1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/inotify.h>
38 #include "sd-journal.h"
42 #include "logs-show.h"
45 #include "path-util.h"
52 #include "journal-internal.h"
53 #include "journal-def.h"
54 #include "journal-verify.h"
55 #include "journal-qrcode.h"
56 #include "journal-vacuum.h"
58 #include "unit-name.h"
62 #include "bus-error.h"
64 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
67 /* Special values for arg_lines */
68 ARG_LINES_DEFAULT = -2,
72 static OutputMode arg_output = OUTPUT_SHORT;
73 static bool arg_utc = false;
74 static bool arg_pager_end = false;
75 static bool arg_follow = false;
76 static bool arg_full = true;
77 static bool arg_all = false;
78 static bool arg_no_pager = false;
79 static int arg_lines = ARG_LINES_DEFAULT;
80 static bool arg_no_tail = false;
81 static bool arg_quiet = false;
82 static bool arg_merge = false;
83 static bool arg_boot = false;
84 static sd_id128_t arg_boot_id = {};
85 static int arg_boot_offset = 0;
86 static bool arg_dmesg = false;
87 static const char *arg_cursor = NULL;
88 static const char *arg_after_cursor = NULL;
89 static bool arg_show_cursor = false;
90 static const char *arg_directory = NULL;
91 static char **arg_file = NULL;
92 static int arg_priorities = 0xFF;
93 static const char *arg_verify_key = NULL;
95 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
96 static bool arg_force = false;
98 static usec_t arg_since, arg_until;
99 static bool arg_since_set = false, arg_until_set = false;
100 static char **arg_syslog_identifier = NULL;
101 static char **arg_system_units = NULL;
102 static char **arg_user_units = NULL;
103 static const char *arg_field = NULL;
104 static bool arg_catalog = false;
105 static bool arg_reverse = false;
106 static int arg_journal_type = 0;
107 static const char *arg_root = NULL;
108 static const char *arg_machine = NULL;
109 static off_t arg_vacuum_size = (off_t) -1;
110 static usec_t arg_vacuum_time = USEC_INFINITY;
121 ACTION_UPDATE_CATALOG,
125 } arg_action = ACTION_SHOW;
127 typedef struct boot_id_t {
133 static void pager_open_if_enabled(void) {
138 pager_open(arg_pager_end);
141 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
144 return format_timestamp_utc(buf, l, t);
146 return format_timestamp(buf, l, t);
149 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
150 sd_id128_t id = SD_ID128_NULL;
153 if (strlen(x) >= 32) {
157 r = sd_id128_from_string(t, &id);
161 if (*x != '-' && *x != '+' && *x != 0)
165 r = safe_atoi(x, &off);
170 r = safe_atoi(x, &off);
184 static void help(void) {
186 pager_open_if_enabled();
188 printf("%s [OPTIONS...] [MATCHES...]\n\n"
189 "Query the journal.\n\n"
191 " --system Show the system journal\n"
192 " --user Show the user journal for the current user\n"
193 " -M --machine=CONTAINER Operate on local container\n"
194 " --since=DATE Show entries not older than the specified date\n"
195 " --until=DATE Show entries not newer than the specified date\n"
196 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
197 " --after-cursor=CURSOR Show entries after the specified cursor\n"
198 " --show-cursor Print the cursor after all the entries\n"
199 " -b --boot[=ID] Show current boot or the specified boot\n"
200 " --list-boots Show terse information about recorded boots\n"
201 " -k --dmesg Show kernel message log from the current boot\n"
202 " -u --unit=UNIT Show logs from the specified unit\n"
203 " --user-unit=UNIT Show logs from the specified user unit\n"
204 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
205 " -p --priority=RANGE Show entries with the specified priority\n"
206 " -e --pager-end Immediately jump to the end in the pager\n"
207 " -f --follow Follow the journal\n"
208 " -n --lines[=INTEGER] Number of journal entries to show\n"
209 " --no-tail Show all lines, even in follow mode\n"
210 " -r --reverse Show the newest entries first\n"
211 " -o --output=STRING Change journal output mode (short, short-iso,\n"
212 " short-precise, short-monotonic, verbose,\n"
213 " export, json, json-pretty, json-sse, cat)\n"
214 " --utc Express time in Coordinated Universal Time (UTC)\n"
215 " -x --catalog Add message explanations where available\n"
216 " --no-full Ellipsize fields\n"
217 " -a --all Show all fields, including long and unprintable\n"
218 " -q --quiet Do not show privilege warning\n"
219 " --no-pager Do not pipe output into a pager\n"
220 " -m --merge Show entries from all available journals\n"
221 " -D --directory=PATH Show journal files from directory\n"
222 " --file=PATH Show journal file\n"
223 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
225 " --interval=TIME Time interval for changing the FSS sealing key\n"
