1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/ioctl.h>
43 #include "systemd/sd-journal.h"
46 #include "logs-show.h"
48 #include "path-util.h"
54 #include "journal-internal.h"
55 #include "journal-def.h"
56 #include "journal-verify.h"
57 #include "journal-authenticate.h"
58 #include "journal-qrcode.h"
60 #include "unit-name.h"
63 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
65 static OutputMode arg_output = OUTPUT_SHORT;
66 static bool arg_pager_end = false;
67 static bool arg_follow = false;
68 static bool arg_full = true;
69 static bool arg_all = false;
70 static bool arg_no_pager = false;
71 static int arg_lines = -1;
72 static bool arg_no_tail = false;
73 static bool arg_quiet = false;
74 static bool arg_merge = false;
75 static bool arg_boot = false;
76 static sd_id128_t arg_boot_id = {};
77 static int arg_boot_offset = 0;
78 static bool arg_dmesg = false;
79 static const char *arg_cursor = NULL;
80 static const char *arg_after_cursor = NULL;
81 static bool arg_show_cursor = false;
82 static const char *arg_directory = NULL;
83 static char **arg_file = NULL;
84 static int arg_priorities = 0xFF;
85 static const char *arg_verify_key = NULL;
87 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
88 static bool arg_force = false;
90 static usec_t arg_since, arg_until;
91 static bool arg_since_set = false, arg_until_set = false;
92 static char **arg_syslog_identifier = NULL;
93 static char **arg_system_units = NULL;
94 static char **arg_user_units = NULL;
95 static const char *arg_field = NULL;
96 static bool arg_catalog = false;
97 static bool arg_reverse = false;
98 static int arg_journal_type = 0;
99 static const char *arg_root = NULL;
100 static const char *arg_machine = NULL;
111 ACTION_UPDATE_CATALOG,
113 } arg_action = ACTION_SHOW;
115 typedef struct boot_id_t {
121 static void pager_open_if_enabled(void) {
126 pager_open(arg_pager_end);
129 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
130 sd_id128_t id = SD_ID128_NULL;
133 if (strlen(x) >= 32) {
137 r = sd_id128_from_string(t, &id);
141 if (*x != '-' && *x != '+' && *x != 0)
145 r = safe_atoi(x, &off);
150 r = safe_atoi(x, &off);
164 static void help(void) {
166 pager_open_if_enabled();
168 printf("%s [OPTIONS...] [MATCHES...]\n\n"
169 "Query the journal.\n\n"
171 " --system Show the system journal\n"
172 " --user Show the user journal for the current user\n"
173 " -M --machine=CONTAINER Operate on local container\n"
174 " --since=DATE Start showing entries on or newer than the specified date\n"
175 " --until=DATE Stop showing entries on or older than the specified date\n"
176 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
177 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
178 " --show-cursor Print the cursor after all the entries\n"
179 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
180 " --list-boots Show terse information about recorded boots\n"
181 " -k --dmesg Show kernel message log from the current boot\n"
182 " -u --unit=UNIT Show data only from the specified unit\n"
183 " --user-unit=UNIT Show data only from the specified user session unit\n"
184 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
185 " -p --priority=RANGE Show only messages within the specified priority range\n"
186 " -e --pager-end Immediately jump to end of the journal in the pager\n"
187 " -f --follow Follow the journal\n"
188 " -n --lines[=INTEGER] Number of journal entries to show\n"
189 " --no-tail Show all lines, even in follow mode\n"
190 " -r --reverse Show the newest entries first\n"
191 " -o --output=STRING Change journal output mode (short, short-iso,\n"
192 " short-precise, short-monotonic, verbose,\n"
193 " export, json, json-pretty, json-sse, cat)\n"
194 " -x --catalog Add message explanations where available\n"
195 " --no-full Ellipsize fields\n"
196 " -a --all Show all fields, including long and unprintable\n"
197 " -q --quiet Do not show privilege warning\n"
198 " --no-pager Do not pipe output into a pager\n"
199 " -m --merge Show entries from all available journals\n"
200 " -D --directory=PATH Show journal files from directory\n"
201 " --file=PATH Show journal file\n"
202 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
