1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/ioctl.h>
43 #include "systemd/sd-journal.h"
46 #include "logs-show.h"
48 #include "path-util.h"
54 #include "journal-internal.h"
55 #include "journal-def.h"
56 #include "journal-verify.h"
57 #include "journal-authenticate.h"
58 #include "journal-qrcode.h"
60 #include "unit-name.h"
63 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
66 /* Special values for arg_lines */
67 ARG_LINES_DEFAULT = -2,
71 static OutputMode arg_output = OUTPUT_SHORT;
72 static bool arg_utc = false;
73 static bool arg_pager_end = false;
74 static bool arg_follow = false;
75 static bool arg_full = true;
76 static bool arg_all = false;
77 static bool arg_no_pager = false;
78 static int arg_lines = ARG_LINES_DEFAULT;
79 static bool arg_no_tail = false;
80 static bool arg_quiet = false;
81 static bool arg_merge = false;
82 static bool arg_boot = false;
83 static sd_id128_t arg_boot_id = {};
84 static int arg_boot_offset = 0;
85 static bool arg_dmesg = false;
86 static const char *arg_cursor = NULL;
87 static const char *arg_after_cursor = NULL;
88 static bool arg_show_cursor = false;
89 static const char *arg_directory = NULL;
90 static char **arg_file = NULL;
91 static int arg_priorities = 0xFF;
92 static const char *arg_verify_key = NULL;
94 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
95 static bool arg_force = false;
97 static usec_t arg_since, arg_until;
98 static bool arg_since_set = false, arg_until_set = false;
99 static char **arg_syslog_identifier = NULL;
100 static char **arg_system_units = NULL;
101 static char **arg_user_units = NULL;
102 static const char *arg_field = NULL;
103 static bool arg_catalog = false;
104 static bool arg_reverse = false;
105 static int arg_journal_type = 0;
106 static const char *arg_root = NULL;
107 static const char *arg_machine = NULL;
118 ACTION_UPDATE_CATALOG,
120 } arg_action = ACTION_SHOW;
122 typedef struct boot_id_t {
128 static void pager_open_if_enabled(void) {
133 pager_open(arg_pager_end);
136 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
139 return format_timestamp_utc(buf, l, t);
141 return format_timestamp(buf, l, t);
144 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
145 sd_id128_t id = SD_ID128_NULL;
148 if (strlen(x) >= 32) {
152 r = sd_id128_from_string(t, &id);
156 if (*x != '-' && *x != '+' && *x != 0)
160 r = safe_atoi(x, &off);
165 r = safe_atoi(x, &off);
179 static void help(void) {
181 pager_open_if_enabled();
183 printf("%s [OPTIONS...] [MATCHES...]\n\n"
184 "Query the journal.\n\n"
186 " --system Show the system journal\n"
187 " --user Show the user journal for the current user\n"
188 " -M --machine=CONTAINER Operate on local container\n"
189 " --since=DATE Start showing entries on or newer than the specified date\n"
190 " --until=DATE Stop showing entries on or older than the specified date\n"
191 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
192 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
193 " --show-cursor Print the cursor after all the entries\n"
194 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
195 " --list-boots Show terse information about recorded boots\n"
196 " -k --dmesg Show kernel message log from the current boot\n"
197 " -u --unit=UNIT Show data only from the specified unit\n"
198 " --user-unit=UNIT Show data only from the specified user session unit\n"
199 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
200 " -p --priority=RANGE Show only messages within the specified priority range\n"
201 " -e --pager-end Immediately jump to end of the journal in the pager\n"
202 " -f --follow Follow the journal\n"
203 " -n --lines[=INTEGER] Number of journal entries to show\n"
204 " --no-tail Show all lines, even in follow mode\n"
205 " -r --reverse Show the newest entries first\n"
206 " -o --output=STRING Change journal output mode (short, short-iso,\n"
207 " short-precise, short-monotonic, verbose,\n"
208 " export, json, json-pretty, json-sse, cat)\n"
209 " --utc Express time in Coordinated Universal Time (UTC)\n"
210 " -x --catalog Add message explanations where available\n"
211 " --no-full Ellipsize fields\n"
212 " -a --all Show all fields, including long and unprintable\n"
213 " -q --quiet Do not show privilege warning\n"
214 " --no-pager Do not pipe output into a pager\n"
215 " -m --merge Show entries from all available journals\n"
