1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include <sys/ioctl.h>
37 #include <sys/inotify.h>
45 #include "sd-journal.h"
49 #include "logs-show.h"
51 #include "path-util.h"
57 #include "journal-internal.h"
58 #include "journal-def.h"
59 #include "journal-verify.h"
60 #include "journal-authenticate.h"
61 #include "journal-qrcode.h"
62 #include "journal-vacuum.h"
64 #include "unit-name.h"
68 #include "bus-error.h"
70 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
73 /* Special values for arg_lines */
74 ARG_LINES_DEFAULT = -2,
78 static OutputMode arg_output = OUTPUT_SHORT;
79 static bool arg_utc = false;
80 static bool arg_pager_end = false;
81 static bool arg_follow = false;
82 static bool arg_full = true;
83 static bool arg_all = false;
84 static bool arg_no_pager = false;
85 static int arg_lines = ARG_LINES_DEFAULT;
86 static bool arg_no_tail = false;
87 static bool arg_quiet = false;
88 static bool arg_merge = false;
89 static bool arg_boot = false;
90 static sd_id128_t arg_boot_id = {};
91 static int arg_boot_offset = 0;
92 static bool arg_dmesg = false;
93 static const char *arg_cursor = NULL;
94 static const char *arg_after_cursor = NULL;
95 static bool arg_show_cursor = false;
96 static const char *arg_directory = NULL;
97 static char **arg_file = NULL;
98 static int arg_priorities = 0xFF;
99 static const char *arg_verify_key = NULL;
101 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
102 static bool arg_force = false;
104 static usec_t arg_since, arg_until;
105 static bool arg_since_set = false, arg_until_set = false;
106 static char **arg_syslog_identifier = NULL;
107 static char **arg_system_units = NULL;
108 static char **arg_user_units = NULL;
109 static const char *arg_field = NULL;
110 static bool arg_catalog = false;
111 static bool arg_reverse = false;
112 static int arg_journal_type = 0;
113 static const char *arg_root = NULL;
114 static const char *arg_machine = NULL;
115 static off_t arg_vacuum_size = (off_t) -1;
116 static usec_t arg_vacuum_time = USEC_INFINITY;
127 ACTION_UPDATE_CATALOG,
131 } arg_action = ACTION_SHOW;
133 typedef struct boot_id_t {
139 static void pager_open_if_enabled(void) {
144 pager_open(arg_pager_end);
147 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
150 return format_timestamp_utc(buf, l, t);
152 return format_timestamp(buf, l, t);
155 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
156 sd_id128_t id = SD_ID128_NULL;
159 if (strlen(x) >= 32) {
163 r = sd_id128_from_string(t, &id);
167 if (*x != '-' && *x != '+' && *x != 0)
171 r = safe_atoi(x, &off);
176 r = safe_atoi(x, &off);
190 static void help(void) {
192 pager_open_if_enabled();
194 printf("%s [OPTIONS...] [MATCHES...]\n\n"
195 "Query the journal.\n\n"
197 " --system Show the system journal\n"
198 " --user Show the user journal for the current user\n"
199 " -M --machine=CONTAINER Operate on local container\n"
200 " --since=DATE Start showing entries on or newer than the specified date\n"
201 " --until=DATE Stop showing entries on or newer than the specified date\n"
202 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
203 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
204 " --show-cursor Print the cursor after all the entries\n"
205 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
206 " --list-boots Show terse information about recorded boots\n"
207 " -k --dmesg Show kernel message log from the current boot\n"
208 " -u --unit=UNIT Show data only from the specified unit\n"
209 " --user-unit=UNIT Show data only from the specified user session unit\n"
210 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
211 " -p --priority=RANGE Show only messages within the specified priority range\n"
212 " -e --pager-end Immediately jump to end of the journal in the pager\n"
213 " -f --follow Follow the journal\n"
214 " -n --lines[=INTEGER] Number of journal entries to show\n"
215 " --no-tail Show all lines, even in follow mode\n"
216 " -r --reverse Show the newest entries first\n"
217 " -o --output=STRING Change journal output mode (short, short-iso,\n"
218 " short-precise, short-monotonic, verbose,\n"
219 " export, json, json-pretty, json-sse, cat)\n"
220 " --utc Express time in Coordinated Universal Time (UTC)\n"
221 " -x --catalog Add message explanations where available\n"
222 " --no-full Ellipsize fields\n"
223 " -a --all Show all fields, including long and unprintable\n"
224 " -q --quiet Do not show privilege warning\n"
225 " --no-pager Do not pipe output into a pager\n"
226 " -m --merge Show entries from all available journals\n"
227 " -D --directory=PATH Show journal files from directory\n"
228 " --file=PATH Show journal file\n"
229 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
