1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
34 #include <sys/ioctl.h>
42 #include <systemd/sd-journal.h>
45 #include "logs-show.h"
47 #include "path-util.h"
51 #include "logs-show.h"
53 #include "journal-internal.h"
54 #include "journal-def.h"
55 #include "journal-verify.h"
56 #include "journal-authenticate.h"
57 #include "journal-qrcode.h"
59 #include "unit-name.h"
62 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
64 static OutputMode arg_output = OUTPUT_SHORT;
65 static bool arg_pager_end = false;
66 static bool arg_follow = false;
67 static bool arg_full = false;
68 static bool arg_all = false;
69 static bool arg_no_pager = false;
70 static int arg_lines = -1;
71 static bool arg_no_tail = false;
72 static bool arg_quiet = false;
73 static bool arg_merge = false;
74 static bool arg_boot = false;
75 static char *arg_boot_descriptor = NULL;
76 static bool arg_dmesg = false;
77 static const char *arg_cursor = NULL;
78 static const char *arg_after_cursor = NULL;
79 static bool arg_show_cursor = false;
80 static const char *arg_directory = NULL;
81 static char **arg_file = NULL;
82 static int arg_priorities = 0xFF;
83 static const char *arg_verify_key = NULL;
85 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
86 static bool arg_force = false;
88 static usec_t arg_since, arg_until;
89 static bool arg_since_set = false, arg_until_set = false;
90 static char **arg_system_units = NULL;
91 static char **arg_user_units = NULL;
92 static const char *arg_field = NULL;
93 static bool arg_catalog = false;
94 static bool arg_reverse = false;
95 static int arg_journal_type = 0;
96 static const char *arg_root = NULL;
107 ACTION_UPDATE_CATALOG
108 } arg_action = ACTION_SHOW;
110 typedef struct boot_id_t {
115 static int help(void) {
117 printf("%s [OPTIONS...] [MATCHES...]\n\n"
118 "Query the journal.\n\n"
120 " --system Show only the system journal\n"
121 " --user Show only the user journal for current user\n"
122 " --since=DATE Start showing entries newer or of the specified date\n"
123 " --until=DATE Stop showing entries older or of the specified date\n"
124 " -c --cursor=CURSOR Start showing entries from specified cursor\n"
125 " --after-cursor=CURSOR Start showing entries from specified cursor\n"
126 " --show-cursor Print the cursor after all the entries\n"
127 " -b --boot[=ID] Show data only from ID or current boot if unspecified\n"
128 " -k --dmesg Show kernel message log from current boot\n"
129 " -u --unit=UNIT Show data only from the specified unit\n"
130 " --user-unit=UNIT Show data only from the specified user session unit\n"
131 " -p --priority=RANGE Show only messages within the specified priority range\n"
132 " -e --pager-end Immediately jump to end of the journal in the pager\n"
133 " -f --follow Follow journal\n"
134 " -n --lines[=INTEGER] Number of journal entries to show\n"
135 " --no-tail Show all lines, even in follow mode\n"
136 " -r --reverse Show the newest entries first\n"
137 " -o --output=STRING Change journal output mode (short, short-monotonic, short-iso\n"
138 " verbose, export, json, json-pretty, json-sse, cat)\n"
139 " -x --catalog Add message explanations where available\n"
140 " -l --full Do not ellipsize fields\n"
141 " -a --all Show all fields, including long and unprintable\n"
142 " -q --quiet Don't show privilege warning\n"
143 " --no-pager Do not pipe output into a pager\n"
144 " -m --merge Show entries from all available journals\n"
145 " -D --directory=PATH Show journal files from directory\n"
146 " --file=PATH Show journal file\n"
147 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
149 " --interval=TIME Time interval for changing the FSS sealing key\n"
150 " --verify-key=KEY Specify FSS verification key\n"
151 " --force Force overriding new FSS key pair with --setup-keys\n"
