2 This file is part of systemd.
4 Copyright 2011 Lennart Poettering
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
32 #include <sys/inotify.h>
37 #include "sd-journal.h"
40 #include "alloc-util.h"
41 #include "bus-error.h"
44 #include "chattr-util.h"
49 #include "glob-util.h"
50 #include "hostname-util.h"
52 #include "journal-def.h"
53 #include "journal-internal.h"
54 #include "journal-qrcode.h"
55 #include "journal-vacuum.h"
56 #include "journal-verify.h"
57 #include "locale-util.h"
59 #include "logs-show.h"
62 #include "parse-util.h"
63 #include "path-util.h"
64 #include "rlimit-util.h"
68 #include "syslog-util.h"
69 #include "terminal-util.h"
71 #include "udev-util.h"
72 #include "unit-name.h"
73 #include "user-util.h"
75 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
78 /* Special values for arg_lines */
79 ARG_LINES_DEFAULT
= -2,
83 static OutputMode arg_output
= OUTPUT_SHORT
;
84 static bool arg_utc
= false;
85 static bool arg_pager_end
= false;
86 static bool arg_follow
= false;
87 static bool arg_full
= true;
88 static bool arg_all
= false;
89 static bool arg_no_pager
= false;
90 static int arg_lines
= ARG_LINES_DEFAULT
;
91 static bool arg_no_tail
= false;
92 static bool arg_quiet
= false;
93 static bool arg_merge
= false;
94 static bool arg_boot
= false;
95 static sd_id128_t arg_boot_id
= {};
96 static int arg_boot_offset
= 0;
97 static bool arg_dmesg
= false;
98 static bool arg_no_hostname
= false;
99 static const char *arg_cursor
= NULL
;
100 static const char *arg_after_cursor
= NULL
;
101 static bool arg_show_cursor
= false;
102 static const char *arg_directory
= NULL
;
103 static char **arg_file
= NULL
;
104 static bool arg_file_stdin
= false;
105 static int arg_priorities
= 0xFF;
106 static char *arg_verify_key
= NULL
;
108 static usec_t arg_interval
= DEFAULT_FSS_INTERVAL_USEC
;
109 static bool arg_force
= false;
111 static usec_t arg_since
, arg_until
;
112 static bool arg_since_set
= false, arg_until_set
= false;
113 static char **arg_syslog_identifier
= NULL
;
114 static char **arg_system_units
= NULL
;
115 static char **arg_user_units
= NULL
;
116 static const char *arg_field
= NULL
;
117 static bool arg_catalog
= false;
118 static bool arg_reverse
= false;
119 static int arg_journal_type
= 0;
120 static char *arg_root
= NULL
;
121 static const char *arg_machine
= NULL
;
122 static uint64_t arg_vacuum_size
= 0;
123 static uint64_t arg_vacuum_n_files
= 0;
124 static usec_t arg_vacuum_time
= 0;
135 ACTION_UPDATE_CATALOG
,
142 ACTION_LIST_FIELD_NAMES
,
143 } arg_action
= ACTION_SHOW
;
145 typedef struct BootId
{
149 LIST_FIELDS(struct BootId
, boot_list
);
152 static int add_matches_for_device(sd_journal
*j
, const char *devpath
) {
154 _cleanup_udev_unref_
struct udev
*udev
= NULL
;
155 _cleanup_udev_device_unref_
struct udev_device
*device
= NULL
;
156 struct udev_device
*d
= NULL
;
162 if (!path_startswith(devpath
, "/dev/")) {
163 log_error("Devpath does not start with /dev/");
171 r
= stat(devpath
, &st
);
173 log_error_errno(errno
, "Couldn't stat file: %m");
175 d
= device
= udev_device_new_from_devnum(udev
, S_ISBLK(st
.st_mode
) ? 'b' : 'c', st
.st_rdev
);
177 return log_error_errno(errno
, "Failed to get udev device from devnum %u:%u: %m", major(st
.st_rdev
), minor(st
.st_rdev
));
180 _cleanup_free_
char *match
= NULL
;
181 const char *subsys
, *sysname
, *devnode
;
183 subsys
= udev_device_get_subsystem(d
);
185 d
= udev_device_get_parent(d
);
189 sysname
= udev_device_get_sysname(d
);
191 d
= udev_device_get_parent(d
);
195 match
= strjoin("_KERNEL_DEVICE=+", subsys
, ":", sysname
);
199 r
= sd_journal_add_match(j
, match
, 0);
201 return log_error_errno(r
, "Failed to add match: %m");
203 devnode
= udev_device_get_devnode(d
);
205 _cleanup_free_
char *match1
= NULL
;
207 r
= stat(devnode
, &st
);
209 return log_error_errno(r
, "Failed to stat() device node \"%s\": %m", devnode
);
211 r
= asprintf(&match1
, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st
.st_mode
) ? 'b' : 'c', major(st
.st_rdev
), minor(st
.st_rdev
));
215 r
= sd_journal_add_match(j
, match1
, 0);
217 return log_error_errno(r
, "Failed to add match: %m");
220 d
= udev_device_get_parent(d
);
223 r
= add_match_this_boot(j
, arg_machine
);
225 return log_error_errno(r
, "Failed to add match for the current boot: %m");
230 static char *format_timestamp_maybe_utc(char *buf
, size_t l
, usec_t t
) {
233 return format_timestamp_utc(buf
, l
, t
);
235 return format_timestamp(buf
, l
, t
);
238 static int parse_boot_descriptor(const char *x
, sd_id128_t
*boot_id
, int *offset
) {
239 sd_id128_t id
= SD_ID128_NULL
;
242 if (strlen(x
) >= 32) {
246 r
= sd_id128_from_string(t
, &id
);
250 if (*x
!= '-' && *x
!= '+' && *x
!= 0)
254 r
= safe_atoi(x
, &off
);
259 r
= safe_atoi(x
, &off
);
273 static void help(void) {
275 pager_open(arg_no_pager
, arg_pager_end
);
277 printf("%s [OPTIONS...] [MATCHES...]\n\n"
278 "Query the journal.\n\n"
280 " --system Show the system journal\n"
281 " --user Show the user journal for the current user\n"
282 " -M --machine=CONTAINER Operate on local container\n"
283 " -S --since=DATE Show entries not older than the specified date\n"
284 " -U --until=DATE Show entries not newer than the specified date\n"
285 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
286 " --after-cursor=CURSOR Show entries after the specified cursor\n"
287 " --show-cursor Print the cursor after all the entries\n"
288 " -b --boot[=ID] Show current boot or the specified boot\n"
289 " --list-boots Show terse information about recorded boots\n"
290 " -k --dmesg Show kernel message log from the current boot\n"
291 " -u --unit=UNIT Show logs from the specified unit\n"
292 " --user-unit=UNIT Show logs from the specified user unit\n"
293 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
294 " -p --priority=RANGE Show entries with the specified priority\n"
295 " -e --pager-end Immediately jump to the end in the pager\n"
296 " -f --follow Follow the journal\n"
297 " -n --lines[=INTEGER] Number of journal entries to show\n"
298 " --no-tail Show all lines, even in follow mode\n"
299 " -r --reverse Show the newest entries first\n"
300 " -o --output=STRING Change journal output mode (short, short-precise,\n"
301 " short-iso, short-full, short-monotonic, short-unix,\n"