231 " --interval=TIME Time interval for changing the FSS sealing key\n"
232 " --verify-key=KEY Specify FSS verification key\n"
233 " --force Force overriding of the FSS key pair with --setup-keys\n"
236 " -h --help Show this help text\n"
237 " --version Show package version\n"
238 " -F --field=FIELD List all values that a specified field takes\n"
239 " --new-id128 Generate a new 128-bit ID\n"
240 " --disk-usage Show total disk usage of all journal files\n"
241 " --vacuum-size=BYTES Remove old journals until disk space drops below size\n"
242 " --vacuum-time=TIME Remove old journals until none left older than\n"
243 " --flush Flush all journal data from /run into /var\n"
244 " --header Show journal header information\n"
245 " --list-catalog Show message IDs of all entries in the message catalog\n"
246 " --dump-catalog Show entries in the message catalog\n"
247 " --update-catalog Update the message catalog database\n"
249 " --setup-keys Generate a new FSS key pair\n"
250 " --verify Verify journal file consistency\n"
252 , program_invocation_short_name);
255 static int parse_argv(int argc, char *argv[]) {
289 static const struct option options[] = {
290 { "help", no_argument, NULL, 'h' },
291 { "version" , no_argument, NULL, ARG_VERSION },
292 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
293 { "pager-end", no_argument, NULL, 'e' },
294 { "follow", no_argument, NULL, 'f' },
295 { "force", no_argument, NULL, ARG_FORCE },
296 { "output", required_argument, NULL, 'o' },
297 { "all", no_argument, NULL, 'a' },
298 { "full", no_argument, NULL, 'l' },
299 { "no-full", no_argument, NULL, ARG_NO_FULL },
300 { "lines", optional_argument, NULL, 'n' },
301 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
302 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
303 { "quiet", no_argument, NULL, 'q' },
304 { "merge", no_argument, NULL, 'm' },
305 { "boot", optional_argument, NULL, 'b' },
306 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
307 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
308 { "dmesg", no_argument, NULL, 'k' },
309 { "system", no_argument, NULL, ARG_SYSTEM },
310 { "user", no_argument, NULL, ARG_USER },
311 { "directory", required_argument, NULL, 'D' },
312 { "file", required_argument, NULL, ARG_FILE },
313 { "root", required_argument, NULL, ARG_ROOT },
314 { "header", no_argument, NULL, ARG_HEADER },
315 { "identifier", required_argument, NULL, 't' },
316 { "priority", required_argument, NULL, 'p' },
317 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
318 { "interval", required_argument, NULL, ARG_INTERVAL },
319 { "verify", no_argument, NULL, ARG_VERIFY },
320 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
321 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
322 { "cursor", required_argument, NULL, 'c' },
323 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
324 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
325 { "since", required_argument, NULL, ARG_SINCE },
326 { "until", required_argument, NULL, ARG_UNTIL },
327 { "unit", required_argument, NULL, 'u' },
328 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
329 { "field", required_argument, NULL, 'F' },
330 { "catalog", no_argument, NULL, 'x' },
331 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
332 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
333 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
334 { "reverse", no_argument, NULL, 'r' },
335 { "machine", required_argument, NULL, 'M' },
336 { "utc", no_argument, NULL, ARG_UTC },
337 { "flush", no_argument, NULL, ARG_FLUSH },
338 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
339 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
348 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
357 puts(PACKAGE_STRING);
358 puts(SYSTEMD_FEATURES);
366 arg_pager_end = true;
368 if (arg_lines == ARG_LINES_DEFAULT)
378 arg_output = output_mode_from_string(optarg);
379 if (arg_output < 0) {
380 log_error("Unknown output format '%s'.", optarg);
384 if (arg_output == OUTPUT_EXPORT ||
385 arg_output == OUTPUT_JSON ||
386 arg_output == OUTPUT_JSON_PRETTY ||
387 arg_output == OUTPUT_JSON_SSE ||
388 arg_output == OUTPUT_CAT)
407 if (streq(optarg, "all"))
408 arg_lines = ARG_LINES_ALL;
410 r = safe_atoi(optarg, &arg_lines);
411 if (r < 0 || arg_lines < 0) {
412 log_error("Failed to parse lines '%s'", optarg);
419 /* Hmm, no argument? Maybe the next
420 * word on the command line is
421 * supposed to be the argument? Let's
422 * see if there is one, and is
426 if (streq(argv[optind], "all")) {
427 arg_lines = ARG_LINES_ALL;
429 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
443 arg_action = ACTION_NEW_ID128;