154 " -h --help Show this help\n"
155 " --version Show package version\n"
156 " --new-id128 Generate a new 128 Bit ID\n"
157 " --header Show journal header information\n"
158 " --disk-usage Show total disk usage\n"
159 " -F --field=FIELD List all values a certain field takes\n"
160 " --list-catalog Show message IDs of all entries in the message catalog\n"
161 " --dump-catalog Show entries in the message catalog\n"
162 " --update-catalog Update the message catalog database\n"
164 " --setup-keys Generate new FSS key pair\n"
165 " --verify Verify journal file consistency\n"
167 , program_invocation_short_name);
172 static int parse_argv(int argc, char *argv[]) {
200 static const struct option options[] = {
201 { "help", no_argument, NULL, 'h' },
202 { "version" , no_argument, NULL, ARG_VERSION },
203 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
204 { "pager-end", no_argument, NULL, 'e' },
205 { "follow", no_argument, NULL, 'f' },
206 { "force", no_argument, NULL, ARG_FORCE },
207 { "output", required_argument, NULL, 'o' },
208 { "all", no_argument, NULL, 'a' },
209 { "full", no_argument, NULL, 'l' },
210 { "lines", optional_argument, NULL, 'n' },
211 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
212 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
213 { "quiet", no_argument, NULL, 'q' },
214 { "merge", no_argument, NULL, 'm' },
215 { "boot", optional_argument, NULL, 'b' },
216 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
217 { "dmesg", no_argument, NULL, 'k' },
218 { "system", no_argument, NULL, ARG_SYSTEM },
219 { "user", no_argument, NULL, ARG_USER },
220 { "directory", required_argument, NULL, 'D' },
221 { "file", required_argument, NULL, ARG_FILE },
222 { "root", required_argument, NULL, ARG_ROOT },
223 { "header", no_argument, NULL, ARG_HEADER },
224 { "priority", required_argument, NULL, 'p' },
225 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
226 { "interval", required_argument, NULL, ARG_INTERVAL },
227 { "verify", no_argument, NULL, ARG_VERIFY },
228 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
229 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
230 { "cursor", required_argument, NULL, 'c' },
231 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
232 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
233 { "since", required_argument, NULL, ARG_SINCE },
234 { "until", required_argument, NULL, ARG_UNTIL },
235 { "unit", required_argument, NULL, 'u' },
236 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
237 { "field", required_argument, NULL, 'F' },
238 { "catalog", no_argument, NULL, 'x' },
239 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
240 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
241 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
242 { "reverse", no_argument, NULL, 'r' },
251 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:u:F:xr", options, NULL)) >= 0) {
260 puts(PACKAGE_STRING);
261 puts(SYSTEMD_FEATURES);
269 arg_pager_end = true;
281 arg_output = output_mode_from_string(optarg);
282 if (arg_output < 0) {
283 log_error("Unknown output format '%s'.", optarg);
287 if (arg_output == OUTPUT_EXPORT ||
288 arg_output == OUTPUT_JSON ||
289 arg_output == OUTPUT_JSON_PRETTY ||
290 arg_output == OUTPUT_JSON_SSE ||
291 arg_output == OUTPUT_CAT)
306 r = safe_atoi(optarg, &arg_lines);
307 if (r < 0 || arg_lines < 0) {
308 log_error("Failed to parse lines '%s'", optarg);
314 /* Hmm, no argument? Maybe the next
315 * word on the command line is
316 * supposed to be the argument? Let's
317 * see if there is one, and is
318 * parsable as a positive
322 safe_atoi(argv[optind], &n) >= 0 &&
338 arg_action = ACTION_NEW_ID128;
353 arg_boot_descriptor = optarg;
354 else if (optind < argc) {