302 " verbose, export, json, json-pretty, json-sse, cat)\n"
303 " --utc Express time in Coordinated Universal Time (UTC)\n"
304 " -x --catalog Add message explanations where available\n"
305 " --no-full Ellipsize fields\n"
306 " -a --all Show all fields, including long and unprintable\n"
307 " -q --quiet Do not show info messages and privilege warning\n"
308 " --no-pager Do not pipe output into a pager\n"
309 " --no-hostname Suppress output of hostname field\n"
310 " -m --merge Show entries from all available journals\n"
311 " -D --directory=PATH Show journal files from directory\n"
312 " --file=PATH Show journal file\n"
313 " --root=ROOT Operate on files below a root directory\n"
315 " --interval=TIME Time interval for changing the FSS sealing key\n"
316 " --verify-key=KEY Specify FSS verification key\n"
317 " --force Override of the FSS key pair with --setup-keys\n"
320 " -h --help Show this help text\n"
321 " --version Show package version\n"
322 " -N --fields List all field names currently used\n"
323 " -F --field=FIELD List all values that a specified field takes\n"
324 " --disk-usage Show total disk usage of all journal files\n"
325 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
326 " --vacuum-files=INT Leave only the specified number of journal files\n"
327 " --vacuum-time=TIME Remove journal files older than specified time\n"
328 " --verify Verify journal file consistency\n"
329 " --sync Synchronize unwritten journal messages to disk\n"
330 " --flush Flush all journal data from /run into /var\n"
331 " --rotate Request immediate rotation of the journal files\n"
332 " --header Show journal header information\n"
333 " --list-catalog Show all message IDs in the catalog\n"
334 " --dump-catalog Show entries in the message catalog\n"
335 " --update-catalog Update the message catalog database\n"
336 " --new-id128 Generate a new 128-bit ID\n"
338 " --setup-keys Generate a new FSS key pair\n"
340 , program_invocation_short_name
);
343 static int parse_argv(int argc
, char *argv
[]) {
380 static const struct option options
[] = {
381 { "help", no_argument
, NULL
, 'h' },
382 { "version" , no_argument
, NULL
, ARG_VERSION
},
383 { "no-pager", no_argument
, NULL
, ARG_NO_PAGER
},
384 { "pager-end", no_argument
, NULL
, 'e' },
385 { "follow", no_argument
, NULL
, 'f' },
386 { "force", no_argument
, NULL
, ARG_FORCE
},
387 { "output", required_argument
, NULL
, 'o' },
388 { "all", no_argument
, NULL
, 'a' },
389 { "full", no_argument
, NULL
, 'l' },
390 { "no-full", no_argument
, NULL
, ARG_NO_FULL
},
391 { "lines", optional_argument
, NULL
, 'n' },
392 { "no-tail", no_argument
, NULL
, ARG_NO_TAIL
},
393 { "new-id128", no_argument
, NULL
, ARG_NEW_ID128
},
394 { "quiet", no_argument
, NULL
, 'q' },
395 { "merge", no_argument
, NULL
, 'm' },
396 { "this-boot", no_argument
, NULL
, ARG_THIS_BOOT
}, /* deprecated */
397 { "boot", optional_argument
, NULL
, 'b' },
398 { "list-boots", no_argument
, NULL
, ARG_LIST_BOOTS
},
399 { "dmesg", no_argument
, NULL
, 'k' },
400 { "system", no_argument
, NULL
, ARG_SYSTEM
},
401 { "user", no_argument
, NULL
, ARG_USER
},
402 { "directory", required_argument
, NULL
, 'D' },
403 { "file", required_argument
, NULL
, ARG_FILE
},
404 { "root", required_argument
, NULL
, ARG_ROOT
},
405 { "header", no_argument
, NULL
, ARG_HEADER
},
406 { "identifier", required_argument
, NULL
, 't' },
407 { "priority", required_argument
, NULL
, 'p' },
408 { "setup-keys", no_argument
, NULL
, ARG_SETUP_KEYS
},
409 { "interval", required_argument
, NULL
, ARG_INTERVAL
},
410 { "verify", no_argument
, NULL
, ARG_VERIFY
},
411 { "verify-key", required_argument
, NULL
, ARG_VERIFY_KEY
},
412 { "disk-usage", no_argument
, NULL
, ARG_DISK_USAGE
},
413 { "cursor", required_argument
, NULL
, 'c' },
414 { "after-cursor", required_argument
, NULL
, ARG_AFTER_CURSOR
},
415 { "show-cursor", no_argument
, NULL
, ARG_SHOW_CURSOR
},
416 { "since", required_argument
, NULL
, 'S' },
417 { "until", required_argument
, NULL
, 'U' },
418 { "unit", required_argument
, NULL
, 'u' },
419 { "user-unit", required_argument
, NULL
, ARG_USER_UNIT
},
420 { "field", required_argument
, NULL
, 'F' },
421 { "fields", no_argument
, NULL
, 'N' },
422 { "catalog", no_argument
, NULL
, 'x' },
423 { "list-catalog", no_argument
, NULL
, ARG_LIST_CATALOG
},
424 { "dump-catalog", no_argument
, NULL
, ARG_DUMP_CATALOG
},
425 { "update-catalog", no_argument
, NULL
, ARG_UPDATE_CATALOG
},
426 { "reverse", no_argument
, NULL
, 'r' },
427 { "machine", required_argument
, NULL
, 'M' },
428 { "utc", no_argument
, NULL
, ARG_UTC
},
429 { "flush", no_argument
, NULL
, ARG_FLUSH
},
430 { "sync", no_argument
, NULL
, ARG_SYNC
},
431 { "rotate", no_argument
, NULL
, ARG_ROTATE
},
432 { "vacuum-size", required_argument
, NULL
, ARG_VACUUM_SIZE
},
433 { "vacuum-files", required_argument
, NULL
, ARG_VACUUM_FILES
},
434 { "vacuum-time", required_argument
, NULL
, ARG_VACUUM_TIME
},
435 { "no-hostname", no_argument
, NULL
, ARG_NO_HOSTNAME
},
444 while ((c
= getopt_long(argc
, argv
, "hefo:aln::qmb::kD:p:c:S:U:t:u:NF:xrM:", options
, NULL
)) >= 0)
460 arg_pager_end
= true;
462 if (arg_lines
== ARG_LINES_DEFAULT
)
472 arg_output
= output_mode_from_string(optarg
);
473 if (arg_output
< 0) {
474 log_error("Unknown output format '%s'.", optarg
);
478 if (arg_output
== OUTPUT_EXPORT
||
479 arg_output
== OUTPUT_JSON
||
480 arg_output
== OUTPUT_JSON_PRETTY
||
481 arg_output
== OUTPUT_JSON_SSE
||
482 arg_output
== OUTPUT_CAT
)
501 if (streq(optarg
, "all"))
502 arg_lines
= ARG_LINES_ALL
;
504 r
= safe_atoi(optarg
, &arg_lines
);
505 if (r
< 0 || arg_lines
< 0) {
506 log_error("Failed to parse lines '%s'", optarg
);
513 /* Hmm, no argument? Maybe the next
514 * word on the command line is
515 * supposed to be the argument? Let's
516 * see if there is one, and is
520 if (streq(argv
[optind
], "all")) {
521 arg_lines
= ARG_LINES_ALL
;
523 } else if (safe_atoi(argv
[optind
], &n
) >= 0 && n
>= 0) {
537 arg_action
= ACTION_NEW_ID128
;
556 r
= parse_boot_descriptor(optarg
, &arg_boot_id
, &arg_boot_offset
);
558 log_error("Failed to parse boot descriptor '%s'", optarg
);
563 /* Hmm, no argument? Maybe the next
564 * word on the command line is
565 * supposed to be the argument? Let's
566 * see if there is one and is parsable