226 " --verify-key=KEY Specify FSS verification key\n"
227 " --force Override of the FSS key pair with --setup-keys\n"
230 " -h --help Show this help text\n"
231 " --version Show package version\n"
232 " -F --field=FIELD List all values that a specified field takes\n"
233 " --new-id128 Generate a new 128-bit ID\n"
234 " --disk-usage Show total disk usage of all journal files\n"
235 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
236 " --vacuum-time=TIME Remove journal files older than specified date\n"
237 " --flush Flush all journal data from /run into /var\n"
238 " --header Show journal header information\n"
239 " --list-catalog Show all message IDs in the catalog\n"
240 " --dump-catalog Show entries in the message catalog\n"
241 " --update-catalog Update the message catalog database\n"
243 " --setup-keys Generate a new FSS key pair\n"
244 " --verify Verify journal file consistency\n"
246 , program_invocation_short_name);
249 static int parse_argv(int argc, char *argv[]) {
283 static const struct option options[] = {
284 { "help", no_argument, NULL, 'h' },
285 { "version" , no_argument, NULL, ARG_VERSION },
286 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
287 { "pager-end", no_argument, NULL, 'e' },
288 { "follow", no_argument, NULL, 'f' },
289 { "force", no_argument, NULL, ARG_FORCE },
290 { "output", required_argument, NULL, 'o' },
291 { "all", no_argument, NULL, 'a' },
292 { "full", no_argument, NULL, 'l' },
293 { "no-full", no_argument, NULL, ARG_NO_FULL },
294 { "lines", optional_argument, NULL, 'n' },
295 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
296 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
297 { "quiet", no_argument, NULL, 'q' },
298 { "merge", no_argument, NULL, 'm' },
299 { "boot", optional_argument, NULL, 'b' },
300 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
301 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
302 { "dmesg", no_argument, NULL, 'k' },
303 { "system", no_argument, NULL, ARG_SYSTEM },
304 { "user", no_argument, NULL, ARG_USER },
305 { "directory", required_argument, NULL, 'D' },
306 { "file", required_argument, NULL, ARG_FILE },
307 { "root", required_argument, NULL, ARG_ROOT },
308 { "header", no_argument, NULL, ARG_HEADER },
309 { "identifier", required_argument, NULL, 't' },
310 { "priority", required_argument, NULL, 'p' },
311 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
312 { "interval", required_argument, NULL, ARG_INTERVAL },
313 { "verify", no_argument, NULL, ARG_VERIFY },
314 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
315 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
316 { "cursor", required_argument, NULL, 'c' },
317 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
318 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
319 { "since", required_argument, NULL, ARG_SINCE },
320 { "until", required_argument, NULL, ARG_UNTIL },
321 { "unit", required_argument, NULL, 'u' },
322 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
323 { "field", required_argument, NULL, 'F' },
324 { "catalog", no_argument, NULL, 'x' },
325 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
326 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
327 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
328 { "reverse", no_argument, NULL, 'r' },
329 { "machine", required_argument, NULL, 'M' },
330 { "utc", no_argument, NULL, ARG_UTC },
331 { "flush", no_argument, NULL, ARG_FLUSH },
332 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
333 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
342 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
351 puts(PACKAGE_STRING);
352 puts(SYSTEMD_FEATURES);
360 arg_pager_end = true;
362 if (arg_lines == ARG_LINES_DEFAULT)
372 arg_output = output_mode_from_string(optarg);
373 if (arg_output < 0) {
374 log_error("Unknown output format '%s'.", optarg);
378 if (arg_output == OUTPUT_EXPORT ||
379 arg_output == OUTPUT_JSON ||
380 arg_output == OUTPUT_JSON_PRETTY ||
381 arg_output == OUTPUT_JSON_SSE ||
382 arg_output == OUTPUT_CAT)
401 if (streq(optarg, "all"))
402 arg_lines = ARG_LINES_ALL;
404 r = safe_atoi(optarg, &arg_lines);
405 if (r < 0 || arg_lines < 0) {
406 log_error("Failed to parse lines '%s'", optarg);
413 /* Hmm, no argument? Maybe the next
414 * word on the command line is
415 * supposed to be the argument? Let's
416 * see if there is one, and is
420 if (streq(argv[optind], "all")) {
421 arg_lines = ARG_LINES_ALL;
423 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
437 arg_action = ACTION_NEW_ID128;
452 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