216 " -D --directory=PATH Show journal files from directory\n"
217 " --file=PATH Show journal file\n"
218 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
220 " --interval=TIME Time interval for changing the FSS sealing key\n"
221 " --verify-key=KEY Specify FSS verification key\n"
222 " --force Force overriding of the FSS key pair with --setup-keys\n"
225 " -h --help Show this help text\n"
226 " --version Show package version\n"
227 " --new-id128 Generate a new 128-bit ID\n"
228 " --header Show journal header information\n"
229 " --disk-usage Show total disk usage of all journal files\n"
230 " -F --field=FIELD List all values that a specified field takes\n"
231 " --list-catalog Show message IDs of all entries in the message catalog\n"
232 " --dump-catalog Show entries in the message catalog\n"
233 " --update-catalog Update the message catalog database\n"
235 " --setup-keys Generate a new FSS key pair\n"
236 " --verify Verify journal file consistency\n"
238 , program_invocation_short_name);
241 static int parse_argv(int argc, char *argv[]) {
272 static const struct option options[] = {
273 { "help", no_argument, NULL, 'h' },
274 { "version" , no_argument, NULL, ARG_VERSION },
275 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
276 { "pager-end", no_argument, NULL, 'e' },
277 { "follow", no_argument, NULL, 'f' },
278 { "force", no_argument, NULL, ARG_FORCE },
279 { "output", required_argument, NULL, 'o' },
280 { "all", no_argument, NULL, 'a' },
281 { "full", no_argument, NULL, 'l' },
282 { "no-full", no_argument, NULL, ARG_NO_FULL },
283 { "lines", optional_argument, NULL, 'n' },
284 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
285 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
286 { "quiet", no_argument, NULL, 'q' },
287 { "merge", no_argument, NULL, 'm' },
288 { "boot", optional_argument, NULL, 'b' },
289 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
290 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
291 { "dmesg", no_argument, NULL, 'k' },
292 { "system", no_argument, NULL, ARG_SYSTEM },
293 { "user", no_argument, NULL, ARG_USER },
294 { "directory", required_argument, NULL, 'D' },
295 { "file", required_argument, NULL, ARG_FILE },
296 { "root", required_argument, NULL, ARG_ROOT },
297 { "header", no_argument, NULL, ARG_HEADER },
298 { "identifier", required_argument, NULL, 't' },
299 { "priority", required_argument, NULL, 'p' },
300 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
301 { "interval", required_argument, NULL, ARG_INTERVAL },
302 { "verify", no_argument, NULL, ARG_VERIFY },
303 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
304 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
305 { "cursor", required_argument, NULL, 'c' },
306 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
307 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
308 { "since", required_argument, NULL, ARG_SINCE },
309 { "until", required_argument, NULL, ARG_UNTIL },
310 { "unit", required_argument, NULL, 'u' },
311 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
312 { "field", required_argument, NULL, 'F' },
313 { "catalog", no_argument, NULL, 'x' },
314 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
315 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
316 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
317 { "reverse", no_argument, NULL, 'r' },
318 { "machine", required_argument, NULL, 'M' },
319 { "utc", no_argument, NULL, ARG_UTC },
328 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
337 puts(PACKAGE_STRING);
338 puts(SYSTEMD_FEATURES);
346 arg_pager_end = true;
348 if (arg_lines == ARG_LINES_DEFAULT)
358 arg_output = output_mode_from_string(optarg);
359 if (arg_output < 0) {
360 log_error("Unknown output format '%s'.", optarg);
364 if (arg_output == OUTPUT_EXPORT ||
365 arg_output == OUTPUT_JSON ||
366 arg_output == OUTPUT_JSON_PRETTY ||
367 arg_output == OUTPUT_JSON_SSE ||
368 arg_output == OUTPUT_CAT)
387 if (streq(optarg, "all"))
388 arg_lines = ARG_LINES_ALL;
390 r = safe_atoi(optarg, &arg_lines);
391 if (r < 0 || arg_lines < 0) {
392 log_error("Failed to parse lines '%s'", optarg);
399 /* Hmm, no argument? Maybe the next
400 * word on the command line is
401 * supposed to be the argument? Let's
402 * see if there is one, and is
406 if (streq(argv[optind], "all")) {
407 arg_lines = ARG_LINES_ALL;
409 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