567 * as a boot descriptor... */
570 parse_boot_descriptor(argv
[optind
], &arg_boot_id
, &arg_boot_offset
) >= 0)
577 arg_action
= ACTION_LIST_BOOTS
;
581 arg_boot
= arg_dmesg
= true;
585 arg_journal_type
|= SD_JOURNAL_SYSTEM
;
589 arg_journal_type
|= SD_JOURNAL_CURRENT_USER
;
593 arg_machine
= optarg
;
597 arg_directory
= optarg
;
601 if (streq(optarg
, "-"))
602 /* An undocumented feature: we can read journal files from STDIN. We don't document
603 * this though, since after all we only support this for mmap-able, seekable files, and
604 * not for example pipes which are probably the primary usecase for reading things from
605 * STDIN. To avoid confusion we hence don't document this feature. */
606 arg_file_stdin
= true;
608 r
= glob_extend(&arg_file
, optarg
);
610 return log_error_errno(r
, "Failed to add paths: %m");
615 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
624 case ARG_AFTER_CURSOR
:
625 arg_after_cursor
= optarg
;
628 case ARG_SHOW_CURSOR
:
629 arg_show_cursor
= true;
633 arg_action
= ACTION_PRINT_HEADER
;
637 arg_action
= ACTION_VERIFY
;
641 arg_action
= ACTION_DISK_USAGE
;
644 case ARG_VACUUM_SIZE
:
645 r
= parse_size(optarg
, 1024, &arg_vacuum_size
);
647 log_error("Failed to parse vacuum size: %s", optarg
);
651 arg_action
= ACTION_VACUUM
;
654 case ARG_VACUUM_FILES
:
655 r
= safe_atou64(optarg
, &arg_vacuum_n_files
);
657 log_error("Failed to parse vacuum files: %s", optarg
);
661 arg_action
= ACTION_VACUUM
;
664 case ARG_VACUUM_TIME
:
665 r
= parse_sec(optarg
, &arg_vacuum_time
);
667 log_error("Failed to parse vacuum time: %s", optarg
);
671 arg_action
= ACTION_VACUUM
;
680 arg_action
= ACTION_SETUP_KEYS
;
685 arg_action
= ACTION_VERIFY
;
686 r
= free_and_strdup(&arg_verify_key
, optarg
);
689 /* Use memset not string_erase so this doesn't look confusing
690 * in ps or htop output. */
691 memset(optarg
, 'x', strlen(optarg
));
697 r
= parse_sec(optarg
, &arg_interval
);
698 if (r
< 0 || arg_interval
<= 0) {
699 log_error("Failed to parse sealing key change interval: %s", optarg
);
708 log_error("Forward-secure sealing not available.");
715 dots
= strstr(optarg
, "..");
721 a
= strndup(optarg
, dots
- optarg
);
725 from
= log_level_from_string(a
);
726 to
= log_level_from_string(dots
+ 2);
729 if (from
< 0 || to
< 0) {
730 log_error("Failed to parse log level range %s", optarg
);
737 for (i
= from
; i
<= to
; i
++)
738 arg_priorities
|= 1 << i
;
740 for (i
= to
; i
<= from
; i
++)
741 arg_priorities
|= 1 << i
;
747 p
= log_level_from_string(optarg
);
749 log_error("Unknown log level %s", optarg
);
755 for (i
= 0; i
<= p
; i
++)
756 arg_priorities
|= 1 << i
;
763 r
= parse_timestamp(optarg
, &arg_since
);
765 log_error("Failed to parse timestamp: %s", optarg
);
768 arg_since_set
= true;
772 r
= parse_timestamp(optarg
, &arg_until
);
774 log_error("Failed to parse timestamp: %s", optarg
);
777 arg_until_set
= true;
781 r
= strv_extend(&arg_syslog_identifier
, optarg
);
787 r
= strv_extend(&arg_system_units
, optarg
);
793 r
= strv_extend(&arg_user_units
, optarg
);
799 arg_action
= ACTION_LIST_FIELDS
;
804 arg_action
= ACTION_LIST_FIELD_NAMES
;
807 case ARG_NO_HOSTNAME
:
808 arg_no_hostname
= true;
815 case ARG_LIST_CATALOG
:
816 arg_action
= ACTION_LIST_CATALOG
;
819 case ARG_DUMP_CATALOG
:
820 arg_action
= ACTION_DUMP_CATALOG
;
823 case ARG_UPDATE_CATALOG
:
824 arg_action
= ACTION_UPDATE_CATALOG
;
836 arg_action
= ACTION_FLUSH
;
840 arg_action
= ACTION_ROTATE
;
844 arg_action
= ACTION_SYNC
;
851 assert_not_reached("Unhandled option");
854 if (arg_follow
&& !arg_no_tail
&& !arg_since
&& arg_lines
== ARG_LINES_DEFAULT
)
857 if (!!arg_directory
+ !!arg_file
+ !!arg_machine
+ !!arg_root
> 1) {
858 log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
862 if (arg_since_set
&& arg_until_set
&& arg_since
> arg_until
) {
863 log_error("--since= must be before --until=.");
867 if (!!arg_cursor
+ !!arg_after_cursor
+ !!arg_since_set
> 1) {
868 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
872 if (arg_follow
&& arg_reverse
) {
873 log_error("Please specify either --reverse= or --follow=, not both.");
877 if (!IN_SET(arg_action
, ACTION_SHOW
, ACTION_DUMP_CATALOG
, ACTION_LIST_CATALOG
) && optind
< argc
) {
878 log_error("Extraneous arguments starting with '%s'", argv
[optind
]);
882 if ((arg_boot
|| arg_action
== ACTION_LIST_BOOTS
) && arg_merge
) {
883 log_error("Using --boot or --list-boots with --merge is not supported.");
887 if (!strv_isempty(arg_system_units
) && (arg_journal_type
== SD_JOURNAL_CURRENT_USER
)) {
889 /* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
890 * journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
891 * to users, and automatically turn --unit= into --user-unit= if combined with --user. */
892 r
= strv_extend_strv(&arg_user_units
, arg_system_units
, true);
896 arg_system_units
= strv_free(arg_system_units
);
902 static int generate_new_id128(void) {
907 r
= sd_id128_randomize(&id
);
909 return log_error_errno(r
, "Failed to generate ID: %m");
911 printf("As string:\n"
912 SD_ID128_FORMAT_STR
"\n\n"
914 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
915 "As man:sd-id128(3) macro:\n"
916 "#define MESSAGE_XYZ SD_ID128_MAKE(",
917 SD_ID128_FORMAT_VAL(id
),
918 SD_ID128_FORMAT_VAL(id
));
919 for (i
= 0; i
< 16; i
++)
920 printf("%02x%s", id
.bytes
[i
], i
!= 15 ? "," : "");
921 fputs(")\n\n", stdout
);
923 printf("As Python constant:\n"
925 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR
"')\n",
926 SD_ID128_FORMAT_VAL(id
));
931 static int add_matches(sd_journal
*j
, char **args
) {
933 bool have_term
= false;
937 STRV_FOREACH(i
, args
) {
940 if (streq(*i
, "+")) {
943 r
= sd_journal_add_disjunction(j
);
946 } else if (path_is_absolute(*i
)) {
947 _cleanup_free_
char *p
= NULL
, *t
= NULL
, *t2
= NULL
, *interpreter
= NULL
;
950 r
= chase_symlinks(*i
, NULL
, 0, &p
);
952 return log_error_errno(r
, "Couldn't canonicalize path: %m");
954 if (lstat(p
, &st
) < 0)
955 return log_error_errno(errno
, "Couldn't stat file: %m");
957 if (S_ISREG(st
.st_mode
) && (0111 & st
.st_mode
)) {
958 if (executable_is_script(p
, &interpreter
) > 0) {
959 _cleanup_free_
char *comm
;
961 comm
= strndup(basename(p
), 15);
965 t
= strappend("_COMM=", comm
);
969 /* Append _EXE only if the interpreter is not a link.
