1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/ioctl.h>
43 #include "systemd/sd-journal.h"
46 #include "logs-show.h"
48 #include "path-util.h"
54 #include "journal-internal.h"
55 #include "journal-def.h"
56 #include "journal-verify.h"
57 #include "journal-authenticate.h"
58 #include "journal-qrcode.h"
60 #include "unit-name.h"
63 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
65 static OutputMode arg_output = OUTPUT_SHORT;
66 static bool arg_utc = false;
67 static bool arg_pager_end = false;
68 static bool arg_follow = false;
69 static bool arg_full = true;
70 static bool arg_all = false;
71 static bool arg_no_pager = false;
72 static int arg_lines = -2;
73 static bool arg_no_tail = false;
74 static bool arg_quiet = false;
75 static bool arg_merge = false;
76 static bool arg_boot = false;
77 static sd_id128_t arg_boot_id = {};
78 static int arg_boot_offset = 0;
79 static bool arg_dmesg = false;
80 static const char *arg_cursor = NULL;
81 static const char *arg_after_cursor = NULL;
82 static bool arg_show_cursor = false;
83 static const char *arg_directory = NULL;
84 static char **arg_file = NULL;
85 static int arg_priorities = 0xFF;
86 static const char *arg_verify_key = NULL;
88 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
89 static bool arg_force = false;
91 static usec_t arg_since, arg_until;
92 static bool arg_since_set = false, arg_until_set = false;
93 static char **arg_syslog_identifier = NULL;
94 static char **arg_system_units = NULL;
95 static char **arg_user_units = NULL;
96 static const char *arg_field = NULL;
97 static bool arg_catalog = false;
98 static bool arg_reverse = false;
99 static int arg_journal_type = 0;
100 static const char *arg_root = NULL;
101 static const char *arg_machine = NULL;
112 ACTION_UPDATE_CATALOG,
114 } arg_action = ACTION_SHOW;
116 typedef struct boot_id_t {
122 static void pager_open_if_enabled(void) {
127 pager_open(arg_pager_end);
130 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
131 sd_id128_t id = SD_ID128_NULL;
134 if (strlen(x) >= 32) {
138 r = sd_id128_from_string(t, &id);
142 if (*x != '-' && *x != '+' && *x != 0)
146 r = safe_atoi(x, &off);
151 r = safe_atoi(x, &off);
165 static void help(void) {
167 pager_open_if_enabled();
169 printf("%s [OPTIONS...] [MATCHES...]\n\n"
170 "Query the journal.\n\n"
172 " --system Show the system journal\n"
173 " --user Show the user journal for the current user\n"
174 " -M --machine=CONTAINER Operate on local container\n"
175 " --since=DATE Start showing entries on or newer than the specified date\n"
176 " --until=DATE Stop showing entries on or older than the specified date\n"
177 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
178 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
179 " --show-cursor Print the cursor after all the entries\n"
180 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
181 " --list-boots Show terse information about recorded boots\n"
182 " -k --dmesg Show kernel message log from the current boot\n"
183 " -u --unit=UNIT Show data only from the specified unit\n"
184 " --user-unit=UNIT Show data only from the specified user session unit\n"
185 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
186 " -p --priority=RANGE Show only messages within the specified priority range\n"
187 " -e --pager-end Immediately jump to end of the journal in the pager\n"
188 " -f --follow Follow the journal\n"
189 " -n --lines[=INTEGER] Number of journal entries to show\n"
190 " --no-tail Show all lines, even in follow mode\n"
191 " -r --reverse Show the newest entries first\n"
192 " -o --output=STRING Change journal output mode (short, short-iso,\n"
193 " short-precise, short-monotonic, verbose,\n"
194 " export, json, json-pretty, json-sse, cat)\n"
195 " --utc Express time in Coordinated Universal Time (UTC)\n"
196 " -x --catalog Add message explanations where available\n"
197 " --no-full Ellipsize fields\n"
198 " -a --all Show all fields, including long and unprintable\n"
199 " -q --quiet Do not show privilege warning\n"
200 " --no-pager Do not pipe output into a pager\n"
201 " -m --merge Show entries from all available journals\n"
202 " -D --directory=PATH Show journal files from directory\n"
203 " --file=PATH Show journal file\n"