357 if (argv[optind][0] != '-' ||
358 safe_atoi(argv[optind], &boot) >= 0) {
359 arg_boot_descriptor = argv[optind];
367 arg_boot = arg_dmesg = true;
371 arg_journal_type |= SD_JOURNAL_SYSTEM;
375 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
379 arg_directory = optarg;
383 r = glob_extend(&arg_file, optarg);
385 log_error("Failed to add paths: %s", strerror(-r));
398 case ARG_AFTER_CURSOR:
399 arg_after_cursor = optarg;
402 case ARG_SHOW_CURSOR:
403 arg_show_cursor = true;
407 arg_action = ACTION_PRINT_HEADER;
411 arg_action = ACTION_VERIFY;
415 arg_action = ACTION_DISK_USAGE;
424 arg_action = ACTION_SETUP_KEYS;
429 arg_action = ACTION_VERIFY;
430 arg_verify_key = optarg;
435 r = parse_sec(optarg, &arg_interval);
436 if (r < 0 || arg_interval <= 0) {
437 log_error("Failed to parse sealing key change interval: %s", optarg);
446 log_error("Forward-secure sealing not available.");
453 dots = strstr(optarg, "..");
459 a = strndup(optarg, dots - optarg);
463 from = log_level_from_string(a);
464 to = log_level_from_string(dots + 2);
467 if (from < 0 || to < 0) {
468 log_error("Failed to parse log level range %s", optarg);
475 for (i = from; i <= to; i++)
476 arg_priorities |= 1 << i;
478 for (i = to; i <= from; i++)
479 arg_priorities |= 1 << i;
485 p = log_level_from_string(optarg);
487 log_error("Unknown log level %s", optarg);
493 for (i = 0; i <= p; i++)
494 arg_priorities |= 1 << i;
501 r = parse_timestamp(optarg, &arg_since);
503 log_error("Failed to parse timestamp: %s", optarg);
506 arg_since_set = true;
510 r = parse_timestamp(optarg, &arg_until);
512 log_error("Failed to parse timestamp: %s", optarg);
515 arg_until_set = true;
519 r = strv_extend(&arg_system_units, optarg);
525 r = strv_extend(&arg_user_units, optarg);
541 case ARG_LIST_CATALOG:
542 arg_action = ACTION_LIST_CATALOG;
545 case ARG_DUMP_CATALOG:
546 arg_action = ACTION_DUMP_CATALOG;
549 case ARG_UPDATE_CATALOG:
550 arg_action = ACTION_UPDATE_CATALOG;
558 log_error("Unknown option code %c", c);
563 if (arg_follow && !arg_no_tail && arg_lines < 0)
566 if (arg_directory && arg_file) {
567 log_error("Please specify either -D/--directory= or --file=, not both.");
571 if (arg_since_set && arg_until_set && arg_since > arg_until) {
572 log_error("--since= must be before --until=.");
576 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
577 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
581 if (arg_follow && arg_reverse) {
582 log_error("Please specify either --reverse= or --follow=, not both.");
589 static int generate_new_id128(void) {
594 r = sd_id128_randomize(&id);
596 log_error("Failed to generate ID: %s", strerror(-r));
600 printf("As string:\n"
601 SD_ID128_FORMAT_STR "\n\n"
603 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
605 "#define MESSAGE_XYZ SD_ID128_MAKE(",
606 SD_ID128_FORMAT_VAL(id),
607 SD_ID128_FORMAT_VAL(id));
608 for (i = 0; i < 16; i++)
609 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
610 fputs(")\n\n", stdout);
612 printf("As Python constant:\n"
614 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
615 SD_ID128_FORMAT_VAL(id));
620 static int add_matches(sd_journal *j, char **args) {
625 STRV_FOREACH(i, args) {
629 r = sd_journal_add_disjunction(j);
630 else if (path_is_absolute(*i)) {
631 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
633 _cleanup_free_ char *interpreter = NULL;
636 p = canonicalize_file_name(*i);
639 if (stat(path, &st) < 0) {
640 log_error("Couldn't stat file: %m");
644 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
645 if (executable_is_script(path, &interpreter) > 0) {
646 _cleanup_free_ char *comm;
648 comm = strndup(path_get_file_name(path), 15);
652 t = strappend("_COMM=", comm);
654 /* Append _EXE only if the interpreter is not a link.