970 Otherwise, it might be outdated often. */
971 if (lstat(interpreter
, &st
) == 0 && !S_ISLNK(st
.st_mode
)) {
972 t2
= strappend("_EXE=", interpreter
);
977 t
= strappend("_EXE=", p
);
982 r
= sd_journal_add_match(j
, t
, 0);
985 r
= sd_journal_add_match(j
, t2
, 0);
987 } else if (S_ISCHR(st
.st_mode
) || S_ISBLK(st
.st_mode
)) {
988 r
= add_matches_for_device(j
, p
);
992 log_error("File is neither a device node, nor regular file, nor executable: %s", *i
);
998 r
= sd_journal_add_match(j
, *i
, 0);
1003 return log_error_errno(r
, "Failed to add match '%s': %m", *i
);
1006 if (!strv_isempty(args
) && !have_term
) {
1007 log_error("\"+\" can only be used between terms");
1014 static void boot_id_free_all(BootId
*l
) {
1018 LIST_REMOVE(boot_list
, l
, i
);
1023 static int discover_next_boot(sd_journal
*j
,
1024 sd_id128_t previous_boot_id
,
1028 _cleanup_free_ BootId
*next_boot
= NULL
;
1029 char match
[9+32+1] = "_BOOT_ID=";
1036 /* We expect the journal to be on the last position of a boot
1037 * (in relation to the direction we are going), so that the next
1038 * invocation of sd_journal_next/previous will be from a different
1039 * boot. We then collect any information we desire and then jump
1040 * to the last location of the new boot by using a _BOOT_ID match
1041 * coming from the other journal direction. */
1043 /* Make sure we aren't restricted by any _BOOT_ID matches, so that
1044 * we can actually advance to a *different* boot. */
1045 sd_journal_flush_matches(j
);
1049 r
= sd_journal_previous(j
);
1051 r
= sd_journal_next(j
);
1055 return 0; /* End of journal, yay. */
1057 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
1061 /* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
1062 * normally, this will only require a single iteration, as we seeked to the last entry of the previous
1063 * boot entry already. However, it might happen that the per-journal-field entry arrays are less
1064 * complete than the main entry array, and hence might reference an entry that's not actually the last
1065 * one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
1066 * speed things up, but let's not trust that it is complete, and hence, manually advance as
1069 } while (sd_id128_equal(boot_id
, previous_boot_id
));
1071 next_boot
= new0(BootId
, 1);
1075 next_boot
->id
= boot_id
;
1077 r
= sd_journal_get_realtime_usec(j
, &next_boot
->first
);
1081 /* Now seek to the last occurrence of this boot ID. */
1082 sd_id128_to_string(next_boot
->id
, match
+ 9);
1083 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1088 r
= sd_journal_seek_head(j
);
1090 r
= sd_journal_seek_tail(j
);
1095 r
= sd_journal_next(j
);
1097 r
= sd_journal_previous(j
);
1101 log_debug("Whoopsie! We found a boot ID but can't read its last entry.");
1102 return -ENODATA
; /* This shouldn't happen. We just came from this very boot ID. */
1105 r
= sd_journal_get_realtime_usec(j
, &next_boot
->last
);
1115 static int get_boots(
1118 sd_id128_t
*boot_id
,
1123 BootId
*head
= NULL
, *tail
= NULL
, *id
;
1124 const bool advance_older
= boot_id
&& offset
<= 0;
1125 sd_id128_t previous_boot_id
;
1129 /* Adjust for the asymmetry that offset 0 is
1130 * the last (and current) boot, while 1 is considered the
1131 * (chronological) first boot in the journal. */
1132 skip_once
= boot_id
&& sd_id128_is_null(*boot_id
) && offset
<= 0;
1134 /* Advance to the earliest/latest occurrence of our reference
1135 * boot ID (taking our lookup direction into account), so that
1136 * discover_next_boot() can do its job.
1137 * If no reference is given, the journal head/tail will do,
1138 * they're "virtual" boots after all. */
1139 if (boot_id
&& !sd_id128_is_null(*boot_id
)) {
1140 char match
[9+32+1] = "_BOOT_ID=";
1142 sd_journal_flush_matches(j
);
1144 sd_id128_to_string(*boot_id
, match
+ 9);
1145 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1150 r
= sd_journal_seek_head(j
); /* seek to oldest */
1152 r
= sd_journal_seek_tail(j
); /* seek to newest */
1157 r
= sd_journal_next(j
); /* read the oldest entry */
1159 r
= sd_journal_previous(j
); /* read the most recently added entry */
1164 else if (offset
== 0) {
1169 /* At this point the read pointer is positioned at the oldest/newest occurence of the reference boot
1170 * ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
1171 * the following entry, which must then have an older/newer boot ID */
1175 r
= sd_journal_seek_tail(j
); /* seek to newest */
1177 r
= sd_journal_seek_head(j
); /* seek to oldest */
1181 /* No sd_journal_next()/_previous() here.
1183 * At this point the read pointer is positioned after the newest/before the oldest entry in the whole
1184 * journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
1188 previous_boot_id
= SD_ID128_NULL
;
1190 _cleanup_free_ BootId
*current
= NULL
;
1192 r
= discover_next_boot(j
, previous_boot_id
, advance_older
, ¤t
);
1194 boot_id_free_all(head
);
1201 previous_boot_id
= current
->id
;
1205 offset
+= advance_older
? 1 : -1;
1210 *boot_id
= current
->id
;
1214 LIST_FOREACH(boot_list
, id
, head
) {
1215 if (sd_id128_equal(id
->id
, current
->id
)) {
1216 /* boot id already stored, something wrong with the journal files */
1217 /* exiting as otherwise this problem would cause forever loop */
1221 LIST_INSERT_AFTER(boot_list
, head
, tail
, current
);
1232 sd_journal_flush_matches(j
);
1237 static int list_boots(sd_journal
*j
) {
1239 BootId
*id
, *all_ids
;
1243 count
= get_boots(j
, &all_ids
, NULL
, 0);
1245 return log_error_errno(count
, "Failed to determine boots: %m");
1249 pager_open(arg_no_pager
, arg_pager_end
);
1251 /* numbers are one less, but we need an extra char for the sign */
1252 w
= DECIMAL_STR_WIDTH(count
- 1) + 1;
1255 LIST_FOREACH(boot_list
, id
, all_ids
) {
1256 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
1258 printf("% *i " SD_ID128_FORMAT_STR
" %s—%s\n",
1260 SD_ID128_FORMAT_VAL(id
->id
),
1261 format_timestamp_maybe_utc(a
, sizeof(a
), id
->first
),
1262 format_timestamp_maybe_utc(b
, sizeof(b
), id
->last
));
1266 boot_id_free_all(all_ids
);
1271 static int add_boot(sd_journal
*j
) {
1272 char match
[9+32+1] = "_BOOT_ID=";
1281 /* Take a shortcut and use the current boot_id, which we can do very quickly.
