1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include <sys/ioctl.h>
37 #include <sys/inotify.h>
45 #include "sd-journal.h"
49 #include "logs-show.h"
51 #include "path-util.h"
57 #include "journal-internal.h"
58 #include "journal-def.h"
59 #include "journal-verify.h"
60 #include "journal-authenticate.h"
61 #include "journal-qrcode.h"
62 #include "journal-vacuum.h"
64 #include "unit-name.h"
68 #include "bus-error.h"
70 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
73 /* Special values for arg_lines */
74 ARG_LINES_DEFAULT = -2,
78 static OutputMode arg_output = OUTPUT_SHORT;
79 static bool arg_utc = false;
80 static bool arg_pager_end = false;
81 static bool arg_follow = false;
82 static bool arg_full = true;
83 static bool arg_all = false;
84 static bool arg_no_pager = false;
85 static int arg_lines = ARG_LINES_DEFAULT;
86 static bool arg_no_tail = false;
87 static bool arg_quiet = false;
88 static bool arg_merge = false;
89 static bool arg_boot = false;
90 static sd_id128_t arg_boot_id = {};
91 static int arg_boot_offset = 0;
92 static bool arg_dmesg = false;
93 static const char *arg_cursor = NULL;
94 static const char *arg_after_cursor = NULL;
95 static bool arg_show_cursor = false;
96 static const char *arg_directory = NULL;
97 static char **arg_file = NULL;
98 static int arg_priorities = 0xFF;
99 static const char *arg_verify_key = NULL;
101 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
102 static bool arg_force = false;
104 static usec_t arg_since, arg_until;
105 static bool arg_since_set = false, arg_until_set = false;
106 static char **arg_syslog_identifier = NULL;
107 static char **arg_system_units = NULL;
108 static char **arg_user_units = NULL;
109 static const char *arg_field = NULL;
110 static bool arg_catalog = false;
111 static bool arg_reverse = false;
112 static int arg_journal_type = 0;
113 static const char *arg_root = NULL;
114 static const char *arg_machine = NULL;
115 static off_t arg_vacuum_size = (off_t) -1;
116 static usec_t arg_vacuum_time = USEC_INFINITY;
127 ACTION_UPDATE_CATALOG,
131 } arg_action = ACTION_SHOW;
133 typedef struct boot_id_t {
139 static void pager_open_if_enabled(void) {
144 pager_open(arg_pager_end);
147 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
150 return format_timestamp_utc(buf, l, t);
152 return format_timestamp(buf, l, t);
155 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
156 sd_id128_t id = SD_ID128_NULL;
159 if (strlen(x) >= 32) {
163 r = sd_id128_from_string(t, &id);
167 if (*x != '-' && *x != '+' && *x != 0)
171 r = safe_atoi(x, &off);
176 r = safe_atoi(x, &off);
190 static void help(void) {
192 pager_open_if_enabled();
194 printf("%s [OPTIONS...] [MATCHES...]\n\n"
195 "Query the journal.\n\n"
197 " --system Show the system journal\n"
198 " --user Show the user journal for the current user\n"
199 " -M --machine=CONTAINER Operate on local container\n"
200 " --since=DATE Start showing entries on or newer than the specified date\n"
201 " --until=DATE Stop showing entries on or newer than the specified date\n"
202 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
203 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
204 " --show-cursor Print the cursor after all the entries\n"
205 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
206 " --list-boots Show terse information about recorded boots\n"
207 " -k --dmesg Show kernel message log from the current boot\n"
208 " -u --unit=UNIT Show data only from the specified unit\n"
209 " --user-unit=UNIT Show data only from the specified user session unit\n"
210 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
211 " -p --priority=RANGE Show only messages within the specified priority range\n"
212 " -e --pager-end Immediately jump to end of the journal in the pager\n"
213 " -f --follow Follow the journal\n"
214 " -n --lines[=INTEGER] Number of journal entries to show\n"
215 " --no-tail Show all lines, even in follow mode\n"
216 " -r --reverse Show the newest entries first\n"
217 " -o --output=STRING Change journal output mode (short, short-iso,\n"
218 " short-precise, short-monotonic, verbose,\n"
219 " export, json, json-pretty, json-sse, cat)\n"
220 " --utc Express time in Coordinated Universal Time (UTC)\n"
221 " -x --catalog Add message explanations where available\n"
222 " --no-full Ellipsize fields\n"
223 " -a --all Show all fields, including long and unprintable\n"
224 " -q --quiet Do not show privilege warning\n"
225 " --no-pager Do not pipe output into a pager\n"
226 " -m --merge Show entries from all available journals\n"
227 " -D --directory=PATH Show journal files from directory\n"
228 " --file=PATH Show journal file\n"
