursor
|| arg_cursor_file
) {
2586 _cleanup_free_
char *cursor
= NULL
;
2588 r
= sd_journal_get_cursor(j
, &cursor
);
2589 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2590 log_error_errno(r
, "Failed to get cursor: %m");
2592 if (arg_show_cursor
)
2593 printf("-- cursor: %s\n", cursor
);
2595 if (arg_cursor_file
) {
2596 r
= write_string_file(arg_cursor_file
, cursor
,
2597 WRITE_STRING_FILE_CREATE
|
2598 WRITE_STRING_FILE_ATOMIC
);
2601 "Failed to write new cursor to %s: %m",
2612 r
= wait_for_change(j
, poll_fd
);
2623 strv_free(arg_file
);
2625 strv_free(arg_syslog_identifier
);
2626 strv_free(arg_system_units
);
2627 strv_free(arg_user_units
);
2628 strv_free(arg_output_fields
);
2631 free(arg_verify_key
);
2634 if (arg_compiled_pattern
)
2635 pcre2_code_free(arg_compiled_pattern
);
2638 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;