458 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
460 log_error("Failed to parse boot descriptor '%s'", optarg);
465 /* Hmm, no argument? Maybe the next
466 * word on the command line is
467 * supposed to be the argument? Let's
468 * see if there is one and is parsable
469 * as a boot descriptor... */
472 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
479 arg_action = ACTION_LIST_BOOTS;
483 arg_boot = arg_dmesg = true;
487 arg_journal_type |= SD_JOURNAL_SYSTEM;
491 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
495 arg_machine = optarg;
499 arg_directory = optarg;
503 r = glob_extend(&arg_file, optarg);
505 return log_error_errno(r, "Failed to add paths: %m");
516 case ARG_AFTER_CURSOR:
517 arg_after_cursor = optarg;
520 case ARG_SHOW_CURSOR:
521 arg_show_cursor = true;
525 arg_action = ACTION_PRINT_HEADER;
529 arg_action = ACTION_VERIFY;
533 arg_action = ACTION_DISK_USAGE;
536 case ARG_VACUUM_SIZE:
537 r = parse_size(optarg, 1024, &arg_vacuum_size);
539 log_error("Failed to parse vacuum size: %s", optarg);
543 arg_action = ACTION_VACUUM;
546 case ARG_VACUUM_TIME:
547 r = parse_sec(optarg, &arg_vacuum_time);
549 log_error("Failed to parse vacuum time: %s", optarg);
553 arg_action = ACTION_VACUUM;
562 arg_action = ACTION_SETUP_KEYS;
567 arg_action = ACTION_VERIFY;
568 arg_verify_key = optarg;
573 r = parse_sec(optarg, &arg_interval);
574 if (r < 0 || arg_interval <= 0) {
575 log_error("Failed to parse sealing key change interval: %s", optarg);
584 log_error("Forward-secure sealing not available.");
591 dots = strstr(optarg, "..");
597 a = strndup(optarg, dots - optarg);
601 from = log_level_from_string(a);
602 to = log_level_from_string(dots + 2);
605 if (from < 0 || to < 0) {
606 log_error("Failed to parse log level range %s", optarg);
613 for (i = from; i <= to; i++)
614 arg_priorities |= 1 << i;
616 for (i = to; i <= from; i++)
617 arg_priorities |= 1 << i;
623 p = log_level_from_string(optarg);
625 log_error("Unknown log level %s", optarg);
631 for (i = 0; i <= p; i++)
632 arg_priorities |= 1 << i;
639 r = parse_timestamp(optarg, &arg_since);
641 log_error("Failed to parse timestamp: %s", optarg);
644 arg_since_set = true;
648 r = parse_timestamp(optarg, &arg_until);
650 log_error("Failed to parse timestamp: %s", optarg);
653 arg_until_set = true;
657 r = strv_extend(&arg_syslog_identifier, optarg);
663 r = strv_extend(&arg_system_units, optarg);
669 r = strv_extend(&arg_user_units, optarg);
682 case ARG_LIST_CATALOG:
683 arg_action = ACTION_LIST_CATALOG;
686 case ARG_DUMP_CATALOG:
687 arg_action = ACTION_DUMP_CATALOG;
690 case ARG_UPDATE_CATALOG:
691 arg_action = ACTION_UPDATE_CATALOG;
703 arg_action = ACTION_FLUSH;
710 assert_not_reached("Unhandled option");
713 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
716 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
717 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
721 if (arg_since_set && arg_until_set && arg_since > arg_until) {
722 log_error("--since= must be before --until=.");
726 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
727 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
731 if (arg_follow && arg_reverse) {
732 log_error("Please specify either --reverse= or --follow=, not both.");
736 if (arg_action != ACTION_SHOW && optind < argc) {
737 log_error("Extraneous arguments starting with '%s'", argv[optind]);
744 static int generate_new_id128(void) {
749 r = sd_id128_randomize(&id);
751 return log_error_errno(r, "Failed to generate ID: %m");
753 printf("As string:\n"
754 SD_ID128_FORMAT_STR "\n\n"
756 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
758 "#define MESSAGE_XYZ SD_ID128_MAKE(",
759 SD_ID128_FORMAT_VAL(id),
760 SD_ID128_FORMAT_VAL(id));
761 for (i = 0; i < 16; i++)
762 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
763 fputs(")\n\n", stdout);
765 printf("As Python constant:\n"
767 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
768 SD_ID128_FORMAT_VAL(id));
773 static int add_matches(sd_journal *j, char **args) {
775 bool have_term = false;
779 STRV_FOREACH(i, args) {
782 if (streq(*i, "+")) {
785 r = sd_journal_add_disjunction(j);
788 } else if (path_is_absolute(*i)) {
789 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
791 _cleanup_free_ char *interpreter = NULL;
794 p = canonicalize_file_name(*i);
797 if (stat(path, &st) < 0)
798 return log_error_errno(errno, "Couldn't stat file: %m");
800 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
801 if (executable_is_script(path, &interpreter) > 0) {
802 _cleanup_free_ char *comm;
804 comm = strndup(basename(path), 15);
808 t = strappend("_COMM=", comm);
810 /* Append _EXE only if the interpreter is not a link.