229 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
231 " --interval=TIME Time interval for changing the FSS sealing key\n"
232 " --verify-key=KEY Specify FSS verification key\n"
233 " --force Force overriding of the FSS key pair with --setup-keys\n"
236 " -h --help Show this help text\n"
237 " --version Show package version\n"
238 " -F --field=FIELD List all values that a specified field takes\n"
239 " --new-id128 Generate a new 128-bit ID\n"
240 " --disk-usage Show total disk usage of all journal files\n"
241 " --vacuum-size=BYTES Remove old journals until disk space drops below size\n"
242 " --vacuum-time=TIME Remove old journals until none left older than\n"
243 " --flush Flush all journal data from /run into /var\n"
244 " --header Show journal header information\n"
245 " --list-catalog Show message IDs of all entries in the message catalog\n"
246 " --dump-catalog Show entries in the message catalog\n"
247 " --update-catalog Update the message catalog database\n"
249 " --setup-keys Generate a new FSS key pair\n"
250 " --verify Verify journal file consistency\n"
252 , program_invocation_short_name);
255 static int parse_argv(int argc, char *argv[]) {
289 static const struct option options[] = {
290 { "help", no_argument, NULL, 'h' },
291 { "version" , no_argument, NULL, ARG_VERSION },
292 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
293 { "pager-end", no_argument, NULL, 'e' },
294 { "follow", no_argument, NULL, 'f' },
295 { "force", no_argument, NULL, ARG_FORCE },
296 { "output", required_argument, NULL, 'o' },
297 { "all", no_argument, NULL, 'a' },
298 { "full", no_argument, NULL, 'l' },
299 { "no-full", no_argument, NULL, ARG_NO_FULL },
300 { "lines", optional_argument, NULL, 'n' },
301 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
302 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
303 { "quiet", no_argument, NULL, 'q' },
304 { "merge", no_argument, NULL, 'm' },
305 { "boot", optional_argument, NULL, 'b' },
306 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
307 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
308 { "dmesg", no_argument, NULL, 'k' },
309 { "system", no_argument, NULL, ARG_SYSTEM },
310 { "user", no_argument, NULL, ARG_USER },
311 { "directory", required_argument, NULL, 'D' },
312 { "file", required_argument, NULL, ARG_FILE },
313 { "root", required_argument, NULL, ARG_ROOT },
314 { "header", no_argument, NULL, ARG_HEADER },
315 { "identifier", required_argument, NULL, 't' },
316 { "priority", required_argument, NULL, 'p' },
317 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
318 { "interval", required_argument, NULL, ARG_INTERVAL },
319 { "verify", no_argument, NULL, ARG_VERIFY },
320 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
321 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
322 { "cursor", required_argument, NULL, 'c' },
323 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
324 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
325 { "since", required_argument, NULL, ARG_SINCE },
326 { "until", required_argument, NULL, ARG_UNTIL },
327 { "unit", required_argument, NULL, 'u' },
328 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
329 { "field", required_argument, NULL, 'F' },
330 { "catalog", no_argument, NULL, 'x' },
331 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
332 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
333 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
334 { "reverse", no_argument, NULL, 'r' },
335 { "machine", required_argument, NULL, 'M' },
336 { "utc", no_argument, NULL, ARG_UTC },
337 { "flush", no_argument, NULL, ARG_FLUSH },
338 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
339 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
348 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
357 puts(PACKAGE_STRING);
358 puts(SYSTEMD_FEATURES);
366 arg_pager_end = true;
368 if (arg_lines == ARG_LINES_DEFAULT)
378 arg_output = output_mode_from_string(optarg);
379 if (arg_output < 0) {
380 log_error("Unknown output format '%s'.", optarg);
384 if (arg_output == OUTPUT_EXPORT ||
385 arg_output == OUTPUT_JSON ||
386 arg_output == OUTPUT_JSON_PRETTY ||
387 arg_output == OUTPUT_JSON_SSE ||
388 arg_output == OUTPUT_CAT)
407 if (streq(optarg, "all"))
408 arg_lines = ARG_LINES_ALL;
410 r = safe_atoi(optarg, &arg_lines);
411 if (r < 0 || arg_lines < 0) {
412 log_error("Failed to parse lines '%s'", optarg);
419 /* Hmm, no argument? Maybe the next
420 * word on the command line is
421 * supposed to be the argument? Let's
422 * see if there is one, and is
426 if (streq(argv[optind], "all")) {
427 arg_lines = ARG_LINES_ALL;
429 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