655 Otherwise it might be outdated often. */
656 if (lstat(interpreter, &st) == 0 &&
657 !S_ISLNK(st.st_mode)) {
658 t2 = strappend("_EXE=", interpreter);
663 t = strappend("_EXE=", path);
664 } else if (S_ISCHR(st.st_mode))
665 asprintf(&t, "_KERNEL_DEVICE=c%u:%u", major(st.st_rdev), minor(st.st_rdev));
666 else if (S_ISBLK(st.st_mode))
667 asprintf(&t, "_KERNEL_DEVICE=b%u:%u", major(st.st_rdev), minor(st.st_rdev));
669 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
676 r = sd_journal_add_match(j, t, 0);
678 r = sd_journal_add_match(j, t2, 0);
680 r = sd_journal_add_match(j, *i, 0);
683 log_error("Failed to add match '%s': %s", *i, strerror(-r));
691 static int boot_id_cmp(const void *a, const void *b) {
694 _a = ((const boot_id_t *)a)->timestamp;
695 _b = ((const boot_id_t *)b)->timestamp;
697 return _a < _b ? -1 : (_a > _b ? 1 : 0);
700 static int get_relative_boot_id(sd_journal *j, sd_id128_t *boot_id, int relative) {
703 unsigned int count = 0;
704 size_t length, allocated = 0;
705 boot_id_t ref_boot_id = {SD_ID128_NULL}, *id;
706 _cleanup_free_ boot_id_t *all_ids = NULL;
711 if (relative == 0 && !sd_id128_equal(*boot_id, SD_ID128_NULL))
714 r = sd_journal_query_unique(j, "_BOOT_ID");
718 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
719 if (length < strlen("_BOOT_ID="))
722 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
725 id = &all_ids[count];
727 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
731 r = sd_journal_add_match(j, data, length);
735 r = sd_journal_seek_head(j);
739 r = sd_journal_next(j);
745 r = sd_journal_get_realtime_usec(j, &id->timestamp);
749 if (sd_id128_equal(id->id, *boot_id))
754 sd_journal_flush_matches(j);
757 qsort(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
759 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
760 if (relative > (int) count || relative <= -(int)count)
761 return -EADDRNOTAVAIL;
763 *boot_id = all_ids[(relative <= 0)*count + relative - 1].id;
765 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
768 relative <= 0 ? (id - all_ids) + relative < 0 :
769 (id - all_ids) + relative >= (int) count)
770 return -EADDRNOTAVAIL;
772 *boot_id = (id + relative)->id;
778 static int add_boot(sd_journal *j) {
779 char match[9+32+1] = "_BOOT_ID=";
781 sd_id128_t boot_id = SD_ID128_NULL;
789 if (!arg_boot_descriptor)
790 return add_match_this_boot(j);
792 if (strlen(arg_boot_descriptor) >= 32) {
793 char tmp = arg_boot_descriptor[32];
794 arg_boot_descriptor[32] = '\0';
795 r = sd_id128_from_string(arg_boot_descriptor, &boot_id);
796 arg_boot_descriptor[32] = tmp;
799 log_error("Failed to parse boot ID '%.32s': %s",
800 arg_boot_descriptor, strerror(-r));
804 offset = arg_boot_descriptor + 32;
806 if (*offset && *offset != '-' && *offset != '+') {
807 log_error("Relative boot ID offset must start with a '+' or a '-', found '%s' ", offset);
811 offset = arg_boot_descriptor;
814 r = safe_atoi(offset, &relative);
816 log_error("Failed to parse relative boot ID number '%s'", offset);
821 r = get_relative_boot_id(j, &boot_id, relative);
823 if (sd_id128_equal(boot_id, SD_ID128_NULL))
824 log_error("Failed to look up boot %+d: %s", relative, strerror(-r));
826 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+d: %s",
827 SD_ID128_FORMAT_VAL(boot_id), relative, strerror(-r));
831 sd_id128_to_string(boot_id, match + 9);
833 r = sd_journal_add_match(j, match, sizeof(match) - 1);
835 log_error("Failed to add match: %s", strerror(-r));
839 r = sd_journal_add_conjunction(j);
846 static int add_dmesg(sd_journal *j) {
853 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
855 log_error("Failed to add match: %s", strerror(-r));
859 r = sd_journal_add_conjunction(j);
866 static int add_units(sd_journal *j) {