454 log_error("Failed to parse boot descriptor '%s'", optarg);
459 /* Hmm, no argument? Maybe the next
460 * word on the command line is
461 * supposed to be the argument? Let's
462 * see if there is one and is parsable
463 * as a boot descriptor... */
466 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
473 arg_action = ACTION_LIST_BOOTS;
477 arg_boot = arg_dmesg = true;
481 arg_journal_type |= SD_JOURNAL_SYSTEM;
485 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
489 arg_machine = optarg;
493 arg_directory = optarg;
497 r = glob_extend(&arg_file, optarg);
499 return log_error_errno(r, "Failed to add paths: %m");
510 case ARG_AFTER_CURSOR:
511 arg_after_cursor = optarg;
514 case ARG_SHOW_CURSOR:
515 arg_show_cursor = true;
519 arg_action = ACTION_PRINT_HEADER;
523 arg_action = ACTION_VERIFY;
527 arg_action = ACTION_DISK_USAGE;
530 case ARG_VACUUM_SIZE:
531 r = parse_size(optarg, 1024, &arg_vacuum_size);
533 log_error("Failed to parse vacuum size: %s", optarg);
537 arg_action = ACTION_VACUUM;
540 case ARG_VACUUM_TIME:
541 r = parse_sec(optarg, &arg_vacuum_time);
543 log_error("Failed to parse vacuum time: %s", optarg);
547 arg_action = ACTION_VACUUM;
556 arg_action = ACTION_SETUP_KEYS;
561 arg_action = ACTION_VERIFY;
562 arg_verify_key = optarg;
567 r = parse_sec(optarg, &arg_interval);
568 if (r < 0 || arg_interval <= 0) {
569 log_error("Failed to parse sealing key change interval: %s", optarg);
578 log_error("Forward-secure sealing not available.");
585 dots = strstr(optarg, "..");
591 a = strndup(optarg, dots - optarg);
595 from = log_level_from_string(a);
596 to = log_level_from_string(dots + 2);
599 if (from < 0 || to < 0) {
600 log_error("Failed to parse log level range %s", optarg);
607 for (i = from; i <= to; i++)
608 arg_priorities |= 1 << i;
610 for (i = to; i <= from; i++)
611 arg_priorities |= 1 << i;
617 p = log_level_from_string(optarg);
619 log_error("Unknown log level %s", optarg);
625 for (i = 0; i <= p; i++)
626 arg_priorities |= 1 << i;
633 r = parse_timestamp(optarg, &arg_since);
635 log_error("Failed to parse timestamp: %s", optarg);
638 arg_since_set = true;
642 r = parse_timestamp(optarg, &arg_until);
644 log_error("Failed to parse timestamp: %s", optarg);
647 arg_until_set = true;
651 r = strv_extend(&arg_syslog_identifier, optarg);
657 r = strv_extend(&arg_system_units, optarg);
663 r = strv_extend(&arg_user_units, optarg);
676 case ARG_LIST_CATALOG:
677 arg_action = ACTION_LIST_CATALOG;
680 case ARG_DUMP_CATALOG:
681 arg_action = ACTION_DUMP_CATALOG;
684 case ARG_UPDATE_CATALOG:
685 arg_action = ACTION_UPDATE_CATALOG;
697 arg_action = ACTION_FLUSH;
704 assert_not_reached("Unhandled option");
707 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
710 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
711 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
715 if (arg_since_set && arg_until_set && arg_since > arg_until) {
716 log_error("--since= must be before --until=.");
720 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
721 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
725 if (arg_follow && arg_reverse) {
726 log_error("Please specify either --reverse= or --follow=, not both.");
730 if (arg_action != ACTION_SHOW && optind < argc) {
731 log_error("Extraneous arguments starting with '%s'", argv[optind]);
738 static int generate_new_id128(void) {
743 r = sd_id128_randomize(&id);
745 return log_error_errno(r, "Failed to generate ID: %m");
747 printf("As string:\n"
748 SD_ID128_FORMAT_STR "\n\n"
750 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
752 "#define MESSAGE_XYZ SD_ID128_MAKE(",
753 SD_ID128_FORMAT_VAL(id),
754 SD_ID128_FORMAT_VAL(id));
755 for (i = 0; i < 16; i++)
756 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
757 fputs(")\n\n", stdout);
759 printf("As Python constant:\n"
761 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
762 SD_ID128_FORMAT_VAL(id));
767 static int add_matches(sd_journal *j, char **args) {
769 bool have_term = false;
773 STRV_FOREACH(i, args) {
776 if (streq(*i, "+")) {
779 r = sd_journal_add_disjunction(j);
782 } else if (path_is_absolute(*i)) {
783 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
785 _cleanup_free_ char *interpreter = NULL;
788 p = canonicalize_file_name(*i);
791 if (stat(path, &st) < 0)
792 return log_error_errno(errno, "Couldn't stat file: %m");
794 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
795 if (executable_is_script(path, &interpreter) > 0) {
796 _cleanup_free_ char *comm;
798 comm = strndup(basename(path), 15);
802 t = strappend("_COMM=", comm);
804 /* Append _EXE only if the interpreter is not a link.