443 arg_action = ACTION_NEW_ID128;
458 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
460 log_error("Failed to parse boot descriptor '%s'", optarg);
465 /* Hmm, no argument? Maybe the next
466 * word on the command line is
467 * supposed to be the argument? Let's
468 * see if there is one and is parsable
469 * as a boot descriptor... */
472 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
479 arg_action = ACTION_LIST_BOOTS;
483 arg_boot = arg_dmesg = true;
487 arg_journal_type |= SD_JOURNAL_SYSTEM;
491 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
495 arg_machine = optarg;
499 arg_directory = optarg;
503 r = glob_extend(&arg_file, optarg);
505 log_error_errno(r, "Failed to add paths: %m");
518 case ARG_AFTER_CURSOR:
519 arg_after_cursor = optarg;
522 case ARG_SHOW_CURSOR:
523 arg_show_cursor = true;
527 arg_action = ACTION_PRINT_HEADER;
531 arg_action = ACTION_VERIFY;
535 arg_action = ACTION_DISK_USAGE;
538 case ARG_VACUUM_SIZE:
539 r = parse_size(optarg, 1024, &arg_vacuum_size);
541 log_error("Failed to parse vacuum size: %s", optarg);
545 arg_action = ACTION_VACUUM;
548 case ARG_VACUUM_TIME:
549 r = parse_sec(optarg, &arg_vacuum_time);
551 log_error("Failed to parse vacuum time: %s", optarg);
555 arg_action = ACTION_VACUUM;
564 arg_action = ACTION_SETUP_KEYS;
569 arg_action = ACTION_VERIFY;
570 arg_verify_key = optarg;
575 r = parse_sec(optarg, &arg_interval);
576 if (r < 0 || arg_interval <= 0) {
577 log_error("Failed to parse sealing key change interval: %s", optarg);
586 log_error("Forward-secure sealing not available.");
593 dots = strstr(optarg, "..");
599 a = strndup(optarg, dots - optarg);
603 from = log_level_from_string(a);
604 to = log_level_from_string(dots + 2);
607 if (from < 0 || to < 0) {
608 log_error("Failed to parse log level range %s", optarg);
615 for (i = from; i <= to; i++)
616 arg_priorities |= 1 << i;
618 for (i = to; i <= from; i++)
619 arg_priorities |= 1 << i;
625 p = log_level_from_string(optarg);
627 log_error("Unknown log level %s", optarg);
633 for (i = 0; i <= p; i++)
634 arg_priorities |= 1 << i;
641 r = parse_timestamp(optarg, &arg_since);
643 log_error("Failed to parse timestamp: %s", optarg);
646 arg_since_set = true;
650 r = parse_timestamp(optarg, &arg_until);
652 log_error("Failed to parse timestamp: %s", optarg);
655 arg_until_set = true;
659 r = strv_extend(&arg_syslog_identifier, optarg);
665 r = strv_extend(&arg_system_units, optarg);
671 r = strv_extend(&arg_user_units, optarg);
684 case ARG_LIST_CATALOG:
685 arg_action = ACTION_LIST_CATALOG;
688 case ARG_DUMP_CATALOG:
689 arg_action = ACTION_DUMP_CATALOG;
692 case ARG_UPDATE_CATALOG:
693 arg_action = ACTION_UPDATE_CATALOG;
705 arg_action = ACTION_FLUSH;
712 assert_not_reached("Unhandled option");
715 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
718 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
719 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
723 if (arg_since_set && arg_until_set && arg_since > arg_until) {
724 log_error("--since= must be before --until=.");
728 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
729 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
733 if (arg_follow && arg_reverse) {
734 log_error("Please specify either --reverse= or --follow=, not both.");
738 if (arg_action != ACTION_SHOW && optind < argc) {
739 log_error("Extraneous arguments starting with '%s'", argv[optind]);
746 static int generate_new_id128(void) {
751 r = sd_id128_randomize(&id);
753 log_error_errno(r, "Failed to generate ID: %m");
757 printf("As string:\n"
758 SD_ID128_FORMAT_STR "\n\n"
760 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
762 "#define MESSAGE_XYZ SD_ID128_MAKE(",
763 SD_ID128_FORMAT_VAL(id),
764 SD_ID128_FORMAT_VAL(id));
765 for (i = 0; i < 16; i++)
766 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
767 fputs(")\n\n", stdout);
769 printf("As Python constant:\n"
771 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
772 SD_ID128_FORMAT_VAL(id));
777 static int add_matches(sd_journal *j, char **args) {
779 bool have_term = false;
783 STRV_FOREACH(i, args) {
786 if (streq(*i, "+")) {
789 r = sd_journal_add_disjunction(j);
792 } else if (path_is_absolute(*i)) {
793 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
795 _cleanup_free_ char *interpreter = NULL;
798 p = canonicalize_file_name(*i);
801 if (stat(path, &st) < 0) {
802 log_error("Couldn't stat file: %m");
806 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
807 if (executable_is_script(path, &interpreter) > 0) {
808 _cleanup_free_ char *comm;
810 comm = strndup(basename(path), 15);
814 t = strappend("_COMM=", comm);
816 /* Append _EXE only if the interpreter is not a link.