867 _cleanup_free_ char *u = NULL;
873 STRV_FOREACH(i, arg_system_units) {
874 u = unit_name_mangle(*i);
877 r = add_matches_for_unit(j, u);
880 r = sd_journal_add_disjunction(j);
885 STRV_FOREACH(i, arg_user_units) {
886 u = unit_name_mangle(*i);
890 r = add_matches_for_user_unit(j, u, getuid());
894 r = sd_journal_add_disjunction(j);
900 r = sd_journal_add_conjunction(j);
907 static int add_priorities(sd_journal *j) {
908 char match[] = "PRIORITY=0";
912 if (arg_priorities == 0xFF)
915 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
916 if (arg_priorities & (1 << i)) {
917 match[sizeof(match)-2] = '0' + i;
919 r = sd_journal_add_match(j, match, strlen(match));
921 log_error("Failed to add match: %s", strerror(-r));
926 r = sd_journal_add_conjunction(j);
933 static int setup_keys(void) {
935 size_t mpk_size, seed_size, state_size, i;
936 uint8_t *mpk, *seed, *state;
938 int fd = -1, r, attr = 0;
939 sd_id128_t machine, boot;
940 char *p = NULL, *k = NULL;
945 r = stat("/var/log/journal", &st);
946 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
947 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
951 if (r < 0 || !S_ISDIR(st.st_mode)) {
952 log_error("%s is not a directory, must be using persistent logging for FSS.",
954 return r < 0 ? -errno : -ENOTDIR;
957 r = sd_id128_get_machine(&machine);
959 log_error("Failed to get machine ID: %s", strerror(-r));
963 r = sd_id128_get_boot(&boot);
965 log_error("Failed to get boot ID: %s", strerror(-r));
969 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
970 SD_ID128_FORMAT_VAL(machine)) < 0)
973 if (access(p, F_OK) >= 0) {
977 log_error("unlink(\"%s\") failed: %m", p);
982 log_error("Sealing key file %s exists already. (--force to recreate)", p);
988 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
989 SD_ID128_FORMAT_VAL(machine)) < 0) {
994 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
995 mpk = alloca(mpk_size);
997 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
998 seed = alloca(seed_size);
1000 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1001 state = alloca(state_size);
1003 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1005 log_error("Failed to open /dev/random: %m");
1010 log_info("Generating seed...");
1011 l = loop_read(fd, seed, seed_size, true);
1012 if (l < 0 || (size_t) l != seed_size) {
1013 log_error("Failed to read random seed: %s", strerror(EIO));
1018 log_info("Generating key pair...");
1019 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1021 log_info("Generating sealing key...");
1022 FSPRG_GenState0(state, mpk, seed, seed_size);
1024 assert(arg_interval > 0);
1026 n = now(CLOCK_REALTIME);
1029 close_nointr_nofail(fd);
1030 fd = mkostemp(k, O_WRONLY|O_CLOEXEC|O_NOCTTY);
1032 log_error("Failed to open %s: %m", k);
1037 /* Enable secure remove, exclusion from dump, synchronous
1038 * writing and in-place updating */
1039 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1040 log_warning("FS_IOC_GETFLAGS failed: %m");
1042 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1044 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1045 log_warning("FS_IOC_SETFLAGS failed: %m");
1048 memcpy(h.signature, "KSHHRHLP", 8);
1049 h.machine_id = machine;
1051 h.header_size = htole64(sizeof(h));
1052 h.start_usec = htole64(n * arg_interval);
1053 h.interval_usec = htole64(arg_interval);
1054 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1055 h.fsprg_state_size = htole64(state_size);
1057 l = loop_write(fd, &h, sizeof(h), false);
1058 if (l < 0 || (size_t) l != sizeof(h)) {
1059 log_error("Failed to write header: %s", strerror(EIO));
1064 l = loop_write(fd, state, state_size, false);
1065 if (l < 0 || (size_t) l != state_size) {