805 Otherwise, it might be outdated often. */
806 if (lstat(interpreter, &st) == 0 &&
807 !S_ISLNK(st.st_mode)) {
808 t2 = strappend("_EXE=", interpreter);
813 t = strappend("_EXE=", path);
814 } else if (S_ISCHR(st.st_mode)) {
815 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
817 minor(st.st_rdev)) < 0)
819 } else if (S_ISBLK(st.st_mode)) {
820 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
822 minor(st.st_rdev)) < 0)
825 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
832 r = sd_journal_add_match(j, t, 0);
834 r = sd_journal_add_match(j, t2, 0);
838 r = sd_journal_add_match(j, *i, 0);
843 return log_error_errno(r, "Failed to add match '%s': %m", *i);
846 if (!strv_isempty(args) && !have_term) {
847 log_error("\"+\" can only be used between terms");
854 static int boot_id_cmp(const void *a, const void *b) {
857 _a = ((const boot_id_t *)a)->first;
858 _b = ((const boot_id_t *)b)->first;
860 return _a < _b ? -1 : (_a > _b ? 1 : 0);
863 static int get_boots(sd_journal *j,
866 boot_id_t *query_ref_boot) {
869 size_t length, allocated = 0;
875 r = sd_journal_query_unique(j, "_BOOT_ID");
880 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
883 assert(startswith(data, "_BOOT_ID="));
885 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
888 id = *boots + *count;
890 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
894 r = sd_journal_add_match(j, data, length);
898 r = sd_journal_seek_head(j);
902 r = sd_journal_next(j);
908 r = sd_journal_get_realtime_usec(j, &id->first);
912 if (query_ref_boot) {
914 if (sd_id128_equal(id->id, query_ref_boot->id))
915 *query_ref_boot = *id;
917 r = sd_journal_seek_tail(j);
921 r = sd_journal_previous(j);
927 r = sd_journal_get_realtime_usec(j, &id->last);
934 sd_journal_flush_matches(j);
937 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
941 static int list_boots(sd_journal *j) {
945 _cleanup_free_ boot_id_t *all_ids = NULL;
949 r = get_boots(j, &all_ids, &count, NULL);
953 pager_open_if_enabled();
955 /* numbers are one less, but we need an extra char for the sign */
956 w = DECIMAL_STR_WIDTH(count - 1) + 1;
958 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
959 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
961 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
963 SD_ID128_FORMAT_VAL(id->id),
964 format_timestamp_maybe_utc(a, sizeof(a), id->first),
965 format_timestamp_maybe_utc(b, sizeof(b), id->last));
971 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
974 boot_id_t ref_boot_id = {}, *id;
975 _cleanup_free_ boot_id_t *all_ids = NULL;
980 ref_boot_id.id = *boot_id;
981 r = get_boots(j, &all_ids, &count, &ref_boot_id);
985 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
986 if (offset > (int) count || offset <= -(int)count)
987 return -EADDRNOTAVAIL;
989 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
991 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
994 offset <= 0 ? (id - all_ids) + offset < 0 :
995 (id - all_ids) + offset >= (int) count)
996 return -EADDRNOTAVAIL;
998 *boot_id = (id + offset)->id;
1004 static int add_boot(sd_journal *j) {
1005 char match[9+32+1] = "_BOOT_ID=";
1013 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1014 return add_match_this_boot(j, arg_machine);
1016 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1018 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1019 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1021 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1022 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1026 sd_id128_to_string(arg_boot_id, match + 9);
1028 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1030 return log_error_errno(r, "Failed to add match: %m");
1032 r = sd_journal_add_conjunction(j);
1039 static int add_dmesg(sd_journal *j) {
1046 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1048 return log_error_errno(r, "Failed to add match: %m");
1050 r = sd_journal_add_conjunction(j);
1057 static int get_possible_units(sd_journal *j,
1061 _cleanup_set_free_free_ Set *found;
1065 found = set_new(&string_hash_ops);
1069 NULSTR_FOREACH(field, fields) {
1073 r = sd_journal_query_unique(j, field);
1077 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1078 char **pattern, *eq;
1080 _cleanup_free_ char *u = NULL;
1082 eq = memchr(data, '=', size);
1084 prefix = eq - (char*) data + 1;
1088 u = strndup((char*) data + prefix, size - prefix);
1092 STRV_FOREACH(pattern, patterns)
1093 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1094 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1096 r = set_consume(found, u);