817 Otherwise, it might be outdated often. */
818 if (lstat(interpreter, &st) == 0 &&
819 !S_ISLNK(st.st_mode)) {
820 t2 = strappend("_EXE=", interpreter);
825 t = strappend("_EXE=", path);
826 } else if (S_ISCHR(st.st_mode)) {
827 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
829 minor(st.st_rdev)) < 0)
831 } else if (S_ISBLK(st.st_mode)) {
832 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
834 minor(st.st_rdev)) < 0)
837 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
844 r = sd_journal_add_match(j, t, 0);
846 r = sd_journal_add_match(j, t2, 0);
850 r = sd_journal_add_match(j, *i, 0);
855 log_error_errno(r, "Failed to add match '%s': %m", *i);
860 if (!strv_isempty(args) && !have_term) {
861 log_error("\"+\" can only be used between terms");
868 static int boot_id_cmp(const void *a, const void *b) {
871 _a = ((const boot_id_t *)a)->first;
872 _b = ((const boot_id_t *)b)->first;
874 return _a < _b ? -1 : (_a > _b ? 1 : 0);
877 static int get_boots(sd_journal *j,
880 boot_id_t *query_ref_boot) {
883 size_t length, allocated = 0;
889 r = sd_journal_query_unique(j, "_BOOT_ID");
894 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
897 assert(startswith(data, "_BOOT_ID="));
899 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
902 id = *boots + *count;
904 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
908 r = sd_journal_add_match(j, data, length);
912 r = sd_journal_seek_head(j);
916 r = sd_journal_next(j);
922 r = sd_journal_get_realtime_usec(j, &id->first);
926 if (query_ref_boot) {
928 if (sd_id128_equal(id->id, query_ref_boot->id))
929 *query_ref_boot = *id;
931 r = sd_journal_seek_tail(j);
935 r = sd_journal_previous(j);
941 r = sd_journal_get_realtime_usec(j, &id->last);
948 sd_journal_flush_matches(j);
951 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
955 static int list_boots(sd_journal *j) {
959 _cleanup_free_ boot_id_t *all_ids = NULL;
963 r = get_boots(j, &all_ids, &count, NULL);
967 pager_open_if_enabled();
969 /* numbers are one less, but we need an extra char for the sign */
970 w = DECIMAL_STR_WIDTH(count - 1) + 1;
972 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
973 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
975 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
977 SD_ID128_FORMAT_VAL(id->id),
978 format_timestamp_maybe_utc(a, sizeof(a), id->first),
979 format_timestamp_maybe_utc(b, sizeof(b), id->last));
985 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
988 boot_id_t ref_boot_id = {}, *id;
989 _cleanup_free_ boot_id_t *all_ids = NULL;
994 ref_boot_id.id = *boot_id;
995 r = get_boots(j, &all_ids, &count, &ref_boot_id);
999 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
1000 if (offset > (int) count || offset <= -(int)count)
1001 return -EADDRNOTAVAIL;
1003 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
1005 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
1008 offset <= 0 ? (id - all_ids) + offset < 0 :
1009 (id - all_ids) + offset >= (int) count)
1010 return -EADDRNOTAVAIL;
1012 *boot_id = (id + offset)->id;
1018 static int add_boot(sd_journal *j) {
1019 char match[9+32+1] = "_BOOT_ID=";
1027 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1028 return add_match_this_boot(j, arg_machine);
1030 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1032 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1033 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1035 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1036 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1040 sd_id128_to_string(arg_boot_id, match + 9);
1042 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1044 log_error_errno(r, "Failed to add match: %m");
1048 r = sd_journal_add_conjunction(j);
1055 static int add_dmesg(sd_journal *j) {
1062 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1064 log_error_errno(r, "Failed to add match: %m");
1068 r = sd_journal_add_conjunction(j);
1075 static int get_possible_units(sd_journal *j,
1079 _cleanup_set_free_free_ Set *found;
1083 found = set_new(&string_hash_ops);
1087 NULSTR_FOREACH(field, fields) {
1091 r = sd_journal_query_unique(j, field);
1095 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1096 char **pattern, *eq;
1098 _cleanup_free_ char *u = NULL;
1100 eq = memchr(data, '=', size);
1102 prefix = eq - (char*) data + 1;
1106 u = strndup((char*) data + prefix, size - prefix);
1110 STRV_FOREACH(pattern, patterns)
1111 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1112 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1114 r = set_consume(found, u);