1282 * We can do this only when we logs are coming from the current machine,
1283 * so take the slow path if log location is specified. */
1284 if (arg_boot_offset
== 0 && sd_id128_is_null(arg_boot_id
) &&
1285 !arg_directory
&& !arg_file
&& !arg_root
)
1287 return add_match_this_boot(j
, arg_machine
);
1289 boot_id
= arg_boot_id
;
1290 r
= get_boots(j
, NULL
, &boot_id
, arg_boot_offset
);
1293 const char *reason
= (r
== 0) ? "No such boot ID in journal" : strerror(-r
);
1295 if (sd_id128_is_null(arg_boot_id
))
1296 log_error("Data from the specified boot (%+i) is not available: %s",
1297 arg_boot_offset
, reason
);
1299 log_error("Data from the specified boot ("SD_ID128_FORMAT_STR
") is not available: %s",
1300 SD_ID128_FORMAT_VAL(arg_boot_id
), reason
);
1302 return r
== 0 ? -ENODATA
: r
;
1305 sd_id128_to_string(boot_id
, match
+ 9);
1307 r
= sd_journal_add_match(j
, match
, sizeof(match
) - 1);
1309 return log_error_errno(r
, "Failed to add match: %m");
1311 r
= sd_journal_add_conjunction(j
);
1313 return log_error_errno(r
, "Failed to add conjunction: %m");
1318 static int add_dmesg(sd_journal
*j
) {
1325 r
= sd_journal_add_match(j
, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1327 return log_error_errno(r
, "Failed to add match: %m");
1329 r
= sd_journal_add_conjunction(j
);
1331 return log_error_errno(r
, "Failed to add conjunction: %m");
1336 static int get_possible_units(
1342 _cleanup_set_free_free_ Set
*found
;
1346 found
= set_new(&string_hash_ops
);
1350 NULSTR_FOREACH(field
, fields
) {
1354 r
= sd_journal_query_unique(j
, field
);
1358 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
1359 char **pattern
, *eq
;
1361 _cleanup_free_
char *u
= NULL
;
1363 eq
= memchr(data
, '=', size
);
1365 prefix
= eq
- (char*) data
+ 1;
1369 u
= strndup((char*) data
+ prefix
, size
- prefix
);
1373 STRV_FOREACH(pattern
, patterns
)
1374 if (fnmatch(*pattern
, u
, FNM_NOESCAPE
) == 0) {
1375 log_debug("Matched %s with pattern %s=%s", u
, field
, *pattern
);
1377 r
= set_consume(found
, u
);
1379 if (r
< 0 && r
!= -EEXIST
)
1392 /* This list is supposed to return the superset of unit names
1393 * possibly matched by rules added with add_matches_for_unit... */
1394 #define SYSTEM_UNITS \
1398 "OBJECT_SYSTEMD_UNIT\0" \
1401 /* ... and add_matches_for_user_unit */
1402 #define USER_UNITS \
1403 "_SYSTEMD_USER_UNIT\0" \
1405 "COREDUMP_USER_UNIT\0" \
1406 "OBJECT_SYSTEMD_USER_UNIT\0"
1408 static int add_units(sd_journal
*j
) {
1409 _cleanup_strv_free_
char **patterns
= NULL
;
1415 STRV_FOREACH(i
, arg_system_units
) {
1416 _cleanup_free_
char *u
= NULL
;
1418 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1422 if (string_is_glob(u
)) {
1423 r
= strv_push(&patterns
, u
);
1428 r
= add_matches_for_unit(j
, u
);
1431 r
= sd_journal_add_disjunction(j
);
1438 if (!strv_isempty(patterns
)) {
1439 _cleanup_set_free_free_ Set
*units
= NULL
;
1443 r
= get_possible_units(j
, SYSTEM_UNITS
, patterns
, &units
);
1447 SET_FOREACH(u
, units
, it
) {
1448 r
= add_matches_for_unit(j
, u
);
1451 r
= sd_journal_add_disjunction(j
);
1458 patterns
= strv_free(patterns
);
1460 STRV_FOREACH(i
, arg_user_units
) {
1461 _cleanup_free_
char *u
= NULL
;
1463 r
= unit_name_mangle(*i
, UNIT_NAME_GLOB
, &u
);
1467 if (string_is_glob(u
)) {
1468 r
= strv_push(&patterns
, u
);
1473 r
= add_matches_for_user_unit(j
, u
, getuid());
1476 r
= sd_journal_add_disjunction(j
);
1483 if (!strv_isempty(patterns
)) {
1484 _cleanup_set_free_free_ Set
*units
= NULL
;
1488 r
= get_possible_units(j
, USER_UNITS
, patterns
, &units
);
1492 SET_FOREACH(u
, units
, it
) {
1493 r
= add_matches_for_user_unit(j
, u
, getuid());
1496 r
= sd_journal_add_disjunction(j
);
1503 /* Complain if the user request matches but nothing whatsoever was
1504 * found, since otherwise everything would be matched. */
1505 if (!(strv_isempty(arg_system_units
) && strv_isempty(arg_user_units
)) && count
== 0)
1508 r
= sd_journal_add_conjunction(j
);
1515 static int add_priorities(sd_journal
*j
) {
1516 char match
[] = "PRIORITY=0";
1520 if (arg_priorities
== 0xFF)
1523 for (i
= LOG_EMERG
; i
<= LOG_DEBUG
; i
++)
1524 if (arg_priorities
& (1 << i
)) {
1525 match
[sizeof(match
)-2] = '0' + i
;
1527 r
= sd_journal_add_match(j
, match
, strlen(match
));
1529 return log_error_errno(r
, "Failed to add match: %m");
1532 r
= sd_journal_add_conjunction(j
);
1534 return log_error_errno(r
, "Failed to add conjunction: %m");
1540 static int add_syslog_identifier(sd_journal
*j
) {
1546 STRV_FOREACH(i
, arg_syslog_identifier
) {
1549 u
= strjoina("SYSLOG_IDENTIFIER=", *i
);
1550 r
= sd_journal_add_match(j
, u
, 0);
1553 r
= sd_journal_add_disjunction(j
);
1558 r
= sd_journal_add_conjunction(j
);
1565 static int setup_keys(void) {
1567 size_t mpk_size
, seed_size
, state_size
, i
;
1568 uint8_t *mpk
, *seed
, *state
;
1570 sd_id128_t machine
, boot
;
1571 char *p
= NULL
, *k
= NULL
;
1576 r
= stat("/var/log/journal", &st
);
1577 if (r
< 0 && errno
!= ENOENT
&& errno
!= ENOTDIR
)
1578 return log_error_errno(errno
, "stat(\"%s\") failed: %m", "/var/log/journal");
1580 if (r
< 0 || !S_ISDIR(st
.st_mode
)) {
1581 log_error("%s is not a directory, must be using persistent logging for FSS.",
1582 "/var/log/journal");
1583 return r
< 0 ? -errno
: -ENOTDIR
;
1586 r
= sd_id128_get_machine(&machine
);
1588 return log_error_errno(r
, "Failed to get machine ID: %m");
1590 r
= sd_id128_get_boot(&boot
);
1592 return log_error_errno(r
, "Failed to get boot ID: %m");
1594 if (asprintf(&p
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss",
1595 SD_ID128_FORMAT_VAL(machine
)) < 0)
1600 if (r
< 0 && errno
!= ENOENT
) {
1601 r
= log_error_errno(errno
, "unlink(\"%s\") failed: %m", p
);
1604 } else if (access(p
, F_OK
) >= 0) {
1605 log_error("Sealing key file %s exists already. Use --force to recreate.", p
);
1610 if (asprintf(&k
, "/var/log/journal/" SD_ID128_FORMAT_STR
"/fss.tmp.XXXXXX",
1611 SD_ID128_FORMAT_VAL(machine
)) < 0) {
1616 mpk_size
= FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR
);
1617 mpk
= alloca(mpk_size
);
1619 seed_size
= FSPRG_RECOMMENDED_SEEDLEN
;
1620 seed
= alloca(seed_size
);
1622 state_size
= FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR
);
1623 state
= alloca(state_size
);
1625 fd
= open("/dev/random", O_RDONLY
|O_CLOEXEC
|O_NOCTTY
);
1627 r
= log_error_errno(errno
, "Failed to open /dev/random: %m");
1631 log_info("Generating seed...");
1632 r
= loop_read_exact(fd
, seed
, seed_size
, true);
1634 log_error_errno(r
, "Failed to read random seed: %m");
1638 log_info("Generating key pair...");
1639 FSPRG_GenMK(NULL
, mpk
, seed
, seed_size
, FSPRG_RECOMMENDED_SECPAR
);
1641 log_info("Generating sealing key...");
1642 FSPRG_GenState0(state
, mpk
, seed
, seed_size
);
1644 assert(arg_interval
> 0);
1646 n
= now(CLOCK_REALTIME
);
1650 fd
= mkostemp_safe(k
);
1652 r
= log_error_errno(fd
, "Failed to open %s: %m", k
);
1656 /* Enable secure remove, exclusion from dump, synchronous
1657 * writing and in-place updating */
1658 r
= chattr_fd(fd
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
, FS_SECRM_FL
|FS_NODUMP_FL
|FS_SYNC_FL
|FS_NOCOW_FL
);
1660 log_warning_errno(r