204 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
206 " --interval=TIME Time interval for changing the FSS sealing key\n"
207 " --verify-key=KEY Specify FSS verification key\n"
208 " --force Force overriding of the FSS key pair with --setup-keys\n"
211 " -h --help Show this help text\n"
212 " --version Show package version\n"
213 " --new-id128 Generate a new 128-bit ID\n"
214 " --header Show journal header information\n"
215 " --disk-usage Show total disk usage of all journal files\n"
216 " -F --field=FIELD List all values that a specified field takes\n"
217 " --list-catalog Show message IDs of all entries in the message catalog\n"
218 " --dump-catalog Show entries in the message catalog\n"
219 " --update-catalog Update the message catalog database\n"
221 " --setup-keys Generate a new FSS key pair\n"
222 " --verify Verify journal file consistency\n"
224 , program_invocation_short_name);
227 static int parse_argv(int argc, char *argv[]) {
258 static const struct option options[] = {
259 { "help", no_argument, NULL, 'h' },
260 { "version" , no_argument, NULL, ARG_VERSION },
261 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
262 { "pager-end", no_argument, NULL, 'e' },
263 { "follow", no_argument, NULL, 'f' },
264 { "force", no_argument, NULL, ARG_FORCE },
265 { "output", required_argument, NULL, 'o' },
266 { "all", no_argument, NULL, 'a' },
267 { "full", no_argument, NULL, 'l' },
268 { "no-full", no_argument, NULL, ARG_NO_FULL },
269 { "lines", optional_argument, NULL, 'n' },
270 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
271 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
272 { "quiet", no_argument, NULL, 'q' },
273 { "merge", no_argument, NULL, 'm' },
274 { "boot", optional_argument, NULL, 'b' },
275 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
276 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
277 { "dmesg", no_argument, NULL, 'k' },
278 { "system", no_argument, NULL, ARG_SYSTEM },
279 { "user", no_argument, NULL, ARG_USER },
280 { "directory", required_argument, NULL, 'D' },
281 { "file", required_argument, NULL, ARG_FILE },
282 { "root", required_argument, NULL, ARG_ROOT },
283 { "header", no_argument, NULL, ARG_HEADER },
284 { "identifier", required_argument, NULL, 't' },
285 { "priority", required_argument, NULL, 'p' },
286 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
287 { "interval", required_argument, NULL, ARG_INTERVAL },
288 { "verify", no_argument, NULL, ARG_VERIFY },
289 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
290 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
291 { "cursor", required_argument, NULL, 'c' },
292 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
293 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
294 { "since", required_argument, NULL, ARG_SINCE },
295 { "until", required_argument, NULL, ARG_UNTIL },
296 { "unit", required_argument, NULL, 'u' },
297 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
298 { "field", required_argument, NULL, 'F' },
299 { "catalog", no_argument, NULL, 'x' },
300 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
301 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
302 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
303 { "reverse", no_argument, NULL, 'r' },
304 { "machine", required_argument, NULL, 'M' },
305 { "utc", no_argument, NULL, ARG_UTC },
314 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
323 puts(PACKAGE_STRING);
324 puts(SYSTEMD_FEATURES);
332 arg_pager_end = true;
344 arg_output = output_mode_from_string(optarg);
345 if (arg_output < 0) {
346 log_error("Unknown output format '%s'.", optarg);
350 if (arg_output == OUTPUT_EXPORT ||
351 arg_output == OUTPUT_JSON ||
352 arg_output == OUTPUT_JSON_PRETTY ||
353 arg_output == OUTPUT_JSON_SSE ||
354 arg_output == OUTPUT_CAT)
373 if (streq(optarg, "all"))
376 r = safe_atoi(optarg, &arg_lines);
377 if (r < 0 || arg_lines < 0) {
378 log_error("Failed to parse lines '%s'", optarg);
385 /* Hmm, no argument? Maybe the next
386 * word on the command line is
387 * supposed to be the argument? Let's
388 * see if there is one, and is
392 if (streq(argv[optind], "all")) {
395 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
409 arg_action = ACTION_NEW_ID128;
424 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