204 " --interval=TIME Time interval for changing the FSS sealing key\n"
205 " --verify-key=KEY Specify FSS verification key\n"
206 " --force Force overriding of the FSS key pair with --setup-keys\n"
209 " -h --help Show this help text\n"
210 " --version Show package version\n"
211 " --new-id128 Generate a new 128-bit ID\n"
212 " --header Show journal header information\n"
213 " --disk-usage Show total disk usage of all journal files\n"
214 " -F --field=FIELD List all values that a specified field takes\n"
215 " --list-catalog Show message IDs of all entries in the message catalog\n"
216 " --dump-catalog Show entries in the message catalog\n"
217 " --update-catalog Update the message catalog database\n"
219 " --setup-keys Generate a new FSS key pair\n"
220 " --verify Verify journal file consistency\n"
222 , program_invocation_short_name);
225 static int parse_argv(int argc, char *argv[]) {
255 static const struct option options[] = {
256 { "help", no_argument, NULL, 'h' },
257 { "version" , no_argument, NULL, ARG_VERSION },
258 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
259 { "pager-end", no_argument, NULL, 'e' },
260 { "follow", no_argument, NULL, 'f' },
261 { "force", no_argument, NULL, ARG_FORCE },
262 { "output", required_argument, NULL, 'o' },
263 { "all", no_argument, NULL, 'a' },
264 { "full", no_argument, NULL, 'l' },
265 { "no-full", no_argument, NULL, ARG_NO_FULL },
266 { "lines", optional_argument, NULL, 'n' },
267 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
268 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
269 { "quiet", no_argument, NULL, 'q' },
270 { "merge", no_argument, NULL, 'm' },
271 { "boot", optional_argument, NULL, 'b' },
272 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
273 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
274 { "dmesg", no_argument, NULL, 'k' },
275 { "system", no_argument, NULL, ARG_SYSTEM },
276 { "user", no_argument, NULL, ARG_USER },
277 { "directory", required_argument, NULL, 'D' },
278 { "file", required_argument, NULL, ARG_FILE },
279 { "root", required_argument, NULL, ARG_ROOT },
280 { "header", no_argument, NULL, ARG_HEADER },
281 { "identifier", required_argument, NULL, 't' },
282 { "priority", required_argument, NULL, 'p' },
283 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
284 { "interval", required_argument, NULL, ARG_INTERVAL },
285 { "verify", no_argument, NULL, ARG_VERIFY },
286 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
287 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
288 { "cursor", required_argument, NULL, 'c' },
289 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
290 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
291 { "since", required_argument, NULL, ARG_SINCE },
292 { "until", required_argument, NULL, ARG_UNTIL },
293 { "unit", required_argument, NULL, 'u' },
294 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
295 { "field", required_argument, NULL, 'F' },
296 { "catalog", no_argument, NULL, 'x' },
297 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
298 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
299 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
300 { "reverse", no_argument, NULL, 'r' },
301 { "machine", required_argument, NULL, 'M' },
310 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
319 puts(PACKAGE_STRING);
320 puts(SYSTEMD_FEATURES);
328 arg_pager_end = true;
340 arg_output = output_mode_from_string(optarg);
341 if (arg_output < 0) {
342 log_error("Unknown output format '%s'.", optarg);
346 if (arg_output == OUTPUT_EXPORT ||
347 arg_output == OUTPUT_JSON ||
348 arg_output == OUTPUT_JSON_PRETTY ||
349 arg_output == OUTPUT_JSON_SSE ||
350 arg_output == OUTPUT_CAT)
369 r = safe_atoi(optarg, &arg_lines);
370 if (r < 0 || arg_lines < 0) {
371 log_error("Failed to parse lines '%s'", optarg);
377 /* Hmm, no argument? Maybe the next
378 * word on the command line is
379 * supposed to be the argument? Let's
380 * see if there is one, and is
381 * parsable as a positive
385 safe_atoi(argv[optind], &n) >= 0 &&
401 arg_action = ACTION_NEW_ID128;
416 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
418 log_error("Failed to parse boot descriptor '%s'", optarg);