1116 if (r < 0 && r != -EEXIST)
1129 /* This list is supposed to return the superset of unit names
1130 * possibly matched by rules added with add_matches_for_unit... */
1131 #define SYSTEM_UNITS \
1135 "OBJECT_SYSTEMD_UNIT\0" \
1138 /* ... and add_matches_for_user_unit */
1139 #define USER_UNITS \
1140 "_SYSTEMD_USER_UNIT\0" \
1142 "COREDUMP_USER_UNIT\0" \
1143 "OBJECT_SYSTEMD_USER_UNIT\0"
1145 static int add_units(sd_journal *j) {
1146 _cleanup_strv_free_ char **patterns = NULL;
1152 STRV_FOREACH(i, arg_system_units) {
1153 _cleanup_free_ char *u = NULL;
1155 u = unit_name_mangle(*i, MANGLE_GLOB);
1159 if (string_is_glob(u)) {
1160 r = strv_push(&patterns, u);
1165 r = add_matches_for_unit(j, u);
1168 r = sd_journal_add_disjunction(j);
1175 if (!strv_isempty(patterns)) {
1176 _cleanup_set_free_free_ Set *units = NULL;
1180 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1184 SET_FOREACH(u, units, it) {
1185 r = add_matches_for_unit(j, u);
1188 r = sd_journal_add_disjunction(j);
1195 strv_free(patterns);
1198 STRV_FOREACH(i, arg_user_units) {
1199 _cleanup_free_ char *u = NULL;
1201 u = unit_name_mangle(*i, MANGLE_GLOB);
1205 if (string_is_glob(u)) {
1206 r = strv_push(&patterns, u);
1211 r = add_matches_for_user_unit(j, u, getuid());
1214 r = sd_journal_add_disjunction(j);
1221 if (!strv_isempty(patterns)) {
1222 _cleanup_set_free_free_ Set *units = NULL;
1226 r = get_possible_units(j, USER_UNITS, patterns, &units);
1230 SET_FOREACH(u, units, it) {
1231 r = add_matches_for_user_unit(j, u, getuid());
1234 r = sd_journal_add_disjunction(j);
1241 /* Complain if the user request matches but nothing whatsoever was
1242 * found, since otherwise everything would be matched. */
1243 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1246 r = sd_journal_add_conjunction(j);
1253 static int add_priorities(sd_journal *j) {
1254 char match[] = "PRIORITY=0";
1258 if (arg_priorities == 0xFF)
1261 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1262 if (arg_priorities & (1 << i)) {
1263 match[sizeof(match)-2] = '0' + i;
1265 r = sd_journal_add_match(j, match, strlen(match));
1267 log_error_errno(r, "Failed to add match: %m");
1272 r = sd_journal_add_conjunction(j);
1280 static int add_syslog_identifier(sd_journal *j) {
1286 STRV_FOREACH(i, arg_syslog_identifier) {
1289 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1290 r = sd_journal_add_match(j, u, 0);
1293 r = sd_journal_add_disjunction(j);
1298 r = sd_journal_add_conjunction(j);
1305 static int setup_keys(void) {
1307 size_t mpk_size, seed_size, state_size, i;
1308 uint8_t *mpk, *seed, *state;
1310 int fd = -1, r, attr = 0;
1311 sd_id128_t machine, boot;
1312 char *p = NULL, *k = NULL;
1317 r = stat("/var/log/journal", &st);
1318 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
1319 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
1323 if (r < 0 || !S_ISDIR(st.st_mode)) {
1324 log_error("%s is not a directory, must be using persistent logging for FSS.",
1325 "/var/log/journal");
1326 return r < 0 ? -errno : -ENOTDIR;
1329 r = sd_id128_get_machine(&machine);
1331 log_error_errno(r, "Failed to get machine ID: %m");
1335 r = sd_id128_get_boot(&boot);
1337 log_error_errno(r, "Failed to get boot ID: %m");
1341 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1342 SD_ID128_FORMAT_VAL(machine)) < 0)
1345 if (access(p, F_OK) >= 0) {
1349 log_error("unlink(\"%s\") failed: %m", p);
1354 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1360 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1361 SD_ID128_FORMAT_VAL(machine)) < 0) {
1366 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1367 mpk = alloca(mpk_size);
1369 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1370 seed = alloca(seed_size);
1372 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1373 state = alloca(state_size);
1375 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1377 log_error("Failed to open /dev/random: %m");
1382 log_info("Generating seed...");
1383 l = loop_read(fd, seed, seed_size, true);
1384 if (l < 0 || (size_t) l != seed_size) {
1385 log_error_errno(EIO, "Failed to read random seed: %m");
1390 log_info("Generating key pair...");
1391 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1393 log_info("Generating sealing key...");
1394 FSPRG_GenState0(state, mpk, seed, seed_size);
1396 assert(arg_interval > 0);
1398 n = now(CLOCK_REALTIME);
1402 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1404 log_error("Failed to open %s: %m", k);