426 log_error("Failed to parse boot descriptor '%s'", optarg);
431 /* Hmm, no argument? Maybe the next
432 * word on the command line is
433 * supposed to be the argument? Let's
434 * see if there is one and is parsable
435 * as a boot descriptor... */
438 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
445 arg_action = ACTION_LIST_BOOTS;
449 arg_boot = arg_dmesg = true;
453 arg_journal_type |= SD_JOURNAL_SYSTEM;
457 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
461 arg_machine = optarg;
465 arg_directory = optarg;
469 r = glob_extend(&arg_file, optarg);
471 log_error("Failed to add paths: %s", strerror(-r));
484 case ARG_AFTER_CURSOR:
485 arg_after_cursor = optarg;
488 case ARG_SHOW_CURSOR:
489 arg_show_cursor = true;
493 arg_action = ACTION_PRINT_HEADER;
497 arg_action = ACTION_VERIFY;
501 arg_action = ACTION_DISK_USAGE;
510 arg_action = ACTION_SETUP_KEYS;
515 arg_action = ACTION_VERIFY;
516 arg_verify_key = optarg;
521 r = parse_sec(optarg, &arg_interval);
522 if (r < 0 || arg_interval <= 0) {
523 log_error("Failed to parse sealing key change interval: %s", optarg);
532 log_error("Forward-secure sealing not available.");
539 dots = strstr(optarg, "..");
545 a = strndup(optarg, dots - optarg);
549 from = log_level_from_string(a);
550 to = log_level_from_string(dots + 2);
553 if (from < 0 || to < 0) {
554 log_error("Failed to parse log level range %s", optarg);
561 for (i = from; i <= to; i++)
562 arg_priorities |= 1 << i;
564 for (i = to; i <= from; i++)
565 arg_priorities |= 1 << i;
571 p = log_level_from_string(optarg);
573 log_error("Unknown log level %s", optarg);
579 for (i = 0; i <= p; i++)
580 arg_priorities |= 1 << i;
587 r = parse_timestamp(optarg, &arg_since);
589 log_error("Failed to parse timestamp: %s", optarg);
592 arg_since_set = true;
596 r = parse_timestamp(optarg, &arg_until);
598 log_error("Failed to parse timestamp: %s", optarg);
601 arg_until_set = true;
605 r = strv_extend(&arg_syslog_identifier, optarg);
611 r = strv_extend(&arg_system_units, optarg);
617 r = strv_extend(&arg_user_units, optarg);
630 case ARG_LIST_CATALOG:
631 arg_action = ACTION_LIST_CATALOG;
634 case ARG_DUMP_CATALOG:
635 arg_action = ACTION_DUMP_CATALOG;
638 case ARG_UPDATE_CATALOG:
639 arg_action = ACTION_UPDATE_CATALOG;
654 assert_not_reached("Unhandled option");
657 if (arg_follow && !arg_no_tail && arg_lines < -1)
660 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
661 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
665 if (arg_since_set && arg_until_set && arg_since > arg_until) {
666 log_error("--since= must be before --until=.");
670 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
671 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
675 if (arg_follow && arg_reverse) {
676 log_error("Please specify either --reverse= or --follow=, not both.");
680 if (arg_action != ACTION_SHOW && optind < argc) {
681 log_error("Extraneous arguments starting with '%s'", argv[optind]);
688 static int generate_new_id128(void) {
693 r = sd_id128_randomize(&id);
695 log_error("Failed to generate ID: %s", strerror(-r));
699 printf("As string:\n"
700 SD_ID128_FORMAT_STR "\n\n"
702 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
704 "#define MESSAGE_XYZ SD_ID128_MAKE(",
705 SD_ID128_FORMAT_VAL(id),
706 SD_ID128_FORMAT_VAL(id));
707 for (i = 0; i < 16; i++)
708 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
709 fputs(")\n\n", stdout);
711 printf("As Python constant:\n"
713 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
714 SD_ID128_FORMAT_VAL(id));
719 static int add_matches(sd_journal *j, char **args) {
721 bool have_term = false;
725 STRV_FOREACH(i, args) {
728 if (streq(*i, "+")) {
731 r = sd_journal_add_disjunction(j);
734 } else if (path_is_absolute(*i)) {
735 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
737 _cleanup_free_ char *interpreter = NULL;
740 p = canonicalize_file_name(*i);
743 if (stat(path, &st) < 0) {
744 log_error("Couldn't stat file: %m");
748 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
749 if (executable_is_script(path, &interpreter) > 0) {
750 _cleanup_free_ char *comm;
752 comm = strndup(basename(path), 15);
756 t = strappend("_COMM=", comm);
758 /* Append _EXE only if the interpreter is not a link.