1098 if (r < 0 && r != -EEXIST)
1111 /* This list is supposed to return the superset of unit names
1112 * possibly matched by rules added with add_matches_for_unit... */
1113 #define SYSTEM_UNITS \
1117 "OBJECT_SYSTEMD_UNIT\0" \
1120 /* ... and add_matches_for_user_unit */
1121 #define USER_UNITS \
1122 "_SYSTEMD_USER_UNIT\0" \
1124 "COREDUMP_USER_UNIT\0" \
1125 "OBJECT_SYSTEMD_USER_UNIT\0"
1127 static int add_units(sd_journal *j) {
1128 _cleanup_strv_free_ char **patterns = NULL;
1134 STRV_FOREACH(i, arg_system_units) {
1135 _cleanup_free_ char *u = NULL;
1137 u = unit_name_mangle(*i, MANGLE_GLOB);
1141 if (string_is_glob(u)) {
1142 r = strv_push(&patterns, u);
1147 r = add_matches_for_unit(j, u);
1150 r = sd_journal_add_disjunction(j);
1157 if (!strv_isempty(patterns)) {
1158 _cleanup_set_free_free_ Set *units = NULL;
1162 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1166 SET_FOREACH(u, units, it) {
1167 r = add_matches_for_unit(j, u);
1170 r = sd_journal_add_disjunction(j);
1177 strv_free(patterns);
1180 STRV_FOREACH(i, arg_user_units) {
1181 _cleanup_free_ char *u = NULL;
1183 u = unit_name_mangle(*i, MANGLE_GLOB);
1187 if (string_is_glob(u)) {
1188 r = strv_push(&patterns, u);
1193 r = add_matches_for_user_unit(j, u, getuid());
1196 r = sd_journal_add_disjunction(j);
1203 if (!strv_isempty(patterns)) {
1204 _cleanup_set_free_free_ Set *units = NULL;
1208 r = get_possible_units(j, USER_UNITS, patterns, &units);
1212 SET_FOREACH(u, units, it) {
1213 r = add_matches_for_user_unit(j, u, getuid());
1216 r = sd_journal_add_disjunction(j);
1223 /* Complain if the user request matches but nothing whatsoever was
1224 * found, since otherwise everything would be matched. */
1225 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1228 r = sd_journal_add_conjunction(j);
1235 static int add_priorities(sd_journal *j) {
1236 char match[] = "PRIORITY=0";
1240 if (arg_priorities == 0xFF)
1243 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1244 if (arg_priorities & (1 << i)) {
1245 match[sizeof(match)-2] = '0' + i;
1247 r = sd_journal_add_match(j, match, strlen(match));
1249 return log_error_errno(r, "Failed to add match: %m");
1252 r = sd_journal_add_conjunction(j);
1260 static int add_syslog_identifier(sd_journal *j) {
1266 STRV_FOREACH(i, arg_syslog_identifier) {
1269 u = strjoina("SYSLOG_IDENTIFIER=", *i);
1270 r = sd_journal_add_match(j, u, 0);
1273 r = sd_journal_add_disjunction(j);
1278 r = sd_journal_add_conjunction(j);
1285 static int setup_keys(void) {
1287 size_t mpk_size, seed_size, state_size, i;
1288 uint8_t *mpk, *seed, *state;
1290 sd_id128_t machine, boot;
1291 char *p = NULL, *k = NULL;
1296 r = stat("/var/log/journal", &st);
1297 if (r < 0 && errno != ENOENT && errno != ENOTDIR)
1298 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1300 if (r < 0 || !S_ISDIR(st.st_mode)) {
1301 log_error("%s is not a directory, must be using persistent logging for FSS.",
1302 "/var/log/journal");
1303 return r < 0 ? -errno : -ENOTDIR;
1306 r = sd_id128_get_machine(&machine);
1308 return log_error_errno(r, "Failed to get machine ID: %m");
1310 r = sd_id128_get_boot(&boot);
1312 return log_error_errno(r, "Failed to get boot ID: %m");
1314 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1315 SD_ID128_FORMAT_VAL(machine)) < 0)
1320 if (r < 0 && errno != ENOENT) {
1321 r = log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1324 } else if (access(p, F_OK) >= 0) {
1325 log_error("Sealing key file %s exists already. Use --force to recreate.", p);
1330 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1331 SD_ID128_FORMAT_VAL(machine)) < 0) {
1336 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1337 mpk = alloca(mpk_size);
1339 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1340 seed = alloca(seed_size);
1342 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1343 state = alloca(state_size);
1345 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1347 log_error_errno(errno, "Failed to open /dev/random: %m");
1352 log_info("Generating seed...");
1353 r = loop_read_exact(fd, seed, seed_size, true);
1355 log_error_errno(r, "Failed to read random seed: %m");
1359 log_info("Generating key pair...");
1360 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1362 log_info("Generating sealing key...");
1363 FSPRG_GenState0(state, mpk, seed, seed_size);
1365 assert(arg_interval > 0);
1367 n = now(CLOCK_REALTIME);