1409 /* Enable secure remove, exclusion from dump, synchronous
1410 * writing and in-place updating */
1411 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1412 log_warning("FS_IOC_GETFLAGS failed: %m");
1414 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1416 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1417 log_warning("FS_IOC_SETFLAGS failed: %m");
1420 memcpy(h.signature, "KSHHRHLP", 8);
1421 h.machine_id = machine;
1423 h.header_size = htole64(sizeof(h));
1424 h.start_usec = htole64(n * arg_interval);
1425 h.interval_usec = htole64(arg_interval);
1426 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1427 h.fsprg_state_size = htole64(state_size);
1429 l = loop_write(fd, &h, sizeof(h), false);
1430 if (l < 0 || (size_t) l != sizeof(h)) {
1431 log_error_errno(EIO, "Failed to write header: %m");
1436 l = loop_write(fd, state, state_size, false);
1437 if (l < 0 || (size_t) l != state_size) {
1438 log_error_errno(EIO, "Failed to write state: %m");
1443 if (link(k, p) < 0) {
1444 log_error("Failed to link file: %m");
1452 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1453 "the following local file. This key file is automatically updated when the\n"
1454 "sealing key is advanced. It should not be used on multiple hosts.\n"
1458 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1459 "at a safe location and should not be saved locally on disk.\n"
1460 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1463 for (i = 0; i < seed_size; i++) {
1464 if (i > 0 && i % 3 == 0)
1466 printf("%02x", ((uint8_t*) seed)[i]);
1469 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1472 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1475 ANSI_HIGHLIGHT_OFF "\n"
1476 "The sealing key is automatically changed every %s.\n",
1477 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1479 hn = gethostname_malloc();
1482 hostname_cleanup(hn, false);
1483 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1485 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1487 #ifdef HAVE_QRENCODE
1488 /* If this is not an UTF-8 system don't print any QR codes */
1489 if (is_locale_utf8()) {
1490 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1491 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1511 log_error("Forward-secure sealing not available.");
1516 static int verify(sd_journal *j) {
1523 log_show_color(true);
1525 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1527 usec_t first, validated, last;
1530 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1531 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1534 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1536 /* If the key was invalid give up right-away. */
1539 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1542 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1543 log_info("PASS: %s", f->path);
1545 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1546 if (validated > 0) {
1547 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1548 format_timestamp_maybe_utc(a, sizeof(a), first),
1549 format_timestamp_maybe_utc(b, sizeof(b), validated),
1550 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1551 } else if (last > 0)
1552 log_info("=> No sealing yet, %s of entries not sealed.",
1553 format_timespan(c, sizeof(c), last - first, 0));
1555 log_info("=> No sealing yet, no entries in file.");
1564 static int access_check_var_log_journal(sd_journal *j) {
1565 _cleanup_strv_free_ char **g = NULL;
1571 have_access = in_group("systemd-journal") > 0;
1574 /* Let's enumerate all groups from the default ACL of
1575 * the directory, which generally should allow access
1576 * to most journal files too */
1577 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1584 if (strv_isempty(g))
1585 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1586 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1587 " turn off this notice.");
1589 _cleanup_free_ char *s = NULL;
1591 r = strv_extend(&g, "systemd-journal");
1598 s = strv_join(g, "', '");
1602 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1603 " Users in the groups '%s' can see all messages.\n"
1604 " Pass -q to turn off this notice.", s);
1612 static int access_check(sd_journal *j) {
1619 if (set_isempty(j->errors)) {
1620 if (ordered_hashmap_isempty(j->files))
1621 log_notice("No journal files were found.");
1625 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1627 /* If /var/log/journal doesn't even exist,
1628 * unprivileged users have no access at all */
1629 if (access("/var/log/journal", F_OK) < 0 &&
1631 in_group("systemd-journal") <= 0) {