423 arg_action = ACTION_NEW_ID128;
438 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
440 log_error("Failed to parse boot descriptor '%s'", optarg);
445 /* Hmm, no argument? Maybe the next
446 * word on the command line is
447 * supposed to be the argument? Let's
448 * see if there is one and is parsable
449 * as a boot descriptor... */
452 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
459 arg_action = ACTION_LIST_BOOTS;
463 arg_boot = arg_dmesg = true;
467 arg_journal_type |= SD_JOURNAL_SYSTEM;
471 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
475 arg_machine = optarg;
479 arg_directory = optarg;
483 r = glob_extend(&arg_file, optarg);
485 log_error("Failed to add paths: %s", strerror(-r));
498 case ARG_AFTER_CURSOR:
499 arg_after_cursor = optarg;
502 case ARG_SHOW_CURSOR:
503 arg_show_cursor = true;
507 arg_action = ACTION_PRINT_HEADER;
511 arg_action = ACTION_VERIFY;
515 arg_action = ACTION_DISK_USAGE;
524 arg_action = ACTION_SETUP_KEYS;
529 arg_action = ACTION_VERIFY;
530 arg_verify_key = optarg;
535 r = parse_sec(optarg, &arg_interval);
536 if (r < 0 || arg_interval <= 0) {
537 log_error("Failed to parse sealing key change interval: %s", optarg);
546 log_error("Forward-secure sealing not available.");
553 dots = strstr(optarg, "..");
559 a = strndup(optarg, dots - optarg);
563 from = log_level_from_string(a);
564 to = log_level_from_string(dots + 2);
567 if (from < 0 || to < 0) {
568 log_error("Failed to parse log level range %s", optarg);
575 for (i = from; i <= to; i++)
576 arg_priorities |= 1 << i;
578 for (i = to; i <= from; i++)
579 arg_priorities |= 1 << i;
585 p = log_level_from_string(optarg);
587 log_error("Unknown log level %s", optarg);
593 for (i = 0; i <= p; i++)
594 arg_priorities |= 1 << i;
601 r = parse_timestamp(optarg, &arg_since);
603 log_error("Failed to parse timestamp: %s", optarg);
606 arg_since_set = true;
610 r = parse_timestamp(optarg, &arg_until);
612 log_error("Failed to parse timestamp: %s", optarg);
615 arg_until_set = true;
619 r = strv_extend(&arg_syslog_identifier, optarg);
625 r = strv_extend(&arg_system_units, optarg);
631 r = strv_extend(&arg_user_units, optarg);
644 case ARG_LIST_CATALOG:
645 arg_action = ACTION_LIST_CATALOG;
648 case ARG_DUMP_CATALOG:
649 arg_action = ACTION_DUMP_CATALOG;
652 case ARG_UPDATE_CATALOG:
653 arg_action = ACTION_UPDATE_CATALOG;
668 assert_not_reached("Unhandled option");
671 if (arg_follow && !arg_no_tail && arg_lines == ARG_LINES_DEFAULT)
674 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
675 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
679 if (arg_since_set && arg_until_set && arg_since > arg_until) {
680 log_error("--since= must be before --until=.");
684 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
685 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
689 if (arg_follow && arg_reverse) {
690 log_error("Please specify either --reverse= or --follow=, not both.");
694 if (arg_action != ACTION_SHOW && optind < argc) {
695 log_error("Extraneous arguments starting with '%s'", argv[optind]);
702 static int generate_new_id128(void) {
707 r = sd_id128_randomize(&id);
709 log_error("Failed to generate ID: %s", strerror(-r));
713 printf("As string:\n"
714 SD_ID128_FORMAT_STR "\n\n"
716 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
718 "#define MESSAGE_XYZ SD_ID128_MAKE(",
719 SD_ID128_FORMAT_VAL(id),
720 SD_ID128_FORMAT_VAL(id));
721 for (i = 0; i < 16; i++)
722 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
723 fputs(")\n\n", stdout);
725 printf("As Python constant:\n"
727 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
728 SD_ID128_FORMAT_VAL(id));
733 static int add_matches(sd_journal *j, char **args) {
735 bool have_term = false;
739 STRV_FOREACH(i, args) {
742 if (streq(*i, "+")) {
745 r = sd_journal_add_disjunction(j);
748 } else if (path_is_absolute(*i)) {
749 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
751 _cleanup_free_ char *interpreter = NULL;
754 p = canonicalize_file_name(*i);
757 if (stat(path, &st) < 0) {
758 log_error("Couldn't stat file: %m");
762 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
763 if (executable_is_script(path, &interpreter) > 0) {
764 _cleanup_free_ char *comm;
766 comm = strndup(basename(path), 15);
770 t = strappend("_COMM=", comm);
772 /* Append _EXE only if the interpreter is not a link.