759 Otherwise, it might be outdated often. */
760 if (lstat(interpreter, &st) == 0 &&
761 !S_ISLNK(st.st_mode)) {
762 t2 = strappend("_EXE=", interpreter);
767 t = strappend("_EXE=", path);
768 } else if (S_ISCHR(st.st_mode)) {
769 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
771 minor(st.st_rdev)) < 0)
773 } else if (S_ISBLK(st.st_mode)) {
774 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
776 minor(st.st_rdev)) < 0)
779 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
786 r = sd_journal_add_match(j, t, 0);
788 r = sd_journal_add_match(j, t2, 0);
792 r = sd_journal_add_match(j, *i, 0);
797 log_error("Failed to add match '%s': %s", *i, strerror(-r));
802 if (!strv_isempty(args) && !have_term) {
803 log_error("\"+\" can only be used between terms");
810 static int boot_id_cmp(const void *a, const void *b) {
813 _a = ((const boot_id_t *)a)->first;
814 _b = ((const boot_id_t *)b)->first;
816 return _a < _b ? -1 : (_a > _b ? 1 : 0);
819 static int list_boots(sd_journal *j) {
822 unsigned int count = 0;
824 size_t length, allocated = 0;
826 _cleanup_free_ boot_id_t *all_ids = NULL;
828 r = sd_journal_query_unique(j, "_BOOT_ID");
832 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
833 if (length < strlen("_BOOT_ID="))
836 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
839 id = &all_ids[count];
841 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
845 r = sd_journal_add_match(j, data, length);
849 r = sd_journal_seek_head(j);
853 r = sd_journal_next(j);
859 r = sd_journal_get_realtime_usec(j, &id->first);
863 r = sd_journal_seek_tail(j);
867 r = sd_journal_previous(j);
873 r = sd_journal_get_realtime_usec(j, &id->last);
879 sd_journal_flush_matches(j);
882 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
884 /* numbers are one less, but we need an extra char for the sign */
885 w = DECIMAL_STR_WIDTH(count - 1) + 1;
887 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
888 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
890 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
892 SD_ID128_FORMAT_VAL(id->id),
893 format_timestamp(a, sizeof(a), id->first),
894 format_timestamp(b, sizeof(b), id->last));
900 static int get_relative_boot_id(sd_journal *j, sd_id128_t *boot_id, int relative) {
903 unsigned int count = 0;
904 size_t length, allocated = 0;
905 boot_id_t ref_boot_id = {SD_ID128_NULL}, *id;
906 _cleanup_free_ boot_id_t *all_ids = NULL;
911 r = sd_journal_query_unique(j, "_BOOT_ID");
915 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
916 if (length < strlen("_BOOT_ID="))
919 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
922 id = &all_ids[count];
924 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
928 r = sd_journal_add_match(j, data, length);
932 r = sd_journal_seek_head(j);
936 r = sd_journal_next(j);
942 r = sd_journal_get_realtime_usec(j, &id->first);
946 if (sd_id128_equal(id->id, *boot_id))
951 sd_journal_flush_matches(j);
954 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
956 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
957 if (relative > (int) count || relative <= -(int)count)
958 return -EADDRNOTAVAIL;
960 *boot_id = all_ids[(relative <= 0)*count + relative - 1].id;
962 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
965 relative <= 0 ? (id - all_ids) + relative < 0 :
966 (id - all_ids) + relative >= (int) count)
967 return -EADDRNOTAVAIL;
969 *boot_id = (id + relative)->id;
975 static int add_boot(sd_journal *j) {
976 char match[9+32+1] = "_BOOT_ID=";
984 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
985 return add_match_this_boot(j, arg_machine);
987 r = get_relative_boot_id(j, &arg_boot_id, arg_boot_offset);
989 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
990 log_error("Failed to look up boot %+i: %s", arg_boot_offset, strerror(-r));
992 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
993 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
997 sd_id128_to_string(arg_boot_id, match + 9);
999 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1001 log_error("Failed to add match: %s", strerror(-r));
1005 r = sd_journal_add_conjunction(j);
1012 static int add_dmesg(sd_journal *j) {
1019 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1021 log_error("Failed to add match: %s", strerror(-r));
1025 r = sd_journal_add_conjunction(j);
1032 static int get_possible_units(sd_journal *j,