1632 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1633 "enabled. Users in the 'systemd-journal' group may always access messages.");
1637 /* If /var/log/journal exists, try to pring a nice
1638 notice if the user lacks access to it */
1639 if (!arg_quiet && geteuid() != 0) {
1640 r = access_check_var_log_journal(j);
1645 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1646 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1647 "group may access messages.");
1652 if (ordered_hashmap_isempty(j->files)) {
1653 log_error("No journal files were opened due to insufficient permissions.");
1658 SET_FOREACH(code, j->errors, it) {
1661 err = -PTR_TO_INT(code);
1665 log_warning("Error was encountered while opening journal files: %s",
1672 static int flush_to_var(void) {
1673 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1674 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1675 _cleanup_close_ int watch_fd = -1;
1679 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1682 /* OK, let's actually do the full logic, send SIGUSR1 to the
1683 * daemon and set up inotify to wait for the flushed file to appear */
1684 r = bus_open_system_systemd(&bus);
1686 log_error_errno(r, "Failed to get D-Bus connection: %m");
1690 r = sd_bus_call_method(
1692 "org.freedesktop.systemd1",
1693 "/org/freedesktop/systemd1",
1694 "org.freedesktop.systemd1.Manager",
1698 "ssi", "systemd-journald.service", "main", SIGUSR1);
1700 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1704 mkdir_p("/run/systemd/journal", 0755);
1706 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1708 log_error("Failed to create inotify watch: %m");
1712 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1714 log_error("Failed to watch journal directory: %m");
1719 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1722 if (errno != ENOENT) {
1723 log_error("Failed to check for existance of /run/systemd/journal/flushed: %m");
1727 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1729 log_error_errno(r, "Failed to wait for event: %m");
1733 r = flush_fd(watch_fd);
1735 log_error_errno(r, "Failed to flush inotify events: %m");
1743 int main(int argc, char *argv[]) {
1745 _cleanup_journal_close_ sd_journal *j = NULL;
1746 bool need_seek = false;
1747 sd_id128_t previous_boot_id;
1748 bool previous_boot_id_valid = false, first_line = true;
1750 bool ellipsized = false;
1752 setlocale(LC_ALL, "");
1753 log_parse_environment();
1756 r = parse_argv(argc, argv);
1760 signal(SIGWINCH, columns_lines_cache_reset);
1762 if (arg_action == ACTION_NEW_ID128) {
1763 r = generate_new_id128();
1767 if (arg_action == ACTION_FLUSH) {
1772 if (arg_action == ACTION_SETUP_KEYS) {
1777 if (arg_action == ACTION_UPDATE_CATALOG ||
1778 arg_action == ACTION_LIST_CATALOG ||
1779 arg_action == ACTION_DUMP_CATALOG) {
1781 _cleanup_free_ char *database;
1783 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1789 if (arg_action == ACTION_UPDATE_CATALOG) {
1790 r = catalog_update(database, arg_root, catalog_file_dirs);
1792 log_error_errno(r, "Failed to list catalog: %m");
1794 bool oneline = arg_action == ACTION_LIST_CATALOG;
1797 r = catalog_list_items(stdout, database,
1798 oneline, argv + optind);
1800 r = catalog_list(stdout, database, oneline);
1802 log_error_errno(r, "Failed to list catalog: %m");
1809 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1811 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1812 else if (arg_machine)
1813 r = sd_journal_open_container(&j, arg_machine, 0);
1815 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1817 log_error("Failed to open %s: %s",
1818 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1820 return EXIT_FAILURE;
1823 r = access_check(j);
1825 return EXIT_FAILURE;
1827 if (arg_action == ACTION_VERIFY) {
1832 if (arg_action == ACTION_PRINT_HEADER) {
1833 journal_print_header(j);
1834 return EXIT_SUCCESS;
1837 if (arg_action == ACTION_DISK_USAGE) {
1839 char sbytes[FORMAT_BYTES_MAX];
1841 r = sd_journal_get_usage(j, &bytes);
1843 return EXIT_FAILURE;
1845 printf("Archived and active journals take up %s on disk.\n",
1846 format_bytes(sbytes, sizeof(sbytes), bytes));
1847 return EXIT_SUCCESS;
1850 if (arg_action == ACTION_VACUUM) {
1854 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1860 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1862 log_error_errno(q, "Failed to vacuum: %m");
1867 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1870 if (arg_action == ACTION_LIST_BOOTS) {
1875 /* add_boot() must be called first!