811 Otherwise, it might be outdated often. */
812 if (lstat(interpreter, &st) == 0 &&
813 !S_ISLNK(st.st_mode)) {
814 t2 = strappend("_EXE=", interpreter);
819 t = strappend("_EXE=", path);
820 } else if (S_ISCHR(st.st_mode)) {
821 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
823 minor(st.st_rdev)) < 0)
825 } else if (S_ISBLK(st.st_mode)) {
826 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
828 minor(st.st_rdev)) < 0)
831 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
838 r = sd_journal_add_match(j, t, 0);
840 r = sd_journal_add_match(j, t2, 0);
844 r = sd_journal_add_match(j, *i, 0);
849 return log_error_errno(r, "Failed to add match '%s': %m", *i);
852 if (!strv_isempty(args) && !have_term) {
853 log_error("\"+\" can only be used between terms");
860 static int boot_id_cmp(const void *a, const void *b) {
863 _a = ((const boot_id_t *)a)->first;
864 _b = ((const boot_id_t *)b)->first;
866 return _a < _b ? -1 : (_a > _b ? 1 : 0);
869 static int get_boots(sd_journal *j,
872 boot_id_t *query_ref_boot) {
875 size_t length, allocated = 0;
881 r = sd_journal_query_unique(j, "_BOOT_ID");
886 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
889 assert(startswith(data, "_BOOT_ID="));
891 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
894 id = *boots + *count;
896 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
900 r = sd_journal_add_match(j, data, length);
904 r = sd_journal_seek_head(j);
908 r = sd_journal_next(j);
914 r = sd_journal_get_realtime_usec(j, &id->first);
918 if (query_ref_boot) {
920 if (sd_id128_equal(id->id, query_ref_boot->id))
921 *query_ref_boot = *id;
923 r = sd_journal_seek_tail(j);
927 r = sd_journal_previous(j);
933 r = sd_journal_get_realtime_usec(j, &id->last);
940 sd_journal_flush_matches(j);
943 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
947 static int list_boots(sd_journal *j) {
951 _cleanup_free_ boot_id_t *all_ids = NULL;
955 r = get_boots(j, &all_ids, &count, NULL);
959 pager_open_if_enabled();
961 /* numbers are one less, but we need an extra char for the sign */
962 w = DECIMAL_STR_WIDTH(count - 1) + 1;
964 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
965 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
967 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
969 SD_ID128_FORMAT_VAL(id->id),
970 format_timestamp_maybe_utc(a, sizeof(a), id->first),
971 format_timestamp_maybe_utc(b, sizeof(b), id->last));
977 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
980 boot_id_t ref_boot_id = {}, *id;
981 _cleanup_free_ boot_id_t *all_ids = NULL;
986 ref_boot_id.id = *boot_id;
987 r = get_boots(j, &all_ids, &count, &ref_boot_id);
991 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
992 if (offset > (int) count || offset <= -(int)count)
993 return -EADDRNOTAVAIL;
995 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
997 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
1000 offset <= 0 ? (id - all_ids) + offset < 0 :
1001 (id - all_ids) + offset >= (int) count)
1002 return -EADDRNOTAVAIL;
1004 *boot_id = (id + offset)->id;
1010 static int add_boot(sd_journal *j) {
1011 char match[9+32+1] = "_BOOT_ID=";
1019 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1020 return add_match_this_boot(j, arg_machine);
1022 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1024 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1025 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1027 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1028 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1032 sd_id128_to_string(arg_boot_id, match + 9);
1034 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1036 return log_error_errno(r, "Failed to add match: %m");
1038 r = sd_journal_add_conjunction(j);
1045 static int add_dmesg(sd_journal *j) {
1052 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1054 return log_error_errno(r, "Failed to add match: %m");
1056 r = sd_journal_add_conjunction(j);
1063 static int get_possible_units(sd_journal *j,
1067 _cleanup_set_free_free_ Set *found;
1071 found = set_new(&string_hash_ops);
1075 NULSTR_FOREACH(field, fields) {
1079 r = sd_journal_query_unique(j, field);
1083 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1084 char **pattern, *eq;
1086 _cleanup_free_ char *u = NULL;
1088 eq = memchr(data, '=', size);
1090 prefix = eq - (char*) data + 1;
1094 u = strndup((char*) data + prefix, size - prefix);
1098 STRV_FOREACH(pattern, patterns)
1099 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1100 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1102 r = set_consume(found, u);