1036 _cleanup_set_free_free_ Set *found;
1040 found = set_new(&string_hash_ops);
1044 NULSTR_FOREACH(field, fields) {
1048 r = sd_journal_query_unique(j, field);
1052 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1053 char **pattern, *eq;
1055 _cleanup_free_ char *u = NULL;
1057 eq = memchr(data, '=', size);
1059 prefix = eq - (char*) data + 1;
1063 u = strndup((char*) data + prefix, size - prefix);
1067 STRV_FOREACH(pattern, patterns)
1068 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1069 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1071 r = set_consume(found, u);
1073 if (r < 0 && r != -EEXIST)
1086 /* This list is supposed to return the superset of unit names
1087 * possibly matched by rules added with add_matches_for_unit... */
1088 #define SYSTEM_UNITS \
1092 "OBJECT_SYSTEMD_UNIT\0" \
1095 /* ... and add_matches_for_user_unit */
1096 #define USER_UNITS \
1097 "_SYSTEMD_USER_UNIT\0" \
1099 "COREDUMP_USER_UNIT\0" \
1100 "OBJECT_SYSTEMD_USER_UNIT\0"
1102 static int add_units(sd_journal *j) {
1103 _cleanup_strv_free_ char **patterns = NULL;
1109 STRV_FOREACH(i, arg_system_units) {
1110 _cleanup_free_ char *u = NULL;
1112 u = unit_name_mangle(*i, MANGLE_GLOB);
1116 if (string_is_glob(u)) {
1117 r = strv_push(&patterns, u);
1122 r = add_matches_for_unit(j, u);
1125 r = sd_journal_add_disjunction(j);
1132 if (!strv_isempty(patterns)) {
1133 _cleanup_set_free_free_ Set *units = NULL;
1137 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1141 SET_FOREACH(u, units, it) {
1142 r = add_matches_for_unit(j, u);
1145 r = sd_journal_add_disjunction(j);
1152 strv_free(patterns);
1155 STRV_FOREACH(i, arg_user_units) {
1156 _cleanup_free_ char *u = NULL;
1158 u = unit_name_mangle(*i, MANGLE_GLOB);
1162 if (string_is_glob(u)) {
1163 r = strv_push(&patterns, u);
1168 r = add_matches_for_user_unit(j, u, getuid());
1171 r = sd_journal_add_disjunction(j);
1178 if (!strv_isempty(patterns)) {
1179 _cleanup_set_free_free_ Set *units = NULL;
1183 r = get_possible_units(j, USER_UNITS, patterns, &units);
1187 SET_FOREACH(u, units, it) {
1188 r = add_matches_for_user_unit(j, u, getuid());
1191 r = sd_journal_add_disjunction(j);
1198 /* Complain if the user request matches but nothing whatsoever was
1199 * found, since otherwise everything would be matched. */
1200 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1203 r = sd_journal_add_conjunction(j);
1210 static int add_priorities(sd_journal *j) {
1211 char match[] = "PRIORITY=0";
1215 if (arg_priorities == 0xFF)
1218 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1219 if (arg_priorities & (1 << i)) {
1220 match[sizeof(match)-2] = '0' + i;
1222 r = sd_journal_add_match(j, match, strlen(match));
1224 log_error("Failed to add match: %s", strerror(-r));
1229 r = sd_journal_add_conjunction(j);
1237 static int add_syslog_identifier(sd_journal *j) {
1243 STRV_FOREACH(i, arg_syslog_identifier) {
1246 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1247 r = sd_journal_add_match(j, u, 0);
1250 r = sd_journal_add_disjunction(j);
1255 r = sd_journal_add_conjunction(j);
1262 static int setup_keys(void) {
1264 size_t mpk_size, seed_size, state_size, i;
1265 uint8_t *mpk, *seed, *state;
1267 int fd = -1, r, attr = 0;
1268 sd_id128_t machine, boot;
1269 char *p = NULL, *k = NULL;
1274 r = stat("/var/log/journal", &st);
1275 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
1276 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
1280 if (r < 0 || !S_ISDIR(st.st_mode)) {
1281 log_error("%s is not a directory, must be using persistent logging for FSS.",
1282 "/var/log/journal");
1283 return r < 0 ? -errno : -ENOTDIR;
1286 r = sd_id128_get_machine(&machine);
1288 log_error("Failed to get machine ID: %s", strerror(-r));
1292 r = sd_id128_get_boot(&boot);
1294 log_error("Failed to get boot ID: %s", strerror(-r));
1298 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1299 SD_ID128_FORMAT_VAL(machine)) < 0)
1302 if (access(p, F_OK) >= 0) {
1306 log_error("unlink(\"%s\") failed: %m", p);
1311 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1317 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1318 SD_ID128_FORMAT_VAL(machine)) < 0) {
1323 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1324 mpk = alloca(mpk_size);
1326 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1327 seed = alloca(seed_size);
1329 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1330 state = alloca(state_size);