423 /* Hmm, no argument? Maybe the next
424 * word on the command line is
425 * supposed to be the argument? Let's
426 * see if there is one and is parsable
427 * as a boot descriptor... */
430 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
437 arg_action = ACTION_LIST_BOOTS;
441 arg_boot = arg_dmesg = true;
445 arg_journal_type |= SD_JOURNAL_SYSTEM;
449 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
453 arg_machine = optarg;
457 arg_directory = optarg;
461 r = glob_extend(&arg_file, optarg);
463 log_error("Failed to add paths: %s", strerror(-r));
476 case ARG_AFTER_CURSOR:
477 arg_after_cursor = optarg;
480 case ARG_SHOW_CURSOR:
481 arg_show_cursor = true;
485 arg_action = ACTION_PRINT_HEADER;
489 arg_action = ACTION_VERIFY;
493 arg_action = ACTION_DISK_USAGE;
502 arg_action = ACTION_SETUP_KEYS;
507 arg_action = ACTION_VERIFY;
508 arg_verify_key = optarg;
513 r = parse_sec(optarg, &arg_interval);
514 if (r < 0 || arg_interval <= 0) {
515 log_error("Failed to parse sealing key change interval: %s", optarg);
524 log_error("Forward-secure sealing not available.");
531 dots = strstr(optarg, "..");
537 a = strndup(optarg, dots - optarg);
541 from = log_level_from_string(a);
542 to = log_level_from_string(dots + 2);
545 if (from < 0 || to < 0) {
546 log_error("Failed to parse log level range %s", optarg);
553 for (i = from; i <= to; i++)
554 arg_priorities |= 1 << i;
556 for (i = to; i <= from; i++)
557 arg_priorities |= 1 << i;
563 p = log_level_from_string(optarg);
565 log_error("Unknown log level %s", optarg);
571 for (i = 0; i <= p; i++)
572 arg_priorities |= 1 << i;
579 r = parse_timestamp(optarg, &arg_since);
581 log_error("Failed to parse timestamp: %s", optarg);
584 arg_since_set = true;
588 r = parse_timestamp(optarg, &arg_until);
590 log_error("Failed to parse timestamp: %s", optarg);
593 arg_until_set = true;
597 r = strv_extend(&arg_syslog_identifier, optarg);
603 r = strv_extend(&arg_system_units, optarg);
609 r = strv_extend(&arg_user_units, optarg);
622 case ARG_LIST_CATALOG:
623 arg_action = ACTION_LIST_CATALOG;
626 case ARG_DUMP_CATALOG:
627 arg_action = ACTION_DUMP_CATALOG;
630 case ARG_UPDATE_CATALOG:
631 arg_action = ACTION_UPDATE_CATALOG;
642 assert_not_reached("Unhandled option");
645 if (arg_follow && !arg_no_tail && arg_lines < 0)
648 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
649 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
653 if (arg_since_set && arg_until_set && arg_since > arg_until) {
654 log_error("--since= must be before --until=.");
658 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
659 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
663 if (arg_follow && arg_reverse) {
664 log_error("Please specify either --reverse= or --follow=, not both.");
668 if (arg_action != ACTION_SHOW && optind < argc) {
669 log_error("Extraneous arguments starting with '%s'", argv[optind]);
676 static int generate_new_id128(void) {
681 r = sd_id128_randomize(&id);
683 log_error("Failed to generate ID: %s", strerror(-r));
687 printf("As string:\n"
688 SD_ID128_FORMAT_STR "\n\n"
690 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
692 "#define MESSAGE_XYZ SD_ID128_MAKE(",
693 SD_ID128_FORMAT_VAL(id),
694 SD_ID128_FORMAT_VAL(id));
695 for (i = 0; i < 16; i++)
696 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
697 fputs(")\n\n", stdout);
699 printf("As Python constant:\n"
701 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
702 SD_ID128_FORMAT_VAL(id));
707 static int add_matches(sd_journal *j, char **args) {
709 bool have_term = false;
713 STRV_FOREACH(i, args) {
716 if (streq(*i, "+")) {
719 r = sd_journal_add_disjunction(j);
722 } else if (path_is_absolute(*i)) {
723 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
725 _cleanup_free_ char *interpreter = NULL;
728 p = canonicalize_file_name(*i);
731 if (stat(path, &st) < 0) {
732 log_error("Couldn't stat file: %m");
736 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
737 if (executable_is_script(path, &interpreter) > 0) {
738 _cleanup_free_ char *comm;
740 comm = strndup(basename(path), 15);
744 t = strappend("_COMM=", comm);
746 /* Append _EXE only if the interpreter is not a link.