, "Failed to set file attributes: %m");
1663 memcpy(h
.signature
, "KSHHRHLP", 8);
1664 h
.machine_id
= machine
;
1666 h
.header_size
= htole64(sizeof(h
));
1667 h
.start_usec
= htole64(n
* arg_interval
);
1668 h
.interval_usec
= htole64(arg_interval
);
1669 h
.fsprg_secpar
= htole16(FSPRG_RECOMMENDED_SECPAR
);
1670 h
.fsprg_state_size
= htole64(state_size
);
1672 r
= loop_write(fd
, &h
, sizeof(h
), false);
1674 log_error_errno(r
, "Failed to write header: %m");
1678 r
= loop_write(fd
, state
, state_size
, false);
1680 log_error_errno(r
, "Failed to write state: %m");
1684 if (link(k
, p
) < 0) {
1685 r
= log_error_errno(errno
, "Failed to link file: %m");
1692 "The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
1693 "the following local file. This key file is automatically updated when the\n"
1694 "sealing key is advanced. It should not be used on multiple hosts.\n"
1698 "Please write down the following %ssecret verification key%s. It should be stored\n"
1699 "at a safe location and should not be saved locally on disk.\n"
1701 ansi_highlight(), ansi_normal(),
1703 ansi_highlight(), ansi_normal(),
1704 ansi_highlight_red());
1707 for (i
= 0; i
< seed_size
; i
++) {
1708 if (i
> 0 && i
% 3 == 0)
1710 printf("%02x", ((uint8_t*) seed
)[i
]);
1713 printf("/%llx-%llx\n", (unsigned long long) n
, (unsigned long long) arg_interval
);
1716 char tsb
[FORMAT_TIMESPAN_MAX
], *hn
;
1720 "The sealing key is automatically changed every %s.\n",
1722 format_timespan(tsb
, sizeof(tsb
), arg_interval
, 0));
1724 hn
= gethostname_malloc();
1727 hostname_cleanup(hn
);
1728 fprintf(stderr
, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR
".\n", hn
, SD_ID128_FORMAT_VAL(machine
));
1730 fprintf(stderr
, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR
".\n", SD_ID128_FORMAT_VAL(machine
));
1732 #ifdef HAVE_QRENCODE
1733 /* If this is not an UTF-8 system don't print any QR codes */
1734 if (is_locale_utf8()) {
1735 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr
);
1736 print_qr_code(stderr
, seed
, seed_size
, n
, arg_interval
, hn
, machine
);
1756 log_error("Forward-secure sealing not available.");
1761 static int verify(sd_journal
*j
) {
1768 log_show_color(true);
1770 ORDERED_HASHMAP_FOREACH(f
, j
->files
, i
) {
1772 usec_t first
= 0, validated
= 0, last
= 0;
1775 if (!arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
))
1776 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f
->path
);
1779 k
= journal_file_verify(f
, arg_verify_key
, &first
, &validated
, &last
, true);
1781 /* If the key was invalid give up right-away. */
1784 log_warning_errno(k
, "FAIL: %s (%m)", f
->path
);
1787 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
], c
[FORMAT_TIMESPAN_MAX
];
1788 log_info("PASS: %s", f
->path
);
1790 if (arg_verify_key
&& JOURNAL_HEADER_SEALED(f
->header
)) {
1791 if (validated
> 0) {
1792 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1793 format_timestamp_maybe_utc(a
, sizeof(a
), first
),
1794 format_timestamp_maybe_utc(b
, sizeof(b
), validated
),
1795 format_timespan(c
, sizeof(c
), last
> validated
? last
- validated
: 0, 0));
1796 } else if (last
> 0)
1797 log_info("=> No sealing yet, %s of entries not sealed.",
1798 format_timespan(c
, sizeof(c
), last
- first
, 0));
1800 log_info("=> No sealing yet, no entries in file.");
1808 static int access_check_var_log_journal(sd_journal
*j
) {
1810 _cleanup_strv_free_
char **g
= NULL
;
1820 /* If we are root, we should have access, don't warn. */
1824 /* If we are in the 'systemd-journal' group, we should have
1826 r
= in_group("systemd-journal");
1828 return log_error_errno(r
, "Failed to check if we are in the 'systemd-journal' group: %m");
1833 if (laccess("/run/log/journal", F_OK
) >= 0)
1834 dir
= "/run/log/journal";
1836 dir
= "/var/log/journal";
1838 /* If we are in any of the groups listed in the journal ACLs,
1839 * then all is good, too. Let's enumerate all groups from the
1840 * default ACL of the directory, which generally should allow
1841 * access to most journal files too. */
1842 r
= acl_search_groups(dir
, &g
);
1844 return log_error_errno(r
, "Failed to search journal ACL: %m");
1848 /* Print a pretty list, if there were ACLs set. */
1849 if (!strv_isempty(g
)) {
1850 _cleanup_free_
char *s
= NULL
;
1852 /* Thre are groups in the ACL, let's list them */
1853 r
= strv_extend(&g
, "systemd-journal");
1860 s
= strv_join(g
, "', '");
1864 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1865 " Users in groups '%s' can see all messages.\n"
1866 " Pass -q to turn off this notice.", s
);
1871 /* If no ACLs were found, print a short version of the message. */
1872 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1873 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1874 " turn off this notice.");
1879 static int access_check(sd_journal
*j
) {
1887 if (hashmap_isempty(j
->errors
)) {
1888 if (ordered_hashmap_isempty(j
->files
))
1889 log_notice("No journal files were found.");
1894 if (hashmap_contains(j
->errors
, INT_TO_PTR(-EACCES
))) {
1895 (void) access_check_var_log_journal(j
);
1897 if (ordered_hashmap_isempty(j
->files
))
1898 r
= log_error_errno(EACCES
, "No journal files were opened due to insufficient permissions.");
1901 HASHMAP_FOREACH_KEY(path
, code
, j
->errors
, it
) {
1904 err
= abs(PTR_TO_INT(code
));
1911 log_warning_errno(err
, "Journal file %s is truncated, ignoring file.", path
);
1914 case EPROTONOSUPPORT
:
1915 log_warning_errno(err
, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
1916 "Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
1921 log_warning_errno(err
, "Journal file %s corrupted, ignoring file.", path
);
1925 log_warning_errno(err
, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path
);
1933 static int flush_to_var(void) {
1934 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
1935 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1936 _cleanup_close_
int watch_fd
= -1;
1940 log_error("--flush is not supported in conjunction with --machine=.");
1945 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1948 /* OK, let's actually do the full logic, send SIGUSR1 to the
1949 * daemon and set up inotify to wait for the flushed file to appear */
1950 r
= bus_connect_system_systemd(&bus
);
1952 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
1954 r
= sd_bus_call_method(
1956 "org.freedesktop.systemd1",
1957 "/org/freedesktop/systemd1",
1958 "org.freedesktop.systemd1.Manager",
1962 "ssi", "systemd-journald.service", "main", SIGUSR1
);
1964 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
1966 mkdir_p("/run/systemd/journal", 0755);
1968 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
1970 return log_error_errno(errno
, "Failed to create inotify watch: %m");
1972 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_CREATE
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
1974 return log_error_errno(errno
, "Failed to watch journal directory: %m");
1977 if (access("/run/systemd/journal/flushed", F_OK
) >= 0)
1980 if (errno
!= ENOENT
)
1981 return log_error_errno(errno
, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1983 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