1876 * It may need to seek the journal to find parent boot IDs. */
1879 return EXIT_FAILURE;
1883 return EXIT_FAILURE;
1886 strv_free(arg_system_units);
1887 strv_free(arg_user_units);
1890 log_error_errno(r, "Failed to add filter for units: %m");
1891 return EXIT_FAILURE;
1894 r = add_syslog_identifier(j);
1896 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1897 return EXIT_FAILURE;
1900 r = add_priorities(j);
1902 log_error_errno(r, "Failed to add filter for priorities: %m");
1903 return EXIT_FAILURE;
1906 r = add_matches(j, argv + optind);
1908 log_error_errno(r, "Failed to add filters: %m");
1909 return EXIT_FAILURE;
1912 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1913 _cleanup_free_ char *filter;
1915 filter = journal_make_match_string(j);
1916 log_debug("Journal filter: %s", filter);
1923 r = sd_journal_set_data_threshold(j, 0);
1925 log_error("Failed to unset data size threshold");
1926 return EXIT_FAILURE;
1929 r = sd_journal_query_unique(j, arg_field);
1931 log_error_errno(r, "Failed to query unique data objects: %m");
1932 return EXIT_FAILURE;
1935 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1938 if (arg_lines >= 0 && n_shown >= arg_lines)
1941 eq = memchr(data, '=', size);
1943 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1945 printf("%.*s\n", (int) size, (const char*) data);
1950 return EXIT_SUCCESS;
1953 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1955 r = sd_journal_get_fd(j);
1957 return EXIT_FAILURE;
1960 if (arg_cursor || arg_after_cursor) {
1961 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1963 log_error_errno(r, "Failed to seek to cursor: %m");
1964 return EXIT_FAILURE;
1967 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1969 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1971 if (arg_after_cursor && r < 2 && !arg_follow)
1972 /* We couldn't find the next entry after the cursor. */
1975 } else if (arg_since_set && !arg_reverse) {
1976 r = sd_journal_seek_realtime_usec(j, arg_since);
1978 log_error_errno(r, "Failed to seek to date: %m");
1979 return EXIT_FAILURE;
1981 r = sd_journal_next(j);
1983 } else if (arg_until_set && arg_reverse) {
1984 r = sd_journal_seek_realtime_usec(j, arg_until);
1986 log_error_errno(r, "Failed to seek to date: %m");
1987 return EXIT_FAILURE;
1989 r = sd_journal_previous(j);
1991 } else if (arg_lines >= 0) {
1992 r = sd_journal_seek_tail(j);
1994 log_error_errno(r, "Failed to seek to tail: %m");
1995 return EXIT_FAILURE;
1998 r = sd_journal_previous_skip(j, arg_lines);
2000 } else if (arg_reverse) {
2001 r = sd_journal_seek_tail(j);
2003 log_error_errno(r, "Failed to seek to tail: %m");
2004 return EXIT_FAILURE;
2007 r = sd_journal_previous(j);
2010 r = sd_journal_seek_head(j);
2012 log_error_errno(r, "Failed to seek to head: %m");
2013 return EXIT_FAILURE;
2016 r = sd_journal_next(j);
2020 log_error_errno(r, "Failed to iterate through journal: %m");
2021 return EXIT_FAILURE;
2025 pager_open_if_enabled();
2029 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
2031 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
2033 log_error_errno(r, "Failed to get cutoff: %m");
2039 printf("-- Logs begin at %s. --\n",
2040 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2042 printf("-- Logs begin at %s, end at %s. --\n",
2043 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2044 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2049 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2054 r = sd_journal_next(j);
2056 r = sd_journal_previous(j);
2058 log_error_errno(r, "Failed to iterate through journal: %m");
2065 if (arg_until_set && !arg_reverse) {
2068 r = sd_journal_get_realtime_usec(j, &usec);
2070 log_error_errno(r, "Failed to determine timestamp: %m");
2073 if (usec > arg_until)
2077 if (arg_since_set && arg_reverse) {
2080 r = sd_journal_get_realtime_usec(j, &usec);
2082 log_error_errno(r, "Failed to determine timestamp: %m");
2085 if (usec < arg_since)
2089 if (!arg_merge && !arg_quiet) {
2092 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2094 if (previous_boot_id_valid &&
2095 !sd_id128_equal(boot_id, previous_boot_id))
2096 printf("%s-- Reboot --%s\n",
2097 ansi_highlight(), ansi_highlight_off());
2099 previous_boot_id = boot_id;
2100 previous_boot_id_valid = true;
2105 arg_all * OUTPUT_SHOW_ALL |
2106 arg_full * OUTPUT_FULL_WIDTH |
2107 on_tty() * OUTPUT_COLOR |
2108 arg_catalog * OUTPUT_CATALOG |
2109 arg_utc * OUTPUT_UTC;
2111 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2113 if (r == -EADDRNOTAVAIL)
2115 else if (r < 0 || ferror(stdout))
2122 if (arg_show_cursor) {
2123 _cleanup_free_ char *cursor = NULL;
2125 r = sd_journal_get_cursor(j, &cursor);
2126 if (r < 0 && r != -EADDRNOTAVAIL)
2127 log_error_errno(r, "Failed to get cursor: %m");
2129 printf("-- cursor: %s\n", cursor);
2135 r = sd_journal_wait(j, (uint64_t) -1);
2137 log_error_errno(r, "Couldn't wait for journal event: %m");
2147 strv_free(arg_file);
2149 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;