1066 log_error("Failed to write state: %s", strerror(EIO));
1071 if (link(k, p) < 0) {
1072 log_error("Failed to link file: %m");
1080 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1081 "the following local file. This key file is automatically updated when the\n"
1082 "sealing key is advanced. It should not be used on multiple hosts.\n"
1086 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1087 "at a safe location and should not be saved locally on disk.\n"
1088 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1091 for (i = 0; i < seed_size; i++) {
1092 if (i > 0 && i % 3 == 0)
1094 printf("%02x", ((uint8_t*) seed)[i]);
1097 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1100 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1103 ANSI_HIGHLIGHT_OFF "\n"
1104 "The sealing key is automatically changed every %s.\n",
1105 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1107 hn = gethostname_malloc();
1110 hostname_cleanup(hn, false);
1111 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1113 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1115 #ifdef HAVE_QRENCODE
1116 /* If this is not an UTF-8 system don't print any QR codes */
1117 if (is_locale_utf8()) {
1118 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1119 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1129 close_nointr_nofail(fd);
1140 log_error("Forward-secure sealing not available.");
1145 static int verify(sd_journal *j) {
1152 log_show_color(true);
1154 HASHMAP_FOREACH(f, j->files, i) {
1156 usec_t first, validated, last;
1159 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1160 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1163 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1165 /* If the key was invalid give up right-away. */
1168 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1171 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1172 log_info("PASS: %s", f->path);
1174 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1175 if (validated > 0) {
1176 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1177 format_timestamp(a, sizeof(a), first),
1178 format_timestamp(b, sizeof(b), validated),
1179 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1180 } else if (last > 0)
1181 log_info("=> No sealing yet, %s of entries not sealed.",
1182 format_timespan(c, sizeof(c), last - first, 0));
1184 log_info("=> No sealing yet, no entries in file.");
1193 static int access_check_var_log_journal(sd_journal *j) {
1194 _cleanup_strv_free_ char **g = NULL;
1200 have_access = in_group("systemd-journal") > 0;
1203 /* Let's enumerate all groups from the default ACL of
1204 * the directory, which generally should allow access
1205 * to most journal files too */
1206 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1213 if (strv_isempty(g))
1214 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1215 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1216 " turn off this notice.");
1218 _cleanup_free_ char *s = NULL;
1220 r = strv_extend(&g, "systemd-journal");
1227 s = strv_join(g, "', '");
1231 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1232 " Users in the groups '%s' can see all messages.\n"
1233 " Pass -q to turn off this notice.", s);
1241 static int access_check(sd_journal *j) {
1248 if (set_isempty(j->errors)) {
1249 if (hashmap_isempty(j->files))
1250 log_notice("No journal files were found.");
1254 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1256 /* If /var/log/journal doesn't even exist,
1257 * unprivileged users have no access at all */
1258 if (access("/var/log/journal", F_OK) < 0 &&
1260 in_group("systemd-journal") <= 0) {
1261 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1262 "enabled. Users in the 'systemd-journal' group may always access messages.");