1985 return log_error_errno(r
, "Failed to wait for event: %m");
1987 r
= flush_fd(watch_fd
);
1989 return log_error_errno(r
, "Failed to flush inotify events: %m");
1995 static int send_signal_and_wait(int sig
, const char *watch_path
) {
1996 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
1997 _cleanup_close_
int watch_fd
= -1;
2002 log_error("--sync and --rotate are not supported in conjunction with --machine=.");
2006 start
= now(CLOCK_MONOTONIC
);
2008 /* This call sends the specified signal to journald, and waits
2009 * for acknowledgment by watching the mtime of the specified
2010 * flag file. This is used to trigger syncing or rotation and
2011 * then wait for the operation to complete. */
2016 /* See if a sync happened by now. */
2017 r
= read_timestamp_file(watch_path
, &tstamp
);
2018 if (r
< 0 && r
!= -ENOENT
)
2019 return log_error_errno(errno
, "Failed to read %s: %m", watch_path
);
2020 if (r
>= 0 && tstamp
>= start
)
2023 /* Let's ask for a sync, but only once. */
2025 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2027 r
= bus_connect_system_systemd(&bus
);
2029 return log_error_errno(r
, "Failed to get D-Bus connection: %m");
2031 r
= sd_bus_call_method(
2033 "org.freedesktop.systemd1",
2034 "/org/freedesktop/systemd1",
2035 "org.freedesktop.systemd1.Manager",
2039 "ssi", "systemd-journald.service", "main", sig
);
2041 return log_error_errno(r
, "Failed to kill journal service: %s", bus_error_message(&error
, r
));
2046 /* Let's install the inotify watch, if we didn't do that yet. */
2049 mkdir_p("/run/systemd/journal", 0755);
2051 watch_fd
= inotify_init1(IN_NONBLOCK
|IN_CLOEXEC
);
2053 return log_error_errno(errno
, "Failed to create inotify watch: %m");
2055 r
= inotify_add_watch(watch_fd
, "/run/systemd/journal", IN_MOVED_TO
|IN_DONT_FOLLOW
|IN_ONLYDIR
);
2057 return log_error_errno(errno
, "Failed to watch journal directory: %m");
2059 /* Recheck the flag file immediately, so that we don't miss any event since the last check. */
2063 /* OK, all preparatory steps done, let's wait until
2064 * inotify reports an event. */
2066 r
= fd_wait_for_event(watch_fd
, POLLIN
, USEC_INFINITY
);
2068 return log_error_errno(r
, "Failed to wait for event: %m");
2070 r
= flush_fd(watch_fd
);
2072 return log_error_errno(r
, "Failed to flush inotify events: %m");
2078 static int rotate(void) {
2079 return send_signal_and_wait(SIGUSR2
, "/run/systemd/journal/rotated");
2082 static int sync_journal(void) {
2083 return send_signal_and_wait(SIGRTMIN
+1, "/run/systemd/journal/synced");
2086 int main(int argc
, char *argv
[]) {
2088 _cleanup_(sd_journal_closep
) sd_journal
*j
= NULL
;
2089 bool need_seek
= false;
2090 sd_id128_t previous_boot_id
;
2091 bool previous_boot_id_valid
= false, first_line
= true;
2093 bool ellipsized
= false;
2095 setlocale(LC_ALL
, "");
2096 log_parse_environment();
2099 r
= parse_argv(argc
, argv
);
2103 signal(SIGWINCH
, columns_lines_cache_reset
);
2106 /* Increase max number of open files to 16K if we can, we
2107 * might needs this when browsing journal files, which might
2108 * be split up into many files. */
2109 setrlimit_closest(RLIMIT_NOFILE
, &RLIMIT_MAKE_CONST(16384));
2111 switch (arg_action
) {
2113 case ACTION_NEW_ID128
:
2114 r
= generate_new_id128();
2117 case ACTION_SETUP_KEYS
:
2121 case ACTION_LIST_CATALOG
:
2122 case ACTION_DUMP_CATALOG
:
2123 case ACTION_UPDATE_CATALOG
: {
2124 _cleanup_free_
char *database
;
2126 database
= path_join(arg_root
, CATALOG_DATABASE
, NULL
);
2132 if (arg_action
== ACTION_UPDATE_CATALOG
) {
2133 r
= catalog_update(database
, arg_root
, catalog_file_dirs
);
2135 log_error_errno(r
, "Failed to list catalog: %m");
2137 bool oneline
= arg_action
== ACTION_LIST_CATALOG
;
2139 pager_open(arg_no_pager
, arg_pager_end
);
2142 r
= catalog_list_items(stdout
, database
, oneline
, argv
+ optind
);
2144 r
= catalog_list(stdout
, database
, oneline
);
2146 log_error_errno(r
, "Failed to list catalog: %m");
2165 case ACTION_PRINT_HEADER
:
2167 case ACTION_DISK_USAGE
:
2168 case ACTION_LIST_BOOTS
:
2170 case ACTION_LIST_FIELDS
:
2171 case ACTION_LIST_FIELD_NAMES
:
2172 /* These ones require access to the journal files, continue below. */
2176 assert_not_reached("Unknown action");
2180 r
= sd_journal_open_directory(&j
, arg_directory
, arg_journal_type
);
2182 r
= sd_journal_open_directory(&j
, arg_root
, arg_journal_type
| SD_JOURNAL_OS_ROOT
);
2183 else if (arg_file_stdin
) {
2184 int ifd
= STDIN_FILENO
;
2185 r
= sd_journal_open_files_fd(&j
, &ifd
, 1, 0);
2186 } else if (arg_file
)
2187 r
= sd_journal_open_files(&j
, (const char**) arg_file
, 0);
2188 else if (arg_machine
) {
2189 _cleanup_(sd_bus_error_free
) sd_bus_error error
= SD_BUS_ERROR_NULL
;
2190 _cleanup_(sd_bus_message_unrefp
) sd_bus_message
*reply
= NULL
;
2191 _cleanup_(sd_bus_flush_close_unrefp
) sd_bus
*bus
= NULL
;
2194 if (geteuid() != 0) {
2195 /* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
2196 * the container, thus we need root privileges to override them. */
2197 log_error("Using the --machine= switch requires root privileges.");
2202 r
= sd_bus_open_system(&bus
);
2204 log_error_errno(r
, "Failed to open system bus: %m");
2208 r
= sd_bus_call_method(
2210 "org.freedesktop.machine1",
2211 "/org/freedesktop/machine1",
2212 "org.freedesktop.machine1.Manager",
2213 "OpenMachineRootDirectory",
2218 log_error_errno(r
, "Failed to open root directory: %s", bus_error_message(&error
, r
));
2222 r
= sd_bus_message_read(reply
, "h", &fd
);
2224 bus_log_parse_error(r
);
2228 fd
= fcntl(fd
, F_DUPFD_CLOEXEC
, 3);
2230 r
= log_error_errno(errno
, "Failed to duplicate file descriptor: %m");
2234 r
= sd_journal_open_directory_fd(&j
, fd
, SD_JOURNAL_OS_ROOT
);
2238 r
= sd_journal_open(&j
, !arg_merge
*SD_JOURNAL_LOCAL_ONLY
+ arg_journal_type
);
2240 log_error_errno(r
, "Failed to open %s: %m", arg_directory
?: arg_file
? "files" : "journal");
2244 r
= access_check(j
);
2248 switch (arg_action
) {
2250 case ACTION_NEW_ID128
:
2251 case ACTION_SETUP_KEYS
:
2252 case ACTION_LIST_CATALOG
:
2253 case ACTION_DUMP_CATALOG
:
2254 case ACTION_UPDATE_CATALOG
:
2258 assert_not_reached("Unexpected action.");
2260 case ACTION_PRINT_HEADER
:
2261 journal_print_header(j
);
2269 case ACTION_DISK_USAGE
: {
2271 char sbytes
[FORMAT_BYTES_MAX
];
2273 r
= sd_journal_get_usage(j
, &bytes
);
2277 printf("Archived and active journals take up %s in the file system.\n",
2278 format_bytes(sbytes
, sizeof(sbytes
), bytes
));
2282 case ACTION_LIST_BOOTS
:
2286 case ACTION_VACUUM
: {
2290 HASHMAP_FOREACH(d
, j
->directories_by_path
, i
) {
2296 q
= journal_directory_vacuum(d
->path
, arg_vacuum_size
, arg_vacuum_n_files
, arg_vacuum_time
, NULL
, true);
2298 log_error_errno(q
, "Failed to vacuum %s: %m", d
->path
);
2306 case ACTION_LIST_FIELD_NAMES
: {
2309 SD_JOURNAL_FOREACH_FIELD(j
, field
) {
2310 printf("%s\n", field
);
2319 case ACTION_LIST_FIELDS
:
2323 assert_not_reached("Unknown action");
2326 if (arg_boot_offset
!= 0 &&
2327 sd_journal_has_runtime_files(j
) > 0 &&
2328 sd_journal_has_persistent_files(j
) == 0) {
2329 log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
2333 /* add_boot() must be called first!