1104 if (r < 0 && r != -EEXIST)
1117 /* This list is supposed to return the superset of unit names
1118 * possibly matched by rules added with add_matches_for_unit... */
1119 #define SYSTEM_UNITS \
1123 "OBJECT_SYSTEMD_UNIT\0" \
1126 /* ... and add_matches_for_user_unit */
1127 #define USER_UNITS \
1128 "_SYSTEMD_USER_UNIT\0" \
1130 "COREDUMP_USER_UNIT\0" \
1131 "OBJECT_SYSTEMD_USER_UNIT\0"
1133 static int add_units(sd_journal *j) {
1134 _cleanup_strv_free_ char **patterns = NULL;
1140 STRV_FOREACH(i, arg_system_units) {
1141 _cleanup_free_ char *u = NULL;
1143 u = unit_name_mangle(*i, MANGLE_GLOB);
1147 if (string_is_glob(u)) {
1148 r = strv_push(&patterns, u);
1153 r = add_matches_for_unit(j, u);
1156 r = sd_journal_add_disjunction(j);
1163 if (!strv_isempty(patterns)) {
1164 _cleanup_set_free_free_ Set *units = NULL;
1168 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1172 SET_FOREACH(u, units, it) {
1173 r = add_matches_for_unit(j, u);
1176 r = sd_journal_add_disjunction(j);
1183 strv_free(patterns);
1186 STRV_FOREACH(i, arg_user_units) {
1187 _cleanup_free_ char *u = NULL;
1189 u = unit_name_mangle(*i, MANGLE_GLOB);
1193 if (string_is_glob(u)) {
1194 r = strv_push(&patterns, u);
1199 r = add_matches_for_user_unit(j, u, getuid());
1202 r = sd_journal_add_disjunction(j);
1209 if (!strv_isempty(patterns)) {
1210 _cleanup_set_free_free_ Set *units = NULL;
1214 r = get_possible_units(j, USER_UNITS, patterns, &units);
1218 SET_FOREACH(u, units, it) {
1219 r = add_matches_for_user_unit(j, u, getuid());
1222 r = sd_journal_add_disjunction(j);
1229 /* Complain if the user request matches but nothing whatsoever was
1230 * found, since otherwise everything would be matched. */
1231 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1234 r = sd_journal_add_conjunction(j);
1241 static int add_priorities(sd_journal *j) {
1242 char match[] = "PRIORITY=0";
1246 if (arg_priorities == 0xFF)
1249 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1250 if (arg_priorities & (1 << i)) {
1251 match[sizeof(match)-2] = '0' + i;
1253 r = sd_journal_add_match(j, match, strlen(match));
1255 return log_error_errno(r, "Failed to add match: %m");
1258 r = sd_journal_add_conjunction(j);
1266 static int add_syslog_identifier(sd_journal *j) {
1272 STRV_FOREACH(i, arg_syslog_identifier) {
1275 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1276 r = sd_journal_add_match(j, u, 0);
1279 r = sd_journal_add_disjunction(j);
1284 r = sd_journal_add_conjunction(j);
1291 static int setup_keys(void) {
1293 size_t mpk_size, seed_size, state_size, i;
1294 uint8_t *mpk, *seed, *state;
1296 int fd = -1, r, attr = 0;
1297 sd_id128_t machine, boot;
1298 char *p = NULL, *k = NULL;
1303 r = stat("/var/log/journal", &st);
1304 if (r < 0 && errno != ENOENT && errno != ENOTDIR)
1305 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1307 if (r < 0 || !S_ISDIR(st.st_mode)) {
1308 log_error("%s is not a directory, must be using persistent logging for FSS.",
1309 "/var/log/journal");
1310 return r < 0 ? -errno : -ENOTDIR;
1313 r = sd_id128_get_machine(&machine);
1315 return log_error_errno(r, "Failed to get machine ID: %m");
1317 r = sd_id128_get_boot(&boot);
1319 return log_error_errno(r, "Failed to get boot ID: %m");
1321 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1322 SD_ID128_FORMAT_VAL(machine)) < 0)
1325 if (access(p, F_OK) >= 0) {
1329 log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1334 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1340 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1341 SD_ID128_FORMAT_VAL(machine)) < 0) {
1346 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1347 mpk = alloca(mpk_size);
1349 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1350 seed = alloca(seed_size);
1352 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1353 state = alloca(state_size);
1355 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1357 log_error_errno(errno, "Failed to open /dev/random: %m");
1362 log_info("Generating seed...");
1363 l = loop_read(fd, seed, seed_size, true);
1364 if (l < 0 || (size_t) l != seed_size) {
1365 log_error_errno(EIO, "Failed to read random seed: %m");
1370 log_info("Generating key pair...");
1371 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1373 log_info("Generating sealing key...");
1374 FSPRG_GenState0(state, mpk, seed, seed_size);
1376 assert(arg_interval > 0);
1378 n = now(CLOCK_REALTIME);
1382 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1384 log_error_errno(errno, "Failed to open %s: %m", k);
1389 /* Enable secure remove, exclusion from dump, synchronous