747 Otherwise, it might be outdated often. */
748 if (lstat(interpreter, &st) == 0 &&
749 !S_ISLNK(st.st_mode)) {
750 t2 = strappend("_EXE=", interpreter);
755 t = strappend("_EXE=", path);
756 } else if (S_ISCHR(st.st_mode)) {
757 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
759 minor(st.st_rdev)) < 0)
761 } else if (S_ISBLK(st.st_mode)) {
762 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
764 minor(st.st_rdev)) < 0)
767 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
774 r = sd_journal_add_match(j, t, 0);
776 r = sd_journal_add_match(j, t2, 0);
780 r = sd_journal_add_match(j, *i, 0);
785 log_error("Failed to add match '%s': %s", *i, strerror(-r));
790 if (!strv_isempty(args) && !have_term) {
791 log_error("\"+\" can only be used between terms");
798 static int boot_id_cmp(const void *a, const void *b) {
801 _a = ((const boot_id_t *)a)->first;
802 _b = ((const boot_id_t *)b)->first;
804 return _a < _b ? -1 : (_a > _b ? 1 : 0);
807 static int list_boots(sd_journal *j) {
810 unsigned int count = 0;
812 size_t length, allocated = 0;
814 _cleanup_free_ boot_id_t *all_ids = NULL;
816 r = sd_journal_query_unique(j, "_BOOT_ID");
820 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
821 if (length < strlen("_BOOT_ID="))
824 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
827 id = &all_ids[count];
829 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
833 r = sd_journal_add_match(j, data, length);
837 r = sd_journal_seek_head(j);
841 r = sd_journal_next(j);
847 r = sd_journal_get_realtime_usec(j, &id->first);
851 r = sd_journal_seek_tail(j);
855 r = sd_journal_previous(j);
861 r = sd_journal_get_realtime_usec(j, &id->last);
867 sd_journal_flush_matches(j);
870 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
872 /* numbers are one less, but we need an extra char for the sign */
873 w = DECIMAL_STR_WIDTH(count - 1) + 1;
875 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
876 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
878 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
880 SD_ID128_FORMAT_VAL(id->id),
881 format_timestamp(a, sizeof(a), id->first),
882 format_timestamp(b, sizeof(b), id->last));
888 static int get_relative_boot_id(sd_journal *j, sd_id128_t *boot_id, int relative) {
891 unsigned int count = 0;
892 size_t length, allocated = 0;
893 boot_id_t ref_boot_id = {SD_ID128_NULL}, *id;
894 _cleanup_free_ boot_id_t *all_ids = NULL;
899 r = sd_journal_query_unique(j, "_BOOT_ID");
903 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
904 if (length < strlen("_BOOT_ID="))
907 if (!GREEDY_REALLOC(all_ids, allocated, count + 1))
910 id = &all_ids[count];
912 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
916 r = sd_journal_add_match(j, data, length);
920 r = sd_journal_seek_head(j);
924 r = sd_journal_next(j);
930 r = sd_journal_get_realtime_usec(j, &id->first);
934 if (sd_id128_equal(id->id, *boot_id))
939 sd_journal_flush_matches(j);
942 qsort_safe(all_ids, count, sizeof(boot_id_t), boot_id_cmp);
944 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
945 if (relative > (int) count || relative <= -(int)count)
946 return -EADDRNOTAVAIL;
948 *boot_id = all_ids[(relative <= 0)*count + relative - 1].id;
950 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
953 relative <= 0 ? (id - all_ids) + relative < 0 :
954 (id - all_ids) + relative >= (int) count)
955 return -EADDRNOTAVAIL;
957 *boot_id = (id + relative)->id;
963 static int add_boot(sd_journal *j) {
964 char match[9+32+1] = "_BOOT_ID=";
972 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
973 return add_match_this_boot(j, arg_machine);
975 r = get_relative_boot_id(j, &arg_boot_id, arg_boot_offset);
977 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
978 log_error("Failed to look up boot %+i: %s", arg_boot_offset, strerror(-r));
980 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
981 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
985 sd_id128_to_string(arg_boot_id, match + 9);
987 r = sd_journal_add_match(j, match, sizeof(match) - 1);
989 log_error("Failed to add match: %s", strerror(-r));
993 r = sd_journal_add_conjunction(j);
1000 static int add_dmesg(sd_journal *j) {