1266 /* If /var/log/journal exists, try to pring a nice
1267 notice if the user lacks access to it */
1268 if (!arg_quiet && geteuid() != 0) {
1269 r = access_check_var_log_journal(j);
1274 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1275 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1276 "group may access messages.");
1281 if (hashmap_isempty(j->files)) {
1282 log_error("No journal files were opened due to insufficient permissions.");
1287 SET_FOREACH(code, j->errors, it) {
1290 err = -PTR_TO_INT(code);
1294 log_warning("Error was encountered while opening journal files: %s",
1301 int main(int argc, char *argv[]) {
1303 _cleanup_journal_close_ sd_journal*j = NULL;
1304 bool need_seek = false;
1305 sd_id128_t previous_boot_id;
1306 bool previous_boot_id_valid = false, first_line = true;
1309 setlocale(LC_ALL, "");
1310 log_parse_environment();
1313 r = parse_argv(argc, argv);
1317 signal(SIGWINCH, columns_lines_cache_reset);
1319 if (arg_action == ACTION_NEW_ID128) {
1320 r = generate_new_id128();
1324 if (arg_action == ACTION_SETUP_KEYS) {
1329 if (arg_action == ACTION_UPDATE_CATALOG ||
1330 arg_action == ACTION_LIST_CATALOG ||
1331 arg_action == ACTION_DUMP_CATALOG) {
1333 const char* database = CATALOG_DATABASE;
1334 _cleanup_free_ char *copy = NULL;
1336 copy = strjoin(arg_root, "/", CATALOG_DATABASE, NULL);
1341 path_kill_slashes(copy);
1345 if (arg_action == ACTION_UPDATE_CATALOG) {
1346 r = catalog_update(database, arg_root, catalog_file_dirs);
1348 log_error("Failed to list catalog: %s", strerror(-r));
1350 bool oneline = arg_action == ACTION_LIST_CATALOG;
1353 r = catalog_list_items(stdout, database,
1354 oneline, argv + optind);
1356 r = catalog_list(stdout, database, oneline);
1358 log_error("Failed to list catalog: %s", strerror(-r));
1365 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1367 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1369 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1371 log_error("Failed to open %s: %s",
1372 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1374 return EXIT_FAILURE;
1377 r = access_check(j);
1379 return EXIT_FAILURE;
1381 if (arg_action == ACTION_VERIFY) {
1386 if (arg_action == ACTION_PRINT_HEADER) {
1387 journal_print_header(j);
1388 return EXIT_SUCCESS;
1391 if (arg_action == ACTION_DISK_USAGE) {
1393 char sbytes[FORMAT_BYTES_MAX];
1395 r = sd_journal_get_usage(j, &bytes);
1397 return EXIT_FAILURE;
1399 printf("Journals take up %s on disk.\n",
1400 format_bytes(sbytes, sizeof(sbytes), bytes));
1401 return EXIT_SUCCESS;
1404 /* add_boot() must be called first!
1405 * It may need to seek the journal to find parent boot IDs. */
1408 return EXIT_FAILURE;
1412 return EXIT_FAILURE;
1415 strv_free(arg_system_units);
1416 strv_free(arg_user_units);
1419 return EXIT_FAILURE;
1421 r = add_priorities(j);
1423 return EXIT_FAILURE;
1425 r = add_matches(j, argv + optind);
1427 return EXIT_FAILURE;
1429 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1430 _cleanup_free_ char *filter;
1432 filter = journal_make_match_string(j);
1433 log_debug("Journal filter: %s", filter);
1440 r = sd_journal_set_data_threshold(j, 0);
1442 log_error("Failed to unset data size threshold");
1443 return EXIT_FAILURE;
1446 r = sd_journal_query_unique(j, arg_field);
1448 log_error("Failed to query unique data objects: %s", strerror(-r));
1449 return EXIT_FAILURE;
1452 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1455 if (arg_lines >= 0 && n_shown >= arg_lines)
1458 eq = memchr(data, '=', size);
1460 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1462 printf("%.*s\n", (int) size, (const char*) data);
1467 return EXIT_SUCCESS;
1470 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1472 r = sd_journal_get_fd(j);