773 Otherwise, it might be outdated often. */
774 if (lstat(interpreter, &st) == 0 &&
775 !S_ISLNK(st.st_mode)) {
776 t2 = strappend("_EXE=", interpreter);
781 t = strappend("_EXE=", path);
782 } else if (S_ISCHR(st.st_mode)) {
783 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
785 minor(st.st_rdev)) < 0)
787 } else if (S_ISBLK(st.st_mode)) {
788 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
790 minor(st.st_rdev)) < 0)
793 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
800 r = sd_journal_add_match(j, t, 0);
802 r = sd_journal_add_match(j, t2, 0);
806 r = sd_journal_add_match(j, *i, 0);
811 log_error("Failed to add match '%s': %s", *i, strerror(-r));
816 if (!strv_isempty(args) && !have_term) {
817 log_error("\"+\" can only be used between terms");
824 static int boot_id_cmp(const void *a, const void *b) {
827 _a = ((const boot_id_t *)a)->first;
828 _b = ((const boot_id_t *)b)->first;
830 return _a < _b ? -1 : (_a > _b ? 1 : 0);
833 static int list_boots(sd_journal *j) {
836 unsigned int count = 0;
838 size_t length, allocated = 0;
840 _cleanup_free_ boot_id_t *all_ids = NULL;
842 r = sd_journal_query_unique(j, "_BOOT_ID");
846 pager_open_if_enabled();
848 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
849 assert(startswith(data, "_BOOT_ID="));
851 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
854 id = &all_ids[count];
856 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
860 r = sd_journal_add_match(j, data, length);
864 r = sd_journal_seek_head(j);
868 r = sd_journal_next(j);
874 r = sd_journal_get_realtime_usec(j, &id->first);
878 r = sd_journal_seek_tail(j);
882 r = sd_journal_previous(j);
888 r = sd_journal_get_realtime_usec(j, &id->last);
894 sd_journal_flush_matches(j);
897 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
899 /* numbers are one less, but we need an extra char for the sign */
900 w = DECIMAL_STR_WIDTH(count - 1) + 1;
902 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
903 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
905 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
907 SD_ID128_FORMAT_VAL(id->id),
908 format_timestamp_maybe_utc(a, sizeof(a), id->first),
909 format_timestamp_maybe_utc(b, sizeof(b), id->last));
915 static int get_relative_boot_id(sd_journal *j, sd_id128_t *boot_id, int relative) {
918 unsigned int count = 0;
919 size_t length, allocated = 0;
920 boot_id_t ref_boot_id = {SD_ID128_NULL}, *id;
921 _cleanup_free_ boot_id_t *all_ids = NULL;
926 r = sd_journal_query_unique(j, "_BOOT_ID");
930 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
931 if (length < strlen("_BOOT_ID="))
934 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
937 id = &all_ids[count];
939 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
943 r = sd_journal_add_match(j, data, length);
947 r = sd_journal_seek_head(j);
951 r = sd_journal_next(j);
957 r = sd_journal_get_realtime_usec(j, &id->first);
961 if (sd_id128_equal(id->id, *boot_id))
966 sd_journal_flush_matches(j);
969 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
971 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
972 if (relative > (int) count || relative <= -(int)count)
973 return -EADDRNOTAVAIL;
975 *boot_id = all_ids[(relative <= 0)*count + relative - 1].id;
977 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
980 relative <= 0 ? (id - all_ids) + relative < 0 :
981 (id - all_ids) + relative >= (int) count)
982 return -EADDRNOTAVAIL;
984 *boot_id = (id + relative)->id;
990 static int add_boot(sd_journal *j) {
991 char match[9+32+1] = "_BOOT_ID=";
999 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1000 return add_match_this_boot(j, arg_machine);
1002 r = get_relative_boot_id(j, &arg_boot_id, arg_boot_offset);
1004 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1005 log_error("Failed to look up boot %+i: %s", arg_boot_offset, strerror(-r));
1007 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1008 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1012 sd_id128_to_string(arg_boot_id, match + 9);
1014 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1016 log_error("Failed to add match: %s", strerror(-r));
1020 r = sd_journal_add_conjunction(j);
1027 static int add_dmesg(sd_journal *j) {