1390 * writing and in-place updating */
1391 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1392 log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m");
1394 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1396 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1397 log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m");
1400 memcpy(h.signature, "KSHHRHLP", 8);
1401 h.machine_id = machine;
1403 h.header_size = htole64(sizeof(h));
1404 h.start_usec = htole64(n * arg_interval);
1405 h.interval_usec = htole64(arg_interval);
1406 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1407 h.fsprg_state_size = htole64(state_size);
1409 l = loop_write(fd, &h, sizeof(h), false);
1410 if (l < 0 || (size_t) l != sizeof(h)) {
1411 log_error_errno(EIO, "Failed to write header: %m");
1416 l = loop_write(fd, state, state_size, false);
1417 if (l < 0 || (size_t) l != state_size) {
1418 log_error_errno(EIO, "Failed to write state: %m");
1423 if (link(k, p) < 0) {
1424 log_error_errno(errno, "Failed to link file: %m");
1432 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1433 "the following local file. This key file is automatically updated when the\n"
1434 "sealing key is advanced. It should not be used on multiple hosts.\n"
1438 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1439 "at a safe location and should not be saved locally on disk.\n"
1440 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1443 for (i = 0; i < seed_size; i++) {
1444 if (i > 0 && i % 3 == 0)
1446 printf("%02x", ((uint8_t*) seed)[i]);
1449 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1452 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1455 ANSI_HIGHLIGHT_OFF "\n"
1456 "The sealing key is automatically changed every %s.\n",
1457 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1459 hn = gethostname_malloc();
1462 hostname_cleanup(hn, false);
1463 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1465 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1467 #ifdef HAVE_QRENCODE
1468 /* If this is not an UTF-8 system don't print any QR codes */
1469 if (is_locale_utf8()) {
1470 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1471 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1491 log_error("Forward-secure sealing not available.");
1496 static int verify(sd_journal *j) {
1503 log_show_color(true);
1505 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1507 usec_t first, validated, last;
1510 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1511 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1514 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1516 /* If the key was invalid give up right-away. */
1519 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1522 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1523 log_info("PASS: %s", f->path);
1525 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1526 if (validated > 0) {
1527 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1528 format_timestamp_maybe_utc(a, sizeof(a), first),
1529 format_timestamp_maybe_utc(b, sizeof(b), validated),
1530 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1531 } else if (last > 0)
1532 log_info("=> No sealing yet, %s of entries not sealed.",
1533 format_timespan(c, sizeof(c), last - first, 0));
1535 log_info("=> No sealing yet, no entries in file.");
1544 static int access_check_var_log_journal(sd_journal *j) {
1545 _cleanup_strv_free_ char **g = NULL;
1551 have_access = in_group("systemd-journal") > 0;
1554 /* Let's enumerate all groups from the default ACL of
1555 * the directory, which generally should allow access
1556 * to most journal files too */
1557 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1564 if (strv_isempty(g))
1565 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1566 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1567 " turn off this notice.");
1569 _cleanup_free_ char *s = NULL;
1571 r = strv_extend(&g, "systemd-journal");
1578 s = strv_join(g, "', '");
1582 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1583 " Users in the groups '%s' can see all messages.\n"
1584 " Pass -q to turn off this notice.", s);
1592 static int access_check(sd_journal *j) {
1599 if (set_isempty(j->errors)) {
1600 if (ordered_hashmap_isempty(j->files))
1601 log_notice("No journal files were found.");
1605 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1607 /* If /var/log/journal doesn't even exist,
1608 * unprivileged users have no access at all */
1609 if (access("/var/log/journal", F_OK) < 0 &&
1611 in_group("systemd-journal") <= 0) {