1474 return EXIT_FAILURE;
1477 if (arg_cursor || arg_after_cursor) {
1478 r = sd_journal_seek_cursor(j, arg_cursor ? arg_cursor : arg_after_cursor);
1480 log_error("Failed to seek to cursor: %s", strerror(-r));
1481 return EXIT_FAILURE;
1484 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1486 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1488 if (arg_after_cursor && r < 2 && !arg_follow)
1489 /* We couldn't find the next entry after the cursor. */
1492 } else if (arg_since_set && !arg_reverse) {
1493 r = sd_journal_seek_realtime_usec(j, arg_since);
1495 log_error("Failed to seek to date: %s", strerror(-r));
1496 return EXIT_FAILURE;
1498 r = sd_journal_next(j);
1500 } else if (arg_until_set && arg_reverse) {
1501 r = sd_journal_seek_realtime_usec(j, arg_until);
1503 log_error("Failed to seek to date: %s", strerror(-r));
1504 return EXIT_FAILURE;
1506 r = sd_journal_previous(j);
1508 } else if (arg_lines >= 0) {
1509 r = sd_journal_seek_tail(j);
1511 log_error("Failed to seek to tail: %s", strerror(-r));
1512 return EXIT_FAILURE;
1515 r = sd_journal_previous_skip(j, arg_lines);
1517 } else if (arg_reverse) {
1518 r = sd_journal_seek_tail(j);
1520 log_error("Failed to seek to tail: %s", strerror(-r));
1521 return EXIT_FAILURE;
1524 r = sd_journal_previous(j);
1527 r = sd_journal_seek_head(j);
1529 log_error("Failed to seek to head: %s", strerror(-r));
1530 return EXIT_FAILURE;
1533 r = sd_journal_next(j);
1537 log_error("Failed to iterate through journal: %s", strerror(-r));
1538 return EXIT_FAILURE;
1541 if (!arg_no_pager && !arg_follow)
1542 pager_open(arg_pager_end);
1546 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1548 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1550 log_error("Failed to get cutoff: %s", strerror(-r));
1556 printf("-- Logs begin at %s. --\n",
1557 format_timestamp(start_buf, sizeof(start_buf), start));
1559 printf("-- Logs begin at %s, end at %s. --\n",
1560 format_timestamp(start_buf, sizeof(start_buf), start),
1561 format_timestamp(end_buf, sizeof(end_buf), end));
1566 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
1571 r = sd_journal_next(j);
1573 r = sd_journal_previous(j);
1575 log_error("Failed to iterate through journal: %s", strerror(-r));
1582 if (arg_until_set && !arg_reverse) {
1585 r = sd_journal_get_realtime_usec(j, &usec);
1587 log_error("Failed to determine timestamp: %s", strerror(-r));
1590 if (usec > arg_until)
1594 if (arg_since_set && arg_reverse) {
1597 r = sd_journal_get_realtime_usec(j, &usec);
1599 log_error("Failed to determine timestamp: %s", strerror(-r));
1602 if (usec < arg_since)
1608 const char *color_on = on_tty() ? ANSI_HIGHLIGHT_ON : "",
1609 *color_off = on_tty() ? ANSI_HIGHLIGHT_OFF : "";
1611 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1613 if (previous_boot_id_valid &&
1614 !sd_id128_equal(boot_id, previous_boot_id))
1615 printf("%s-- Reboot --%s\n", color_on, color_off);
1617 previous_boot_id = boot_id;
1618 previous_boot_id_valid = true;
1623 arg_all * OUTPUT_SHOW_ALL |
1624 (arg_full || !on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
1625 on_tty() * OUTPUT_COLOR |
1626 arg_catalog * OUTPUT_CATALOG;
1628 r = output_journal(stdout, j, arg_output, 0, flags);
1630 if (r == -EADDRNOTAVAIL)
1632 else if (r < 0 || ferror(stdout))
1639 if (arg_show_cursor) {
1640 _cleanup_free_ char *cursor = NULL;
1642 r = sd_journal_get_cursor(j, &cursor);
1643 if (r < 0 && r != -EADDRNOTAVAIL)
1644 log_error("Failed to get cursor: %s", strerror(-r));
1646 printf("-- cursor: %s\n", cursor);
1652 r = sd_journal_wait(j, (uint64_t) -1);
1654 log_error("Couldn't wait for journal event: %s", strerror(-r));
1664 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;