1034 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1036 log_error("Failed to add match: %s", strerror(-r));
1040 r = sd_journal_add_conjunction(j);
1047 static int get_possible_units(sd_journal *j,
1051 _cleanup_set_free_free_ Set *found;
1055 found = set_new(&string_hash_ops);
1059 NULSTR_FOREACH(field, fields) {
1063 r = sd_journal_query_unique(j, field);
1067 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1068 char **pattern, *eq;
1070 _cleanup_free_ char *u = NULL;
1072 eq = memchr(data, '=', size);
1074 prefix = eq - (char*) data + 1;
1078 u = strndup((char*) data + prefix, size - prefix);
1082 STRV_FOREACH(pattern, patterns)
1083 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1084 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1086 r = set_consume(found, u);
1088 if (r < 0 && r != -EEXIST)
1101 /* This list is supposed to return the superset of unit names
1102 * possibly matched by rules added with add_matches_for_unit... */
1103 #define SYSTEM_UNITS \
1107 "OBJECT_SYSTEMD_UNIT\0" \
1110 /* ... and add_matches_for_user_unit */
1111 #define USER_UNITS \
1112 "_SYSTEMD_USER_UNIT\0" \
1114 "COREDUMP_USER_UNIT\0" \
1115 "OBJECT_SYSTEMD_USER_UNIT\0"
1117 static int add_units(sd_journal *j) {
1118 _cleanup_strv_free_ char **patterns = NULL;
1124 STRV_FOREACH(i, arg_system_units) {
1125 _cleanup_free_ char *u = NULL;
1127 u = unit_name_mangle(*i, MANGLE_GLOB);
1131 if (string_is_glob(u)) {
1132 r = strv_push(&patterns, u);
1137 r = add_matches_for_unit(j, u);
1140 r = sd_journal_add_disjunction(j);
1147 if (!strv_isempty(patterns)) {
1148 _cleanup_set_free_free_ Set *units = NULL;
1152 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1156 SET_FOREACH(u, units, it) {
1157 r = add_matches_for_unit(j, u);
1160 r = sd_journal_add_disjunction(j);
1167 strv_free(patterns);
1170 STRV_FOREACH(i, arg_user_units) {
1171 _cleanup_free_ char *u = NULL;
1173 u = unit_name_mangle(*i, MANGLE_GLOB);
1177 if (string_is_glob(u)) {
1178 r = strv_push(&patterns, u);
1183 r = add_matches_for_user_unit(j, u, getuid());
1186 r = sd_journal_add_disjunction(j);
1193 if (!strv_isempty(patterns)) {
1194 _cleanup_set_free_free_ Set *units = NULL;
1198 r = get_possible_units(j, USER_UNITS, patterns, &units);
1202 SET_FOREACH(u, units, it) {
1203 r = add_matches_for_user_unit(j, u, getuid());
1206 r = sd_journal_add_disjunction(j);
1213 /* Complain if the user request matches but nothing whatsoever was
1214 * found, since otherwise everything would be matched. */
1215 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1218 r = sd_journal_add_conjunction(j);
1225 static int add_priorities(sd_journal *j) {
1226 char match[] = "PRIORITY=0";
1230 if (arg_priorities == 0xFF)
1233 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1234 if (arg_priorities & (1 << i)) {
1235 match[sizeof(match)-2] = '0' + i;
1237 r = sd_journal_add_match(j, match, strlen(match));
1239 log_error("Failed to add match: %s", strerror(-r));
1244 r = sd_journal_add_conjunction(j);
1252 static int add_syslog_identifier(sd_journal *j) {
1258 STRV_FOREACH(i, arg_syslog_identifier) {
1261 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1262 r = sd_journal_add_match(j, u, 0);
1265 r = sd_journal_add_disjunction(j);
1270 r = sd_journal_add_conjunction(j);
1277 static int setup_keys(void) {
1279 size_t mpk_size, seed_size, state_size, i;
1280 uint8_t *mpk, *seed, *state;
1282 int fd = -1, r, attr = 0;
1283 sd_id128_t machine, boot;
1284 char *p = NULL, *k = NULL;
1289 r = stat("/var/log/journal", &st);
1290 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
1291 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
1295 if (r < 0 || !S_ISDIR(st.st_mode)) {
1296 log_error("%s is not a directory, must be using persistent logging for FSS.",
1297 "/var/log/journal");
1298 return r < 0 ? -errno : -ENOTDIR;
1301 r = sd_id128_get_machine(&machine);
1303 log_error("Failed to get machine ID: %s", strerror(-r));
1307 r = sd_id128_get_boot(&boot);
1309 log_error("Failed to get boot ID: %s", strerror(-r));
1313 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1314 SD_ID128_FORMAT_VAL(machine)) < 0)
1317 if (access(p, F_OK) >= 0) {
1321 log_error("unlink(\"%s\") failed: %m", p);