1612 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1613 "enabled. Users in the 'systemd-journal' group may always access messages.");
1617 /* If /var/log/journal exists, try to pring a nice
1618 notice if the user lacks access to it */
1619 if (!arg_quiet && geteuid() != 0) {
1620 r = access_check_var_log_journal(j);
1625 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1626 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1627 "group may access messages.");
1632 if (ordered_hashmap_isempty(j->files)) {
1633 log_error("No journal files were opened due to insufficient permissions.");
1638 SET_FOREACH(code, j->errors, it) {
1641 err = -PTR_TO_INT(code);
1645 log_warning_errno(err, "Error was encountered while opening journal files: %m");
1651 static int flush_to_var(void) {
1652 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1653 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1654 _cleanup_close_ int watch_fd = -1;
1658 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1661 /* OK, let's actually do the full logic, send SIGUSR1 to the
1662 * daemon and set up inotify to wait for the flushed file to appear */
1663 r = bus_open_system_systemd(&bus);
1665 return log_error_errno(r, "Failed to get D-Bus connection: %m");
1667 r = sd_bus_call_method(
1669 "org.freedesktop.systemd1",
1670 "/org/freedesktop/systemd1",
1671 "org.freedesktop.systemd1.Manager",
1675 "ssi", "systemd-journald.service", "main", SIGUSR1);
1677 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1681 mkdir_p("/run/systemd/journal", 0755);
1683 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1685 return log_error_errno(errno, "Failed to create inotify watch: %m");
1687 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1689 return log_error_errno(errno, "Failed to watch journal directory: %m");
1692 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1695 if (errno != ENOENT)
1696 return log_error_errno(errno, "Failed to check for existance of /run/systemd/journal/flushed: %m");
1698 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1700 return log_error_errno(r, "Failed to wait for event: %m");
1702 r = flush_fd(watch_fd);
1704 return log_error_errno(r, "Failed to flush inotify events: %m");
1710 int main(int argc, char *argv[]) {
1712 _cleanup_journal_close_ sd_journal *j = NULL;
1713 bool need_seek = false;
1714 sd_id128_t previous_boot_id;
1715 bool previous_boot_id_valid = false, first_line = true;
1717 bool ellipsized = false;
1719 setlocale(LC_ALL, "");
1720 log_parse_environment();
1723 r = parse_argv(argc, argv);
1727 signal(SIGWINCH, columns_lines_cache_reset);
1729 if (arg_action == ACTION_NEW_ID128) {
1730 r = generate_new_id128();
1734 if (arg_action == ACTION_FLUSH) {
1739 if (arg_action == ACTION_SETUP_KEYS) {
1744 if (arg_action == ACTION_UPDATE_CATALOG ||
1745 arg_action == ACTION_LIST_CATALOG ||
1746 arg_action == ACTION_DUMP_CATALOG) {
1748 _cleanup_free_ char *database;
1750 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1756 if (arg_action == ACTION_UPDATE_CATALOG) {
1757 r = catalog_update(database, arg_root, catalog_file_dirs);
1759 log_error_errno(r, "Failed to list catalog: %m");
1761 bool oneline = arg_action == ACTION_LIST_CATALOG;
1764 r = catalog_list_items(stdout, database,
1765 oneline, argv + optind);
1767 r = catalog_list(stdout, database, oneline);
1769 log_error_errno(r, "Failed to list catalog: %m");
1776 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1778 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1779 else if (arg_machine)
1780 r = sd_journal_open_container(&j, arg_machine, 0);
1782 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1784 log_error_errno(r, "Failed to open %s: %m",
1785 arg_directory ? arg_directory : arg_file ? "files" : "journal");
1786 return EXIT_FAILURE;
1789 r = access_check(j);
1791 return EXIT_FAILURE;
1793 if (arg_action == ACTION_VERIFY) {
1798 if (arg_action == ACTION_PRINT_HEADER) {
1799 journal_print_header(j);
1800 return EXIT_SUCCESS;
1803 if (arg_action == ACTION_DISK_USAGE) {
1805 char sbytes[FORMAT_BYTES_MAX];
1807 r = sd_journal_get_usage(j, &bytes);
1809 return EXIT_FAILURE;
1811 printf("Archived and active journals take up %s on disk.\n",
1812 format_bytes(sbytes, sizeof(sbytes), bytes));
1813 return EXIT_SUCCESS;
1816 if (arg_action == ACTION_VACUUM) {
1820 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1826 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1828 log_error_errno(q, "Failed to vacuum: %m");
1833 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1836 if (arg_action == ACTION_LIST_BOOTS) {
1841 /* add_boot() must be called first!