1371 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1373 log_error_errno(errno, "Failed to open %s: %m", k);
1378 /* Enable secure remove, exclusion from dump, synchronous
1379 * writing and in-place updating */
1380 r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
1382 log_warning_errno(errno, "Failed to set file attributes: %m");
1385 memcpy(h.signature, "KSHHRHLP", 8);
1386 h.machine_id = machine;
1388 h.header_size = htole64(sizeof(h));
1389 h.start_usec = htole64(n * arg_interval);
1390 h.interval_usec = htole64(arg_interval);
1391 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1392 h.fsprg_state_size = htole64(state_size);
1394 r = loop_write(fd, &h, sizeof(h), false);
1396 log_error_errno(r, "Failed to write header: %m");
1400 r = loop_write(fd, state, state_size, false);
1402 log_error_errno(r, "Failed to write state: %m");
1406 if (link(k, p) < 0) {
1407 log_error_errno(errno, "Failed to link file: %m");
1415 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1416 "the following local file. This key file is automatically updated when the\n"
1417 "sealing key is advanced. It should not be used on multiple hosts.\n"
1421 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1422 "at a safe location and should not be saved locally on disk.\n"
1423 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1426 for (i = 0; i < seed_size; i++) {
1427 if (i > 0 && i % 3 == 0)
1429 printf("%02x", ((uint8_t*) seed)[i]);
1432 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1435 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1438 ANSI_HIGHLIGHT_OFF "\n"
1439 "The sealing key is automatically changed every %s.\n",
1440 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1442 hn = gethostname_malloc();
1445 hostname_cleanup(hn, false);
1446 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1448 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1450 #ifdef HAVE_QRENCODE
1451 /* If this is not an UTF-8 system don't print any QR codes */
1452 if (is_locale_utf8()) {
1453 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1454 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1474 log_error("Forward-secure sealing not available.");
1479 static int verify(sd_journal *j) {
1486 log_show_color(true);
1488 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1490 usec_t first, validated, last;
1493 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1494 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1497 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1499 /* If the key was invalid give up right-away. */
1502 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1505 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1506 log_info("PASS: %s", f->path);
1508 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1509 if (validated > 0) {
1510 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1511 format_timestamp_maybe_utc(a, sizeof(a), first),
1512 format_timestamp_maybe_utc(b, sizeof(b), validated),
1513 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1514 } else if (last > 0)
1515 log_info("=> No sealing yet, %s of entries not sealed.",
1516 format_timespan(c, sizeof(c), last - first, 0));
1518 log_info("=> No sealing yet, no entries in file.");
1527 static int access_check_var_log_journal(sd_journal *j) {
1528 _cleanup_strv_free_ char **g = NULL;
1534 have_access = in_group("systemd-journal") > 0;
1539 if (access("/run/log/journal", F_OK) >= 0)
1540 dir = "/run/log/journal";
1542 dir = "/var/log/journal";
1544 /* Let's enumerate all groups from the default ACL of
1545 * the directory, which generally should allow access
1546 * to most journal files too */
1547 r = search_acl_groups(&g, dir, &have_access);
1554 if (strv_isempty(g))
1555 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1556 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1557 " turn off this notice.");
1559 _cleanup_free_ char *s = NULL;
1561 r = strv_extend(&g, "systemd-journal");
1568 s = strv_join(g, "', '");
1572 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1573 " Users in groups '%s' can see all messages.\n"
1574 " Pass -q to turn off this notice.", s);
1582 static int access_check(sd_journal *j) {
1589 if (set_isempty(j->errors)) {
1590 if (ordered_hashmap_isempty(j->files))
1591 log_notice("No journal files were found.");
1595 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1597 /* If /run/log/journal or /var/log/journal exist, try
1598 to pring a nice notice if the user lacks access to it. */
1599 if (!arg_quiet && geteuid() != 0) {