1332 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1334 log_error("Failed to open /dev/random: %m");
1339 log_info("Generating seed...");
1340 l = loop_read(fd, seed, seed_size, true);
1341 if (l < 0 || (size_t) l != seed_size) {
1342 log_error("Failed to read random seed: %s", strerror(EIO));
1347 log_info("Generating key pair...");
1348 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1350 log_info("Generating sealing key...");
1351 FSPRG_GenState0(state, mpk, seed, seed_size);
1353 assert(arg_interval > 0);
1355 n = now(CLOCK_REALTIME);
1359 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1361 log_error("Failed to open %s: %m", k);
1366 /* Enable secure remove, exclusion from dump, synchronous
1367 * writing and in-place updating */
1368 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1369 log_warning("FS_IOC_GETFLAGS failed: %m");
1371 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1373 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1374 log_warning("FS_IOC_SETFLAGS failed: %m");
1377 memcpy(h.signature, "KSHHRHLP", 8);
1378 h.machine_id = machine;
1380 h.header_size = htole64(sizeof(h));
1381 h.start_usec = htole64(n * arg_interval);
1382 h.interval_usec = htole64(arg_interval);
1383 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1384 h.fsprg_state_size = htole64(state_size);
1386 l = loop_write(fd, &h, sizeof(h), false);
1387 if (l < 0 || (size_t) l != sizeof(h)) {
1388 log_error("Failed to write header: %s", strerror(EIO));
1393 l = loop_write(fd, state, state_size, false);
1394 if (l < 0 || (size_t) l != state_size) {
1395 log_error("Failed to write state: %s", strerror(EIO));
1400 if (link(k, p) < 0) {
1401 log_error("Failed to link file: %m");
1409 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1410 "the following local file. This key file is automatically updated when the\n"
1411 "sealing key is advanced. It should not be used on multiple hosts.\n"
1415 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1416 "at a safe location and should not be saved locally on disk.\n"
1417 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1420 for (i = 0; i < seed_size; i++) {
1421 if (i > 0 && i % 3 == 0)
1423 printf("%02x", ((uint8_t*) seed)[i]);
1426 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1429 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1432 ANSI_HIGHLIGHT_OFF "\n"
1433 "The sealing key is automatically changed every %s.\n",
1434 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1436 hn = gethostname_malloc();
1439 hostname_cleanup(hn, false);
1440 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1442 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1444 #ifdef HAVE_QRENCODE
1445 /* If this is not an UTF-8 system don't print any QR codes */
1446 if (is_locale_utf8()) {
1447 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1448 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1468 log_error("Forward-secure sealing not available.");
1473 static int verify(sd_journal *j) {
1480 log_show_color(true);
1482 HASHMAP_FOREACH(f, j->files, i) {
1484 usec_t first, validated, last;
1487 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1488 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1491 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1493 /* If the key was invalid give up right-away. */
1496 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1499 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1500 log_info("PASS: %s", f->path);
1502 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1503 if (validated > 0) {
1504 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1505 format_timestamp(a, sizeof(a), first),
1506 format_timestamp(b, sizeof(b), validated),
1507 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1508 } else if (last > 0)
1509 log_info("=> No sealing yet, %s of entries not sealed.",
1510 format_timespan(c, sizeof(c), last - first, 0));
1512 log_info("=> No sealing yet, no entries in file.");
1521 static int access_check_var_log_journal(sd_journal *j) {
1522 _cleanup_strv_free_ char **g = NULL;
1528 have_access = in_group("systemd-journal") > 0;
1531 /* Let's enumerate all groups from the default ACL of
1532 * the directory, which generally should allow access
1533 * to most journal files too */
1534 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1541 if (strv_isempty(g))