1326 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1332 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1333 SD_ID128_FORMAT_VAL(machine)) < 0) {
1338 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1339 mpk = alloca(mpk_size);
1341 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1342 seed = alloca(seed_size);
1344 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1345 state = alloca(state_size);
1347 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1349 log_error("Failed to open /dev/random: %m");
1354 log_info("Generating seed...");
1355 l = loop_read(fd, seed, seed_size, true);
1356 if (l < 0 || (size_t) l != seed_size) {
1357 log_error("Failed to read random seed: %s", strerror(EIO));
1362 log_info("Generating key pair...");
1363 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1365 log_info("Generating sealing key...");
1366 FSPRG_GenState0(state, mpk, seed, seed_size);
1368 assert(arg_interval > 0);
1370 n = now(CLOCK_REALTIME);
1374 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1376 log_error("Failed to open %s: %m", k);
1381 /* Enable secure remove, exclusion from dump, synchronous
1382 * writing and in-place updating */
1383 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1384 log_warning("FS_IOC_GETFLAGS failed: %m");
1386 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1388 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1389 log_warning("FS_IOC_SETFLAGS failed: %m");
1392 memcpy(h.signature, "KSHHRHLP", 8);
1393 h.machine_id = machine;
1395 h.header_size = htole64(sizeof(h));
1396 h.start_usec = htole64(n * arg_interval);
1397 h.interval_usec = htole64(arg_interval);
1398 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1399 h.fsprg_state_size = htole64(state_size);
1401 l = loop_write(fd, &h, sizeof(h), false);
1402 if (l < 0 || (size_t) l != sizeof(h)) {
1403 log_error("Failed to write header: %s", strerror(EIO));
1408 l = loop_write(fd, state, state_size, false);
1409 if (l < 0 || (size_t) l != state_size) {
1410 log_error("Failed to write state: %s", strerror(EIO));
1415 if (link(k, p) < 0) {
1416 log_error("Failed to link file: %m");
1424 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1425 "the following local file. This key file is automatically updated when the\n"
1426 "sealing key is advanced. It should not be used on multiple hosts.\n"
1430 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1431 "at a safe location and should not be saved locally on disk.\n"
1432 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1435 for (i = 0; i < seed_size; i++) {
1436 if (i > 0 && i % 3 == 0)
1438 printf("%02x", ((uint8_t*) seed)[i]);
1441 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1444 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1447 ANSI_HIGHLIGHT_OFF "\n"
1448 "The sealing key is automatically changed every %s.\n",
1449 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1451 hn = gethostname_malloc();
1454 hostname_cleanup(hn, false);
1455 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1457 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1459 #ifdef HAVE_QRENCODE
1460 /* If this is not an UTF-8 system don't print any QR codes */
1461 if (is_locale_utf8()) {
1462 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1463 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1483 log_error("Forward-secure sealing not available.");
1488 static int verify(sd_journal *j) {
1495 log_show_color(true);
1497 HASHMAP_FOREACH(f, j->files, i) {
1499 usec_t first, validated, last;
1502 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1503 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1506 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1508 /* If the key was invalid give up right-away. */
1511 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1514 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1515 log_info("PASS: %s", f->path);
1517 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1518 if (validated > 0) {
1519 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1520 format_timestamp_maybe_utc(a, sizeof(a), first),
1521 format_timestamp_maybe_utc(b, sizeof(b), validated),
1522 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1523 } else if (last > 0)