2334 * It may need to seek the journal to find parent boot IDs. */
2345 log_error_errno(r
, "Failed to add filter for units: %m");
2349 r
= add_syslog_identifier(j
);
2351 log_error_errno(r
, "Failed to add filter for syslog identifiers: %m");
2355 r
= add_priorities(j
);
2359 r
= add_matches(j
, argv
+ optind
);
2363 if (_unlikely_(log_get_max_level() >= LOG_DEBUG
)) {
2364 _cleanup_free_
char *filter
;
2366 filter
= journal_make_match_string(j
);
2370 log_debug("Journal filter: %s", filter
);
2373 if (arg_action
== ACTION_LIST_FIELDS
) {
2379 r
= sd_journal_set_data_threshold(j
, 0);
2381 log_error_errno(r
, "Failed to unset data size threshold: %m");
2385 r
= sd_journal_query_unique(j
, arg_field
);
2387 log_error_errno(r
, "Failed to query unique data objects: %m");
2391 SD_JOURNAL_FOREACH_UNIQUE(j
, data
, size
) {
2394 if (arg_lines
>= 0 && n_shown
>= arg_lines
)
2397 eq
= memchr(data
, '=', size
);
2399 printf("%.*s\n", (int) (size
- ((const uint8_t*) eq
- (const uint8_t*) data
+ 1)), (const char*) eq
+ 1);
2401 printf("%.*s\n", (int) size
, (const char*) data
);
2410 /* Opening the fd now means the first sd_journal_wait() will actually wait */
2412 r
= sd_journal_get_fd(j
);
2413 if (r
== -EMEDIUMTYPE
) {
2414 log_error_errno(r
, "The --follow switch is not supported in conjunction with reading from STDIN.");
2418 log_error_errno(r
, "Failed to get journal fd: %m");
2423 if (arg_cursor
|| arg_after_cursor
) {
2424 r
= sd_journal_seek_cursor(j
, arg_cursor
?: arg_after_cursor
);
2426 log_error_errno(r
, "Failed to seek to cursor: %m");
2431 r
= sd_journal_next_skip(j
, 1 + !!arg_after_cursor
);
2433 r
= sd_journal_previous_skip(j
, 1 + !!arg_after_cursor
);
2435 if (arg_after_cursor
&& r
< 2) {
2436 /* We couldn't find the next entry after the cursor. */
2443 } else if (arg_since_set
&& !arg_reverse
) {
2444 r
= sd_journal_seek_realtime_usec(j
, arg_since
);
2446 log_error_errno(r
, "Failed to seek to date: %m");
2449 r
= sd_journal_next(j
);
2451 } else if (arg_until_set
&& arg_reverse
) {
2452 r
= sd_journal_seek_realtime_usec(j
, arg_until
);
2454 log_error_errno(r
, "Failed to seek to date: %m");
2457 r
= sd_journal_previous(j
);
2459 } else if (arg_lines
>= 0) {
2460 r
= sd_journal_seek_tail(j
);
2462 log_error_errno(r
, "Failed to seek to tail: %m");
2466 r
= sd_journal_previous_skip(j
, arg_lines
);
2468 } else if (arg_reverse
) {
2469 r
= sd_journal_seek_tail(j
);
2471 log_error_errno(r
, "Failed to seek to tail: %m");
2475 r
= sd_journal_previous(j
);
2478 r
= sd_journal_seek_head(j
);
2480 log_error_errno(r
, "Failed to seek to head: %m");
2484 r
= sd_journal_next(j
);
2488 log_error_errno(r
, "Failed to iterate through journal: %m");
2496 printf("-- No entries --\n");
2502 pager_open(arg_no_pager
, arg_pager_end
);
2506 char start_buf
[FORMAT_TIMESTAMP_MAX
], end_buf
[FORMAT_TIMESTAMP_MAX
];
2508 r
= sd_journal_get_cutoff_realtime_usec(j
, &start
, &end
);
2510 log_error_errno(r
, "Failed to get cutoff: %m");
2516 printf("-- Logs begin at %s. --\n",
2517 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
));
2519 printf("-- Logs begin at %s, end at %s. --\n",
2520 format_timestamp_maybe_utc(start_buf
, sizeof(start_buf
), start
),
2521 format_timestamp_maybe_utc(end_buf
, sizeof(end_buf
), end
));
2526 while (arg_lines
< 0 || n_shown
< arg_lines
|| (arg_follow
&& !first_line
)) {
2531 r
= sd_journal_next(j
);
2533 r
= sd_journal_previous(j
);
2535 log_error_errno(r
, "Failed to iterate through journal: %m");
2542 if (arg_until_set
&& !arg_reverse
) {
2545 r
= sd_journal_get_realtime_usec(j
, &usec
);
2547 log_error_errno(r
, "Failed to determine timestamp: %m");
2550 if (usec
> arg_until
)
2554 if (arg_since_set
&& arg_reverse
) {
2557 r
= sd_journal_get_realtime_usec(j
, &usec
);
2559 log_error_errno(r
, "Failed to determine timestamp: %m");
2562 if (usec
< arg_since
)
2566 if (!arg_merge
&& !arg_quiet
) {
2569 r
= sd_journal_get_monotonic_usec(j
, NULL
, &boot_id
);
2571 if (previous_boot_id_valid
&&
2572 !sd_id128_equal(boot_id
, previous_boot_id
))
2573 printf("%s-- Reboot --%s\n",
2574 ansi_highlight(), ansi_normal());
2576 previous_boot_id
= boot_id
;
2577 previous_boot_id_valid
= true;
2582 arg_all
* OUTPUT_SHOW_ALL
|
2583 arg_full
* OUTPUT_FULL_WIDTH
|
2584 colors_enabled() * OUTPUT_COLOR
|
2585 arg_catalog
* OUTPUT_CATALOG
|
2586 arg_utc
* OUTPUT_UTC
|
2587 arg_no_hostname
* OUTPUT_NO_HOSTNAME
;
2589 r
= output_journal(stdout
, j
, arg_output
, 0, flags
, &ellipsized
);
2591 if (r
== -EADDRNOTAVAIL
)
2593 else if (r
< 0 || ferror(stdout
))
2600 if (arg_show_cursor
) {
2601 _cleanup_free_
char *cursor
= NULL
;
2603 r
= sd_journal_get_cursor(j
, &cursor
);
2604 if (r
< 0 && r
!= -EADDRNOTAVAIL
)
2605 log_error_errno(r
, "Failed to get cursor: %m");
2607 printf("-- cursor: %s\n", cursor
);
2613 r
= sd_journal_wait(j
, (uint64_t) -1);
2615 log_error_errno(r
, "Couldn't wait for journal event: %m");
2625 strv_free(arg_file
);
2627 strv_free(arg_syslog_identifier
);
2628 strv_free(arg_system_units
);
2629 strv_free(arg_user_units
);
2632 free(arg_verify_key
);
2634 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;