1542 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1543 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1544 " turn off this notice.");
1546 _cleanup_free_ char *s = NULL;
1548 r = strv_extend(&g, "systemd-journal");
1555 s = strv_join(g, "', '");
1559 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1560 " Users in the groups '%s' can see all messages.\n"
1561 " Pass -q to turn off this notice.", s);
1569 static int access_check(sd_journal *j) {
1576 if (set_isempty(j->errors)) {
1577 if (hashmap_isempty(j->files))
1578 log_notice("No journal files were found.");
1582 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1584 /* If /var/log/journal doesn't even exist,
1585 * unprivileged users have no access at all */
1586 if (access("/var/log/journal", F_OK) < 0 &&
1588 in_group("systemd-journal") <= 0) {
1589 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1590 "enabled. Users in the 'systemd-journal' group may always access messages.");
1594 /* If /var/log/journal exists, try to pring a nice
1595 notice if the user lacks access to it */
1596 if (!arg_quiet && geteuid() != 0) {
1597 r = access_check_var_log_journal(j);
1602 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1603 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1604 "group may access messages.");
1609 if (hashmap_isempty(j->files)) {
1610 log_error("No journal files were opened due to insufficient permissions.");
1615 SET_FOREACH(code, j->errors, it) {
1618 err = -PTR_TO_INT(code);
1622 log_warning("Error was encountered while opening journal files: %s",
1629 int main(int argc, char *argv[]) {
1631 _cleanup_journal_close_ sd_journal *j = NULL;
1632 bool need_seek = false;
1633 sd_id128_t previous_boot_id;
1634 bool previous_boot_id_valid = false, first_line = true;
1636 bool ellipsized = false;
1638 setlocale(LC_ALL, "");
1639 log_parse_environment();
1642 r = parse_argv(argc, argv);
1646 signal(SIGWINCH, columns_lines_cache_reset);
1648 if (arg_action == ACTION_NEW_ID128) {
1649 r = generate_new_id128();
1653 if (arg_action == ACTION_SETUP_KEYS) {
1658 if (arg_action == ACTION_UPDATE_CATALOG ||
1659 arg_action == ACTION_LIST_CATALOG ||
1660 arg_action == ACTION_DUMP_CATALOG) {
1662 _cleanup_free_ char *database;
1664 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1670 if (arg_action == ACTION_UPDATE_CATALOG) {
1671 r = catalog_update(database, arg_root, catalog_file_dirs);
1673 log_error("Failed to list catalog: %s", strerror(-r));
1675 bool oneline = arg_action == ACTION_LIST_CATALOG;
1678 r = catalog_list_items(stdout, database,
1679 oneline, argv + optind);
1681 r = catalog_list(stdout, database, oneline);
1683 log_error("Failed to list catalog: %s", strerror(-r));
1690 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1692 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1693 else if (arg_machine)
1694 r = sd_journal_open_container(&j, arg_machine, 0);
1696 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1698 log_error("Failed to open %s: %s",
1699 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1701 return EXIT_FAILURE;
1704 r = access_check(j);
1706 return EXIT_FAILURE;
1708 if (arg_action == ACTION_VERIFY) {
1713 if (arg_action == ACTION_PRINT_HEADER) {
1714 journal_print_header(j);
1715 return EXIT_SUCCESS;
1718 if (arg_action == ACTION_DISK_USAGE) {
1720 char sbytes[FORMAT_BYTES_MAX];
1722 r = sd_journal_get_usage(j, &bytes);
1724 return EXIT_FAILURE;
1726 printf("Journals take up %s on disk.\n",
1727 format_bytes(sbytes, sizeof(sbytes), bytes));
1728 return EXIT_SUCCESS;
1731 if (arg_action == ACTION_LIST_BOOTS) {
1736 /* add_boot() must be called first!
1737 * It may need to seek the journal to find parent boot IDs. */
1740 return EXIT_FAILURE;
1744 return EXIT_FAILURE;
1747 strv_free(arg_system_units);
1748 strv_free(arg_user_units);
1751 log_error("Failed to add filter for units: %s", strerror(-r));
1752 return EXIT_FAILURE;
1755 r = add_syslog_identifier(j);
1757 log_error("Failed to add filter for syslog identifiers: %s", strerror(-r));
1758 return EXIT_FAILURE;
1761 r = add_priorities(j);
1763 log_error("Failed to add filter for priorities: %s", strerror(-r));
1764 return EXIT_FAILURE;
1767 r = add_matches(j, argv + optind);
1769 log_error("Failed to add filters: %s", strerror(-r));
1770 return EXIT_FAILURE;
1773 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1774 _cleanup_free_ char *filter;