1007 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1009 log_error("Failed to add match: %s", strerror(-r));
1013 r = sd_journal_add_conjunction(j);
1020 static int get_possible_units(sd_journal *j,
1024 _cleanup_set_free_free_ Set *found;
1028 found = set_new(string_hash_func, string_compare_func);
1032 NULSTR_FOREACH(field, fields) {
1036 r = sd_journal_query_unique(j, field);
1040 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1041 char **pattern, *eq;
1043 _cleanup_free_ char *u = NULL;
1045 eq = memchr(data, '=', size);
1047 prefix = eq - (char*) data + 1;
1051 u = strndup((char*) data + prefix, size - prefix);
1055 STRV_FOREACH(pattern, patterns)
1056 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1057 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1059 r = set_consume(found, u);
1061 if (r < 0 && r != -EEXIST)
1074 /* This list is supposed to return the superset of unit names
1075 * possibly matched by rules added with add_matches_for_unit... */
1076 #define SYSTEM_UNITS \
1080 "OBJECT_SYSTEMD_UNIT\0" \
1083 /* ... and add_matches_for_user_unit */
1084 #define USER_UNITS \
1085 "_SYSTEMD_USER_UNIT\0" \
1087 "COREDUMP_USER_UNIT\0" \
1088 "OBJECT_SYSTEMD_USER_UNIT\0"
1090 static int add_units(sd_journal *j) {
1091 _cleanup_strv_free_ char **patterns = NULL;
1097 STRV_FOREACH(i, arg_system_units) {
1098 _cleanup_free_ char *u = NULL;
1100 u = unit_name_mangle(*i, MANGLE_GLOB);
1104 if (string_is_glob(u)) {
1105 r = strv_push(&patterns, u);
1110 r = add_matches_for_unit(j, u);
1113 r = sd_journal_add_disjunction(j);
1120 if (!strv_isempty(patterns)) {
1121 _cleanup_set_free_free_ Set *units = NULL;
1125 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1129 SET_FOREACH(u, units, it) {
1130 r = add_matches_for_unit(j, u);
1133 r = sd_journal_add_disjunction(j);
1140 strv_free(patterns);
1143 STRV_FOREACH(i, arg_user_units) {
1144 _cleanup_free_ char *u = NULL;
1146 u = unit_name_mangle(*i, MANGLE_GLOB);
1150 if (string_is_glob(u)) {
1151 r = strv_push(&patterns, u);
1156 r = add_matches_for_user_unit(j, u, getuid());
1159 r = sd_journal_add_disjunction(j);
1166 if (!strv_isempty(patterns)) {
1167 _cleanup_set_free_free_ Set *units = NULL;
1171 r = get_possible_units(j, USER_UNITS, patterns, &units);
1175 SET_FOREACH(u, units, it) {
1176 r = add_matches_for_user_unit(j, u, getuid());
1179 r = sd_journal_add_disjunction(j);
1186 /* Complain if the user request matches but nothing whatsoever was
1187 * found, since otherwise everything would be matched. */
1188 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1191 r = sd_journal_add_conjunction(j);
1198 static int add_priorities(sd_journal *j) {
1199 char match[] = "PRIORITY=0";
1203 if (arg_priorities == 0xFF)
1206 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1207 if (arg_priorities & (1 << i)) {
1208 match[sizeof(match)-2] = '0' + i;
1210 r = sd_journal_add_match(j, match, strlen(match));
1212 log_error("Failed to add match: %s", strerror(-r));
1217 r = sd_journal_add_conjunction(j);
1225 static int add_syslog_identifier(sd_journal *j) {
1231 STRV_FOREACH(i, arg_syslog_identifier) {
1234 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1235 r = sd_journal_add_match(j, u, 0);
1238 r = sd_journal_add_disjunction(j);
1243 r = sd_journal_add_conjunction(j);
1250 static int setup_keys(void) {
1252 size_t mpk_size, seed_size, state_size, i;
1253 uint8_t *mpk, *seed, *state;
1255 int fd = -1, r, attr = 0;
1256 sd_id128_t machine, boot;
1257 char *p = NULL, *k = NULL;
1262 r = stat("/var/log/journal", &st);
1263 if (r < 0 && errno != ENOENT && errno != ENOTDIR) {
1264 log_error("stat(\"%s\") failed: %m", "/var/log/journal");
1268 if (r < 0 || !S_ISDIR(st.st_mode)) {
1269 log_error("%s is not a directory, must be using persistent logging for FSS.",
1270 "/var/log/journal");
1271 return r < 0 ? -errno : -ENOTDIR;
1274 r = sd_id128_get_machine(&machine);
1276 log_error("Failed to get machine ID: %s", strerror(-r));
1280 r = sd_id128_get_boot(&boot);
1282 log_error("Failed to get boot ID: %s", strerror(-r));
1286 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1287 SD_ID128_FORMAT_VAL(machine)) < 0)
1290 if (access(p, F_OK) >= 0) {
1294 log_error("unlink(\"%s\") failed: %m", p);