1842 * It may need to seek the journal to find parent boot IDs. */
1845 return EXIT_FAILURE;
1849 return EXIT_FAILURE;
1852 strv_free(arg_system_units);
1853 strv_free(arg_user_units);
1856 log_error_errno(r, "Failed to add filter for units: %m");
1857 return EXIT_FAILURE;
1860 r = add_syslog_identifier(j);
1862 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1863 return EXIT_FAILURE;
1866 r = add_priorities(j);
1868 log_error_errno(r, "Failed to add filter for priorities: %m");
1869 return EXIT_FAILURE;
1872 r = add_matches(j, argv + optind);
1874 log_error_errno(r, "Failed to add filters: %m");
1875 return EXIT_FAILURE;
1878 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1879 _cleanup_free_ char *filter;
1881 filter = journal_make_match_string(j);
1882 log_debug("Journal filter: %s", filter);
1889 r = sd_journal_set_data_threshold(j, 0);
1891 log_error("Failed to unset data size threshold");
1892 return EXIT_FAILURE;
1895 r = sd_journal_query_unique(j, arg_field);
1897 log_error_errno(r, "Failed to query unique data objects: %m");
1898 return EXIT_FAILURE;
1901 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1904 if (arg_lines >= 0 && n_shown >= arg_lines)
1907 eq = memchr(data, '=', size);
1909 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1911 printf("%.*s\n", (int) size, (const char*) data);
1916 return EXIT_SUCCESS;
1919 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1921 r = sd_journal_get_fd(j);
1923 return EXIT_FAILURE;
1926 if (arg_cursor || arg_after_cursor) {
1927 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1929 log_error_errno(r, "Failed to seek to cursor: %m");
1930 return EXIT_FAILURE;
1933 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1935 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1937 if (arg_after_cursor && r < 2 && !arg_follow)
1938 /* We couldn't find the next entry after the cursor. */
1941 } else if (arg_since_set && !arg_reverse) {
1942 r = sd_journal_seek_realtime_usec(j, arg_since);
1944 log_error_errno(r, "Failed to seek to date: %m");
1945 return EXIT_FAILURE;
1947 r = sd_journal_next(j);
1949 } else if (arg_until_set && arg_reverse) {
1950 r = sd_journal_seek_realtime_usec(j, arg_until);
1952 log_error_errno(r, "Failed to seek to date: %m");
1953 return EXIT_FAILURE;
1955 r = sd_journal_previous(j);
1957 } else if (arg_lines >= 0) {
1958 r = sd_journal_seek_tail(j);
1960 log_error_errno(r, "Failed to seek to tail: %m");
1961 return EXIT_FAILURE;
1964 r = sd_journal_previous_skip(j, arg_lines);
1966 } else if (arg_reverse) {
1967 r = sd_journal_seek_tail(j);
1969 log_error_errno(r, "Failed to seek to tail: %m");
1970 return EXIT_FAILURE;
1973 r = sd_journal_previous(j);
1976 r = sd_journal_seek_head(j);
1978 log_error_errno(r, "Failed to seek to head: %m");
1979 return EXIT_FAILURE;
1982 r = sd_journal_next(j);
1986 log_error_errno(r, "Failed to iterate through journal: %m");
1987 return EXIT_FAILURE;
1991 pager_open_if_enabled();
1995 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1997 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1999 log_error_errno(r, "Failed to get cutoff: %m");
2005 printf("-- Logs begin at %s. --\n",
2006 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2008 printf("-- Logs begin at %s, end at %s. --\n",
2009 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2010 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2015 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2020 r = sd_journal_next(j);
2022 r = sd_journal_previous(j);
2024 log_error_errno(r, "Failed to iterate through journal: %m");
2031 if (arg_until_set && !arg_reverse) {
2034 r = sd_journal_get_realtime_usec(j, &usec);
2036 log_error_errno(r, "Failed to determine timestamp: %m");
2039 if (usec > arg_until)
2043 if (arg_since_set && arg_reverse) {
2046 r = sd_journal_get_realtime_usec(j, &usec);
2048 log_error_errno(r, "Failed to determine timestamp: %m");
2051 if (usec < arg_since)
2055 if (!arg_merge && !arg_quiet) {
2058 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2060 if (previous_boot_id_valid &&
2061 !sd_id128_equal(boot_id, previous_boot_id))
2062 printf("%s-- Reboot --%s\n",
2063 ansi_highlight(), ansi_highlight_off());
2065 previous_boot_id = boot_id;
2066 previous_boot_id_valid = true;
2071 arg_all * OUTPUT_SHOW_ALL |
2072 arg_full * OUTPUT_FULL_WIDTH |
2073 on_tty() * OUTPUT_COLOR |
2074 arg_catalog * OUTPUT_CATALOG |
2075 arg_utc * OUTPUT_UTC;
2077 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2079 if (r == -EADDRNOTAVAIL)
2081 else if (r < 0 || ferror(stdout))
2088 if (arg_show_cursor) {
2089 _cleanup_free_ char *cursor = NULL;
2091 r = sd_journal_get_cursor(j, &cursor);
2092 if (r < 0 && r != -EADDRNOTAVAIL)
2093 log_error_errno(r, "Failed to get cursor: %m");
2095 printf("-- cursor: %s\n", cursor);
2101 r = sd_journal_wait(j, (uint64_t) -1);
2103 log_error_errno(r, "Couldn't wait for journal event: %m");
2113 strv_free(arg_file);
2115 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;