1776 filter = journal_make_match_string(j);
1777 log_debug("Journal filter: %s", filter);
1784 r = sd_journal_set_data_threshold(j, 0);
1786 log_error("Failed to unset data size threshold");
1787 return EXIT_FAILURE;
1790 r = sd_journal_query_unique(j, arg_field);
1792 log_error("Failed to query unique data objects: %s", strerror(-r));
1793 return EXIT_FAILURE;
1796 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1799 if (arg_lines >= 0 && n_shown >= arg_lines)
1802 eq = memchr(data, '=', size);
1804 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1806 printf("%.*s\n", (int) size, (const char*) data);
1811 return EXIT_SUCCESS;
1814 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1816 r = sd_journal_get_fd(j);
1818 return EXIT_FAILURE;
1821 if (arg_cursor || arg_after_cursor) {
1822 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1824 log_error("Failed to seek to cursor: %s", strerror(-r));
1825 return EXIT_FAILURE;
1828 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1830 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1832 if (arg_after_cursor && r < 2 && !arg_follow)
1833 /* We couldn't find the next entry after the cursor. */
1836 } else if (arg_since_set && !arg_reverse) {
1837 r = sd_journal_seek_realtime_usec(j, arg_since);
1839 log_error("Failed to seek to date: %s", strerror(-r));
1840 return EXIT_FAILURE;
1842 r = sd_journal_next(j);
1844 } else if (arg_until_set && arg_reverse) {
1845 r = sd_journal_seek_realtime_usec(j, arg_until);
1847 log_error("Failed to seek to date: %s", strerror(-r));
1848 return EXIT_FAILURE;
1850 r = sd_journal_previous(j);
1852 } else if (arg_lines >= 0) {
1853 r = sd_journal_seek_tail(j);
1855 log_error("Failed to seek to tail: %s", strerror(-r));
1856 return EXIT_FAILURE;
1859 r = sd_journal_previous_skip(j, arg_lines);
1861 } else if (arg_reverse) {
1862 r = sd_journal_seek_tail(j);
1864 log_error("Failed to seek to tail: %s", strerror(-r));
1865 return EXIT_FAILURE;
1868 r = sd_journal_previous(j);
1871 r = sd_journal_seek_head(j);
1873 log_error("Failed to seek to head: %s", strerror(-r));
1874 return EXIT_FAILURE;
1877 r = sd_journal_next(j);
1881 log_error("Failed to iterate through journal: %s", strerror(-r));
1882 return EXIT_FAILURE;
1886 pager_open_if_enabled();
1890 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1892 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1894 log_error("Failed to get cutoff: %s", strerror(-r));
1900 printf("-- Logs begin at %s. --\n",
1901 format_timestamp(start_buf, sizeof(start_buf), start));
1903 printf("-- Logs begin at %s, end at %s. --\n",
1904 format_timestamp(start_buf, sizeof(start_buf), start),
1905 format_timestamp(end_buf, sizeof(end_buf), end));
1910 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
1915 r = sd_journal_next(j);
1917 r = sd_journal_previous(j);
1919 log_error("Failed to iterate through journal: %s", strerror(-r));
1926 if (arg_until_set && !arg_reverse) {
1929 r = sd_journal_get_realtime_usec(j, &usec);
1931 log_error("Failed to determine timestamp: %s", strerror(-r));
1934 if (usec > arg_until)
1938 if (arg_since_set && arg_reverse) {
1941 r = sd_journal_get_realtime_usec(j, &usec);
1943 log_error("Failed to determine timestamp: %s", strerror(-r));
1946 if (usec < arg_since)
1950 if (!arg_merge && !arg_quiet) {
1953 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1955 if (previous_boot_id_valid &&
1956 !sd_id128_equal(boot_id, previous_boot_id))
1957 printf("%s-- Reboot --%s\n",
1958 ansi_highlight(), ansi_highlight_off());
1960 previous_boot_id = boot_id;
1961 previous_boot_id_valid = true;
1966 arg_all * OUTPUT_SHOW_ALL |
1967 arg_full * OUTPUT_FULL_WIDTH |
1968 on_tty() * OUTPUT_COLOR |
1969 arg_catalog * OUTPUT_CATALOG |
1970 arg_utc * OUTPUT_UTC;
1972 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
1974 if (r == -EADDRNOTAVAIL)
1976 else if (r < 0 || ferror(stdout))
1983 if (arg_show_cursor) {
1984 _cleanup_free_ char *cursor = NULL;
1986 r = sd_journal_get_cursor(j, &cursor);
1987 if (r < 0 && r != -EADDRNOTAVAIL)
1988 log_error("Failed to get cursor: %s", strerror(-r));
1990 printf("-- cursor: %s\n", cursor);
1996 r = sd_journal_wait(j, (uint64_t) -1);
1998 log_error("Couldn't wait for journal event: %s", strerror(-r));
2008 strv_free(arg_file);
2010 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;