1299 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1305 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1306 SD_ID128_FORMAT_VAL(machine)) < 0) {
1311 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1312 mpk = alloca(mpk_size);
1314 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1315 seed = alloca(seed_size);
1317 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1318 state = alloca(state_size);
1320 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1322 log_error("Failed to open /dev/random: %m");
1327 log_info("Generating seed...");
1328 l = loop_read(fd, seed, seed_size, true);
1329 if (l < 0 || (size_t) l != seed_size) {
1330 log_error("Failed to read random seed: %s", strerror(EIO));
1335 log_info("Generating key pair...");
1336 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1338 log_info("Generating sealing key...");
1339 FSPRG_GenState0(state, mpk, seed, seed_size);
1341 assert(arg_interval > 0);
1343 n = now(CLOCK_REALTIME);
1347 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1349 log_error("Failed to open %s: %m", k);
1354 /* Enable secure remove, exclusion from dump, synchronous
1355 * writing and in-place updating */
1356 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1357 log_warning("FS_IOC_GETFLAGS failed: %m");
1359 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1361 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1362 log_warning("FS_IOC_SETFLAGS failed: %m");
1365 memcpy(h.signature, "KSHHRHLP", 8);
1366 h.machine_id = machine;
1368 h.header_size = htole64(sizeof(h));
1369 h.start_usec = htole64(n * arg_interval);
1370 h.interval_usec = htole64(arg_interval);
1371 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1372 h.fsprg_state_size = htole64(state_size);
1374 l = loop_write(fd, &h, sizeof(h), false);
1375 if (l < 0 || (size_t) l != sizeof(h)) {
1376 log_error("Failed to write header: %s", strerror(EIO));
1381 l = loop_write(fd, state, state_size, false);
1382 if (l < 0 || (size_t) l != state_size) {
1383 log_error("Failed to write state: %s", strerror(EIO));
1388 if (link(k, p) < 0) {
1389 log_error("Failed to link file: %m");
1397 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1398 "the following local file. This key file is automatically updated when the\n"
1399 "sealing key is advanced. It should not be used on multiple hosts.\n"
1403 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1404 "at a safe location and should not be saved locally on disk.\n"
1405 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1408 for (i = 0; i < seed_size; i++) {
1409 if (i > 0 && i % 3 == 0)
1411 printf("%02x", ((uint8_t*) seed)[i]);
1414 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1417 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1420 ANSI_HIGHLIGHT_OFF "\n"
1421 "The sealing key is automatically changed every %s.\n",
1422 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1424 hn = gethostname_malloc();
1427 hostname_cleanup(hn, false);
1428 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1430 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1432 #ifdef HAVE_QRENCODE
1433 /* If this is not an UTF-8 system don't print any QR codes */
1434 if (is_locale_utf8()) {
1435 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1436 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1456 log_error("Forward-secure sealing not available.");
1461 static int verify(sd_journal *j) {
1468 log_show_color(true);
1470 HASHMAP_FOREACH(f, j->files, i) {
1472 usec_t first, validated, last;
1475 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1476 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1479 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1481 /* If the key was invalid give up right-away. */
1484 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1487 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1488 log_info("PASS: %s", f->path);
1490 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1491 if (validated > 0) {
1492 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1493 format_timestamp(a, sizeof(a), first),
1494 format_timestamp(b, sizeof(b), validated),
1495 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1496 } else if (last > 0)