1524 log_info("=> No sealing yet, %s of entries not sealed.",
1525 format_timespan(c, sizeof(c), last - first, 0));
1527 log_info("=> No sealing yet, no entries in file.");
1536 static int access_check_var_log_journal(sd_journal *j) {
1537 _cleanup_strv_free_ char **g = NULL;
1543 have_access = in_group("systemd-journal") > 0;
1546 /* Let's enumerate all groups from the default ACL of
1547 * the directory, which generally should allow access
1548 * to most journal files too */
1549 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1556 if (strv_isempty(g))
1557 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1558 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1559 " turn off this notice.");
1561 _cleanup_free_ char *s = NULL;
1563 r = strv_extend(&g, "systemd-journal");
1570 s = strv_join(g, "', '");
1574 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1575 " Users in the groups '%s' can see all messages.\n"
1576 " Pass -q to turn off this notice.", s);
1584 static int access_check(sd_journal *j) {
1591 if (set_isempty(j->errors)) {
1592 if (hashmap_isempty(j->files))
1593 log_notice("No journal files were found.");
1597 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1599 /* If /var/log/journal doesn't even exist,
1600 * unprivileged users have no access at all */
1601 if (access("/var/log/journal", F_OK) < 0 &&
1603 in_group("systemd-journal") <= 0) {
1604 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1605 "enabled. Users in the 'systemd-journal' group may always access messages.");
1609 /* If /var/log/journal exists, try to pring a nice
1610 notice if the user lacks access to it */
1611 if (!arg_quiet && geteuid() != 0) {
1612 r = access_check_var_log_journal(j);
1617 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1618 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1619 "group may access messages.");
1624 if (hashmap_isempty(j->files)) {
1625 log_error("No journal files were opened due to insufficient permissions.");
1630 SET_FOREACH(code, j->errors, it) {
1633 err = -PTR_TO_INT(code);
1637 log_warning("Error was encountered while opening journal files: %s",
1644 int main(int argc, char *argv[]) {
1646 _cleanup_journal_close_ sd_journal *j = NULL;
1647 bool need_seek = false;
1648 sd_id128_t previous_boot_id;
1649 bool previous_boot_id_valid = false, first_line = true;
1651 bool ellipsized = false;
1653 setlocale(LC_ALL, "");
1654 log_parse_environment();
1657 r = parse_argv(argc, argv);
1661 signal(SIGWINCH, columns_lines_cache_reset);
1663 if (arg_action == ACTION_NEW_ID128) {
1664 r = generate_new_id128();
1668 if (arg_action == ACTION_SETUP_KEYS) {
1673 if (arg_action == ACTION_UPDATE_CATALOG ||
1674 arg_action == ACTION_LIST_CATALOG ||
1675 arg_action == ACTION_DUMP_CATALOG) {
1677 _cleanup_free_ char *database;
1679 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1685 if (arg_action == ACTION_UPDATE_CATALOG) {
1686 r = catalog_update(database, arg_root, catalog_file_dirs);
1688 log_error("Failed to list catalog: %s", strerror(-r));
1690 bool oneline = arg_action == ACTION_LIST_CATALOG;
1693 r = catalog_list_items(stdout, database,
1694 oneline, argv + optind);
1696 r = catalog_list(stdout, database, oneline);
1698 log_error("Failed to list catalog: %s", strerror(-r));
1705 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1707 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1708 else if (arg_machine)
1709 r = sd_journal_open_container(&j, arg_machine, 0);
1711 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1713 log_error("Failed to open %s: %s",
1714 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1716 return EXIT_FAILURE;
1719 r = access_check(j);
1721 return EXIT_FAILURE;
1723 if (arg_action == ACTION_VERIFY) {
1728 if (arg_action == ACTION_PRINT_HEADER) {
1729 journal_print_header(j);
1730 return EXIT_SUCCESS;
1733 if (arg_action == ACTION_DISK_USAGE) {
1735 char sbytes[FORMAT_BYTES_MAX];
1737 r = sd_journal_get_usage(j, &bytes);
1739 return EXIT_FAILURE;
1741 printf("Journals take up %s on disk.\n",
1742 format_bytes(sbytes, sizeof(sbytes), bytes));
1743 return EXIT_SUCCESS;
1746 if (arg_action == ACTION_LIST_BOOTS) {
1751 /* add_boot() must be called first!