1600 r = access_check_var_log_journal(j);
1605 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1606 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1607 "group may access messages.");
1612 if (ordered_hashmap_isempty(j->files)) {
1613 log_error("No journal files were opened due to insufficient permissions.");
1618 SET_FOREACH(code, j->errors, it) {
1621 err = -PTR_TO_INT(code);
1625 log_warning_errno(err, "Error was encountered while opening journal files: %m");
1631 static int flush_to_var(void) {
1632 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1633 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1634 _cleanup_close_ int watch_fd = -1;
1638 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1641 /* OK, let's actually do the full logic, send SIGUSR1 to the
1642 * daemon and set up inotify to wait for the flushed file to appear */
1643 r = bus_open_system_systemd(&bus);
1645 return log_error_errno(r, "Failed to get D-Bus connection: %m");
1647 r = sd_bus_call_method(
1649 "org.freedesktop.systemd1",
1650 "/org/freedesktop/systemd1",
1651 "org.freedesktop.systemd1.Manager",
1655 "ssi", "systemd-journald.service", "main", SIGUSR1);
1657 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1661 mkdir_p("/run/systemd/journal", 0755);
1663 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1665 return log_error_errno(errno, "Failed to create inotify watch: %m");
1667 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1669 return log_error_errno(errno, "Failed to watch journal directory: %m");
1672 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1675 if (errno != ENOENT)
1676 return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1678 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1680 return log_error_errno(r, "Failed to wait for event: %m");
1682 r = flush_fd(watch_fd);
1684 return log_error_errno(r, "Failed to flush inotify events: %m");
1690 int main(int argc, char *argv[]) {
1692 _cleanup_journal_close_ sd_journal *j = NULL;
1693 bool need_seek = false;
1694 sd_id128_t previous_boot_id;
1695 bool previous_boot_id_valid = false, first_line = true;
1697 bool ellipsized = false;
1699 setlocale(LC_ALL, "");
1700 log_parse_environment();
1703 r = parse_argv(argc, argv);
1707 signal(SIGWINCH, columns_lines_cache_reset);
1710 /* Increase max number of open files to 16K if we can, we
1711 * might needs this when browsing journal files, which might
1712 * be split up into many files. */
1713 setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
1715 if (arg_action == ACTION_NEW_ID128) {
1716 r = generate_new_id128();
1720 if (arg_action == ACTION_FLUSH) {
1725 if (arg_action == ACTION_SETUP_KEYS) {
1730 if (arg_action == ACTION_UPDATE_CATALOG ||
1731 arg_action == ACTION_LIST_CATALOG ||
1732 arg_action == ACTION_DUMP_CATALOG) {
1734 _cleanup_free_ char *database;
1736 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1742 if (arg_action == ACTION_UPDATE_CATALOG) {
1743 r = catalog_update(database, arg_root, catalog_file_dirs);
1745 log_error_errno(r, "Failed to list catalog: %m");
1747 bool oneline = arg_action == ACTION_LIST_CATALOG;
1750 r = catalog_list_items(stdout, database,
1751 oneline, argv + optind);
1753 r = catalog_list(stdout, database, oneline);
1755 log_error_errno(r, "Failed to list catalog: %m");
1762 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1764 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1765 else if (arg_machine)
1766 r = sd_journal_open_container(&j, arg_machine, 0);
1768 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1770 log_error_errno(r, "Failed to open %s: %m",
1771 arg_directory ? arg_directory : arg_file ? "files" : "journal");
1772 return EXIT_FAILURE;
1775 r = access_check(j);
1777 return EXIT_FAILURE;
1779 if (arg_action == ACTION_VERIFY) {
1784 if (arg_action == ACTION_PRINT_HEADER) {
1785 journal_print_header(j);
1786 return EXIT_SUCCESS;
1789 if (arg_action == ACTION_DISK_USAGE) {
1791 char sbytes[FORMAT_BYTES_MAX];
1793 r = sd_journal_get_usage(j, &bytes);
1795 return EXIT_FAILURE;
1797 printf("Archived and active journals take up %s on disk.\n",
1798 format_bytes(sbytes, sizeof(sbytes), bytes));
1799 return EXIT_SUCCESS;
1802 if (arg_action == ACTION_VACUUM) {
1806 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1812 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1814 log_error_errno(q, "Failed to vacuum: %m");
1819 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1822 if (arg_action == ACTION_LIST_BOOTS) {
1827 /* add_boot() must be called first!