1497 log_info("=> No sealing yet, %s of entries not sealed.",
1498 format_timespan(c, sizeof(c), last - first, 0));
1500 log_info("=> No sealing yet, no entries in file.");
1509 static int access_check_var_log_journal(sd_journal *j) {
1510 _cleanup_strv_free_ char **g = NULL;
1516 have_access = in_group("systemd-journal") > 0;
1519 /* Let's enumerate all groups from the default ACL of
1520 * the directory, which generally should allow access
1521 * to most journal files too */
1522 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1529 if (strv_isempty(g))
1530 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1531 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1532 " turn off this notice.");
1534 _cleanup_free_ char *s = NULL;
1536 r = strv_extend(&g, "systemd-journal");
1543 s = strv_join(g, "', '");
1547 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1548 " Users in the groups '%s' can see all messages.\n"
1549 " Pass -q to turn off this notice.", s);
1557 static int access_check(sd_journal *j) {
1564 if (set_isempty(j->errors)) {
1565 if (hashmap_isempty(j->files))
1566 log_notice("No journal files were found.");
1570 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1572 /* If /var/log/journal doesn't even exist,
1573 * unprivileged users have no access at all */
1574 if (access("/var/log/journal", F_OK) < 0 &&
1576 in_group("systemd-journal") <= 0) {
1577 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1578 "enabled. Users in the 'systemd-journal' group may always access messages.");
1582 /* If /var/log/journal exists, try to pring a nice
1583 notice if the user lacks access to it */
1584 if (!arg_quiet && geteuid() != 0) {
1585 r = access_check_var_log_journal(j);
1590 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1591 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1592 "group may access messages.");
1597 if (hashmap_isempty(j->files)) {
1598 log_error("No journal files were opened due to insufficient permissions.");
1603 SET_FOREACH(code, j->errors, it) {
1606 err = -PTR_TO_INT(code);
1610 log_warning("Error was encountered while opening journal files: %s",
1617 int main(int argc, char *argv[]) {
1619 _cleanup_journal_close_ sd_journal *j = NULL;
1620 bool need_seek = false;
1621 sd_id128_t previous_boot_id;
1622 bool previous_boot_id_valid = false, first_line = true;
1624 bool ellipsized = false;
1626 setlocale(LC_ALL, "");
1627 log_parse_environment();
1630 r = parse_argv(argc, argv);
1634 signal(SIGWINCH, columns_lines_cache_reset);
1636 if (arg_action == ACTION_NEW_ID128) {
1637 r = generate_new_id128();
1641 if (arg_action == ACTION_SETUP_KEYS) {
1646 if (arg_action == ACTION_UPDATE_CATALOG ||
1647 arg_action == ACTION_LIST_CATALOG ||
1648 arg_action == ACTION_DUMP_CATALOG) {
1650 _cleanup_free_ char *database;
1652 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1658 if (arg_action == ACTION_UPDATE_CATALOG) {
1659 r = catalog_update(database, arg_root, catalog_file_dirs);
1661 log_error("Failed to list catalog: %s", strerror(-r));
1663 bool oneline = arg_action == ACTION_LIST_CATALOG;
1666 r = catalog_list_items(stdout, database,
1667 oneline, argv + optind);
1669 r = catalog_list(stdout, database, oneline);
1671 log_error("Failed to list catalog: %s", strerror(-r));
1678 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1680 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1681 else if (arg_machine)
1682 r = sd_journal_open_container(&j, arg_machine, 0);
1684 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1686 log_error("Failed to open %s: %s",
1687 arg_directory ? arg_directory : arg_file ? "files" : "journal",
1689 return EXIT_FAILURE;
1692 r = access_check(j);
1694 return EXIT_FAILURE;
1696 if (arg_action == ACTION_VERIFY) {
1701 if (arg_action == ACTION_PRINT_HEADER) {
1702 journal_print_header(j);
1703 return EXIT_SUCCESS;
1706 if (arg_action == ACTION_DISK_USAGE) {
1708 char sbytes[FORMAT_BYTES_MAX];
1710 r = sd_journal_get_usage(j, &bytes);
1712 return EXIT_FAILURE;
1714 printf("Journals take up %s on disk.\n",
1715 format_bytes(sbytes, sizeof(sbytes), bytes));
1716 return EXIT_SUCCESS;
1719 if (arg_action == ACTION_LIST_BOOTS) {
1724 /* add_boot() must be called first!