1752 * It may need to seek the journal to find parent boot IDs. */
1755 return EXIT_FAILURE;
1759 return EXIT_FAILURE;
1762 strv_free(arg_system_units);
1763 strv_free(arg_user_units);
1766 log_error("Failed to add filter for units: %s", strerror(-r));
1767 return EXIT_FAILURE;
1770 r = add_syslog_identifier(j);
1772 log_error("Failed to add filter for syslog identifiers: %s", strerror(-r));
1773 return EXIT_FAILURE;
1776 r = add_priorities(j);
1778 log_error("Failed to add filter for priorities: %s", strerror(-r));
1779 return EXIT_FAILURE;
1782 r = add_matches(j, argv + optind);
1784 log_error("Failed to add filters: %s", strerror(-r));
1785 return EXIT_FAILURE;
1788 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1789 _cleanup_free_ char *filter;
1791 filter = journal_make_match_string(j);
1792 log_debug("Journal filter: %s", filter);
1799 r = sd_journal_set_data_threshold(j, 0);
1801 log_error("Failed to unset data size threshold");
1802 return EXIT_FAILURE;
1805 r = sd_journal_query_unique(j, arg_field);
1807 log_error("Failed to query unique data objects: %s", strerror(-r));
1808 return EXIT_FAILURE;
1811 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1814 if (arg_lines >= 0 && n_shown >= arg_lines)
1817 eq = memchr(data, '=', size);
1819 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1821 printf("%.*s\n", (int) size, (const char*) data);
1826 return EXIT_SUCCESS;
1829 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1831 r = sd_journal_get_fd(j);
1833 return EXIT_FAILURE;
1836 if (arg_cursor || arg_after_cursor) {
1837 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1839 log_error("Failed to seek to cursor: %s", strerror(-r));
1840 return EXIT_FAILURE;
1843 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1845 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1847 if (arg_after_cursor && r < 2 && !arg_follow)
1848 /* We couldn't find the next entry after the cursor. */
1851 } else if (arg_since_set && !arg_reverse) {
1852 r = sd_journal_seek_realtime_usec(j, arg_since);
1854 log_error("Failed to seek to date: %s", strerror(-r));
1855 return EXIT_FAILURE;
1857 r = sd_journal_next(j);
1859 } else if (arg_until_set && arg_reverse) {
1860 r = sd_journal_seek_realtime_usec(j, arg_until);
1862 log_error("Failed to seek to date: %s", strerror(-r));
1863 return EXIT_FAILURE;
1865 r = sd_journal_previous(j);
1867 } else if (arg_lines >= 0) {
1868 r = sd_journal_seek_tail(j);
1870 log_error("Failed to seek to tail: %s", strerror(-r));
1871 return EXIT_FAILURE;
1874 r = sd_journal_previous_skip(j, arg_lines);
1876 } else if (arg_reverse) {
1877 r = sd_journal_seek_tail(j);
1879 log_error("Failed to seek to tail: %s", strerror(-r));
1880 return EXIT_FAILURE;
1883 r = sd_journal_previous(j);
1886 r = sd_journal_seek_head(j);
1888 log_error("Failed to seek to head: %s", strerror(-r));
1889 return EXIT_FAILURE;
1892 r = sd_journal_next(j);
1896 log_error("Failed to iterate through journal: %s", strerror(-r));
1897 return EXIT_FAILURE;
1901 pager_open_if_enabled();
1905 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1907 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1909 log_error("Failed to get cutoff: %s", strerror(-r));
1915 printf("-- Logs begin at %s. --\n",
1916 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
1918 printf("-- Logs begin at %s, end at %s. --\n",
1919 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
1920 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
1925 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
1930 r = sd_journal_next(j);
1932 r = sd_journal_previous(j);
1934 log_error("Failed to iterate through journal: %s", strerror(-r));
1941 if (arg_until_set && !arg_reverse) {
1944 r = sd_journal_get_realtime_usec(j, &usec);
1946 log_error("Failed to determine timestamp: %s", strerror(-r));
1949 if (usec > arg_until)
1953 if (arg_since_set && arg_reverse) {
1956 r = sd_journal_get_realtime_usec(j, &usec);
1958 log_error("Failed to determine timestamp: %s", strerror(-r));
1961 if (usec < arg_since)
1965 if (!arg_merge && !arg_quiet) {
1968 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1970 if (previous_boot_id_valid &&
1971 !sd_id128_equal(boot_id, previous_boot_id))
1972 printf("%s-- Reboot --%s\n",
1973 ansi_highlight(), ansi_highlight_off());
1975 previous_boot_id = boot_id;
1976 previous_boot_id_valid = true;
1981 arg_all * OUTPUT_SHOW_ALL |
1982 arg_full * OUTPUT_FULL_WIDTH |
1983 on_tty() * OUTPUT_COLOR |
1984 arg_catalog * OUTPUT_CATALOG |
1985 arg_utc * OUTPUT_UTC;
1987 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
1989 if (r == -EADDRNOTAVAIL)
1991 else if (r < 0 || ferror(stdout))
1998 if (arg_show_cursor) {
1999 _cleanup_free_ char *cursor = NULL;
2001 r = sd_journal_get_cursor(j, &cursor);
2002 if (r < 0 && r != -EADDRNOTAVAIL)
2003 log_error("Failed to get cursor: %s", strerror(-r));
2005 printf("-- cursor: %s\n", cursor);
2011 r = sd_journal_wait(j, (uint64_t) -1);
2013 log_error("Couldn't wait for journal event: %s", strerror(-r));
2023 strv_free(arg_file);
2025 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;