1828 * It may need to seek the journal to find parent boot IDs. */
1831 return EXIT_FAILURE;
1835 return EXIT_FAILURE;
1838 strv_free(arg_system_units);
1839 strv_free(arg_user_units);
1842 log_error_errno(r, "Failed to add filter for units: %m");
1843 return EXIT_FAILURE;
1846 r = add_syslog_identifier(j);
1848 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1849 return EXIT_FAILURE;
1852 r = add_priorities(j);
1854 log_error_errno(r, "Failed to add filter for priorities: %m");
1855 return EXIT_FAILURE;
1858 r = add_matches(j, argv + optind);
1860 log_error_errno(r, "Failed to add filters: %m");
1861 return EXIT_FAILURE;
1864 if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1865 _cleanup_free_ char *filter;
1867 filter = journal_make_match_string(j);
1868 log_debug("Journal filter: %s", filter);
1875 r = sd_journal_set_data_threshold(j, 0);
1877 log_error("Failed to unset data size threshold");
1878 return EXIT_FAILURE;
1881 r = sd_journal_query_unique(j, arg_field);
1883 log_error_errno(r, "Failed to query unique data objects: %m");
1884 return EXIT_FAILURE;
1887 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1890 if (arg_lines >= 0 && n_shown >= arg_lines)
1893 eq = memchr(data, '=', size);
1895 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1897 printf("%.*s\n", (int) size, (const char*) data);
1902 return EXIT_SUCCESS;
1905 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1907 r = sd_journal_get_fd(j);
1909 return EXIT_FAILURE;
1912 if (arg_cursor || arg_after_cursor) {
1913 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1915 log_error_errno(r, "Failed to seek to cursor: %m");
1916 return EXIT_FAILURE;
1919 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1921 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1923 if (arg_after_cursor && r < 2) {
1924 /* We couldn't find the next entry after the cursor. */
1931 } else if (arg_since_set && !arg_reverse) {
1932 r = sd_journal_seek_realtime_usec(j, arg_since);
1934 log_error_errno(r, "Failed to seek to date: %m");
1935 return EXIT_FAILURE;
1937 r = sd_journal_next(j);
1939 } else if (arg_until_set && arg_reverse) {
1940 r = sd_journal_seek_realtime_usec(j, arg_until);
1942 log_error_errno(r, "Failed to seek to date: %m");
1943 return EXIT_FAILURE;
1945 r = sd_journal_previous(j);
1947 } else if (arg_lines >= 0) {
1948 r = sd_journal_seek_tail(j);
1950 log_error_errno(r, "Failed to seek to tail: %m");
1951 return EXIT_FAILURE;
1954 r = sd_journal_previous_skip(j, arg_lines);
1956 } else if (arg_reverse) {
1957 r = sd_journal_seek_tail(j);
1959 log_error_errno(r, "Failed to seek to tail: %m");
1960 return EXIT_FAILURE;
1963 r = sd_journal_previous(j);
1966 r = sd_journal_seek_head(j);
1968 log_error_errno(r, "Failed to seek to head: %m");
1969 return EXIT_FAILURE;
1972 r = sd_journal_next(j);
1976 log_error_errno(r, "Failed to iterate through journal: %m");
1977 return EXIT_FAILURE;
1981 pager_open_if_enabled();
1985 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1987 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1989 log_error_errno(r, "Failed to get cutoff: %m");
1995 printf("-- Logs begin at %s. --\n",
1996 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
1998 printf("-- Logs begin at %s, end at %s. --\n",
1999 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2000 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2005 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2010 r = sd_journal_next(j);
2012 r = sd_journal_previous(j);
2014 log_error_errno(r, "Failed to iterate through journal: %m");
2021 if (arg_until_set && !arg_reverse) {
2024 r = sd_journal_get_realtime_usec(j, &usec);
2026 log_error_errno(r, "Failed to determine timestamp: %m");
2029 if (usec > arg_until)
2033 if (arg_since_set && arg_reverse) {
2036 r = sd_journal_get_realtime_usec(j, &usec);
2038 log_error_errno(r, "Failed to determine timestamp: %m");
2041 if (usec < arg_since)
2045 if (!arg_merge && !arg_quiet) {
2048 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2050 if (previous_boot_id_valid &&
2051 !sd_id128_equal(boot_id, previous_boot_id))
2052 printf("%s-- Reboot --%s\n",
2053 ansi_highlight(), ansi_highlight_off());
2055 previous_boot_id = boot_id;
2056 previous_boot_id_valid = true;
2061 arg_all * OUTPUT_SHOW_ALL |
2062 arg_full * OUTPUT_FULL_WIDTH |
2063 on_tty() * OUTPUT_COLOR |
2064 arg_catalog * OUTPUT_CATALOG |
2065 arg_utc * OUTPUT_UTC;
2067 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2069 if (r == -EADDRNOTAVAIL)
2071 else if (r < 0 || ferror(stdout))
2078 if (arg_show_cursor) {
2079 _cleanup_free_ char *cursor = NULL;
2081 r = sd_journal_get_cursor(j, &cursor);
2082 if (r < 0 && r != -EADDRNOTAVAIL)
2083 log_error_errno(r, "Failed to get cursor: %m");
2085 printf("-- cursor: %s\n", cursor);
2091 r = sd_journal_wait(j, (uint64_t) -1);
2093 log_error_errno(r, "Couldn't wait for journal event: %m");
2103 strv_free(arg_file);
2105 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;