1725 * It may need to seek the journal to find parent boot IDs. */
1728 return EXIT_FAILURE;
1732 return EXIT_FAILURE;
1735 strv_free(arg_system_units);
1736 strv_free(arg_user_units);
1739 log_error("Failed to add filter for units: %s", strerror(-r));
1740 return EXIT_FAILURE;
1743 r = add_syslog_identifier(j);
1745 log_error("Failed to add filter for syslog identifiers: %s", strerror(-r));
1746 return EXIT_FAILURE;
1749 r = add_priorities(j);
1751 log_error("Failed to add filter for priorities: %s", strerror(-r));
1752 return EXIT_FAILURE;
1755 r = add_matches(j, argv + optind);
1757 log_error("Failed to add filters: %s", strerror(-r));
1758 return EXIT_FAILURE;
1761 if (_unlikely_(log_get_max_level() >= LOG_PRI(LOG_DEBUG))) {
1762 _cleanup_free_ char *filter;
1764 filter = journal_make_match_string(j);
1765 log_debug("Journal filter: %s", filter);
1772 r = sd_journal_set_data_threshold(j, 0);
1774 log_error("Failed to unset data size threshold");
1775 return EXIT_FAILURE;
1778 r = sd_journal_query_unique(j, arg_field);
1780 log_error("Failed to query unique data objects: %s", strerror(-r));
1781 return EXIT_FAILURE;
1784 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1787 if (arg_lines >= 0 && n_shown >= arg_lines)
1790 eq = memchr(data, '=', size);
1792 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1794 printf("%.*s\n", (int) size, (const char*) data);
1799 return EXIT_SUCCESS;
1802 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1804 r = sd_journal_get_fd(j);
1806 return EXIT_FAILURE;
1809 if (arg_cursor || arg_after_cursor) {
1810 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1812 log_error("Failed to seek to cursor: %s", strerror(-r));
1813 return EXIT_FAILURE;
1816 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1818 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1820 if (arg_after_cursor && r < 2 && !arg_follow)
1821 /* We couldn't find the next entry after the cursor. */
1824 } else if (arg_since_set && !arg_reverse) {
1825 r = sd_journal_seek_realtime_usec(j, arg_since);
1827 log_error("Failed to seek to date: %s", strerror(-r));
1828 return EXIT_FAILURE;
1830 r = sd_journal_next(j);
1832 } else if (arg_until_set && arg_reverse) {
1833 r = sd_journal_seek_realtime_usec(j, arg_until);
1835 log_error("Failed to seek to date: %s", strerror(-r));
1836 return EXIT_FAILURE;
1838 r = sd_journal_previous(j);
1840 } else if (arg_lines >= 0) {
1841 r = sd_journal_seek_tail(j);
1843 log_error("Failed to seek to tail: %s", strerror(-r));
1844 return EXIT_FAILURE;
1847 r = sd_journal_previous_skip(j, arg_lines);
1849 } else if (arg_reverse) {
1850 r = sd_journal_seek_tail(j);
1852 log_error("Failed to seek to tail: %s", strerror(-r));
1853 return EXIT_FAILURE;
1856 r = sd_journal_previous(j);
1859 r = sd_journal_seek_head(j);
1861 log_error("Failed to seek to head: %s", strerror(-r));
1862 return EXIT_FAILURE;
1865 r = sd_journal_next(j);
1869 log_error("Failed to iterate through journal: %s", strerror(-r));
1870 return EXIT_FAILURE;
1874 pager_open_if_enabled();
1878 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1880 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
1882 log_error("Failed to get cutoff: %s", strerror(-r));
1888 printf("-- Logs begin at %s. --\n",
1889 format_timestamp(start_buf, sizeof(start_buf), start));
1891 printf("-- Logs begin at %s, end at %s. --\n",
1892 format_timestamp(start_buf, sizeof(start_buf), start),
1893 format_timestamp(end_buf, sizeof(end_buf), end));
1898 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
1903 r = sd_journal_next(j);
1905 r = sd_journal_previous(j);
1907 log_error("Failed to iterate through journal: %s", strerror(-r));
1914 if (arg_until_set && !arg_reverse) {
1917 r = sd_journal_get_realtime_usec(j, &usec);
1919 log_error("Failed to determine timestamp: %s", strerror(-r));
1922 if (usec > arg_until)
1926 if (arg_since_set && arg_reverse) {
1929 r = sd_journal_get_realtime_usec(j, &usec);
1931 log_error("Failed to determine timestamp: %s", strerror(-r));
1934 if (usec < arg_since)
1941 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
1943 if (previous_boot_id_valid &&
1944 !sd_id128_equal(boot_id, previous_boot_id))
1945 printf("%s-- Reboot --%s\n",
1946 ansi_highlight(), ansi_highlight_off());
1948 previous_boot_id = boot_id;
1949 previous_boot_id_valid = true;
1954 arg_all * OUTPUT_SHOW_ALL |
1955 arg_full * OUTPUT_FULL_WIDTH |
1956 on_tty() * OUTPUT_COLOR |
1957 arg_catalog * OUTPUT_CATALOG;
1959 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
1961 if (r == -EADDRNOTAVAIL)
1963 else if (r < 0 || ferror(stdout))
1970 if (arg_show_cursor) {
1971 _cleanup_free_ char *cursor = NULL;
1973 r = sd_journal_get_cursor(j, &cursor);
1974 if (r < 0 && r != -EADDRNOTAVAIL)
1975 log_error("Failed to get cursor: %s", strerror(-r));
1977 printf("-- cursor: %s\n", cursor);
1983 r = sd_journal_wait(j, (uint64_t) -1);
1985 log_error("Couldn't wait for journal event: %s", strerror(-r));
1995 strv_free(arg_file);
1997 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;