1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include <sys/ioctl.h>
37 #include <sys/inotify.h>
40 #include "sd-journal.h"
44 #include "logs-show.h"
47 #include "path-util.h"
54 #include "journal-internal.h"
55 #include "journal-def.h"
56 #include "journal-verify.h"
57 #include "journal-authenticate.h"
58 #include "journal-qrcode.h"
59 #include "journal-vacuum.h"
61 #include "unit-name.h"
65 #include "bus-error.h"
67 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
70 /* Special values for arg_lines */
71 ARG_LINES_DEFAULT = -2,
75 static OutputMode arg_output = OUTPUT_SHORT;
76 static bool arg_utc = false;
77 static bool arg_pager_end = false;
78 static bool arg_follow = false;
79 static bool arg_full = true;
80 static bool arg_all = false;
81 static bool arg_no_pager = false;
82 static int arg_lines = ARG_LINES_DEFAULT;
83 static bool arg_no_tail = false;
84 static bool arg_quiet = false;
85 static bool arg_merge = false;
86 static bool arg_boot = false;
87 static sd_id128_t arg_boot_id = {};
88 static int arg_boot_offset = 0;
89 static bool arg_dmesg = false;
90 static const char *arg_cursor = NULL;
91 static const char *arg_after_cursor = NULL;
92 static bool arg_show_cursor = false;
93 static const char *arg_directory = NULL;
94 static char **arg_file = NULL;
95 static int arg_priorities = 0xFF;
96 static const char *arg_verify_key = NULL;
98 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
99 static bool arg_force = false;
101 static usec_t arg_since, arg_until;
102 static bool arg_since_set = false, arg_until_set = false;
103 static char **arg_syslog_identifier = NULL;
104 static char **arg_system_units = NULL;
105 static char **arg_user_units = NULL;
106 static const char *arg_field = NULL;
107 static bool arg_catalog = false;
108 static bool arg_reverse = false;
109 static int arg_journal_type = 0;
110 static const char *arg_root = NULL;
111 static const char *arg_machine = NULL;
112 static off_t arg_vacuum_size = (off_t) -1;
113 static usec_t arg_vacuum_time = USEC_INFINITY;
124 ACTION_UPDATE_CATALOG,
128 } arg_action = ACTION_SHOW;
130 typedef struct boot_id_t {
136 static void pager_open_if_enabled(void) {
141 pager_open(arg_pager_end);
144 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
147 return format_timestamp_utc(buf, l, t);
149 return format_timestamp(buf, l, t);
152 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
153 sd_id128_t id = SD_ID128_NULL;
156 if (strlen(x) >= 32) {
160 r = sd_id128_from_string(t, &id);
164 if (*x != '-' && *x != '+' && *x != 0)
168 r = safe_atoi(x, &off);
173 r = safe_atoi(x, &off);
187 static void help(void) {
189 pager_open_if_enabled();
191 printf("%s [OPTIONS...] [MATCHES...]\n\n"
192 "Query the journal.\n\n"
194 " --system Show the system journal\n"
195 " --user Show the user journal for the current user\n"
196 " -M --machine=CONTAINER Operate on local container\n"
197 " --since=DATE Show entries not older than the specified date\n"
198 " --until=DATE Show entries not newer than the specified date\n"
199 " -c --cursor=CURSOR Show entries starting at the specified cursor\n"
200 " --after-cursor=CURSOR Show entries after the specified cursor\n"
201 " --show-cursor Print the cursor after all the entries\n"
202 " -b --boot[=ID] Show current boot or the specified boot\n"
203 " --list-boots Show terse information about recorded boots\n"
204 " -k --dmesg Show kernel message log from the current boot\n"
205 " -u --unit=UNIT Show logs from the specified unit\n"
206 " --user-unit=UNIT Show logs from the specified user unit\n"
207 " -t --identifier=STRING Show entries with the specified syslog identifier\n"
208 " -p --priority=RANGE Show entries with the specified priority\n"
209 " -e --pager-end Immediately jump to the end in the pager\n"
210 " -f --follow Follow the journal\n"
211 " -n --lines[=INTEGER] Number of journal entries to show\n"
212 " --no-tail Show all lines, even in follow mode\n"
213 " -r --reverse Show the newest entries first\n"
214 " -o --output=STRING Change journal output mode (short, short-iso,\n"
215 " short-precise, short-monotonic, verbose,\n"
216 " export, json, json-pretty, json-sse, cat)\n"
217 " --utc Express time in Coordinated Universal Time (UTC)\n"
218 " -x --catalog Add message explanations where available\n"
219 " --no-full Ellipsize fields\n"
220 " -a --all Show all fields, including long and unprintable\n"
221 " -q --quiet Do not show privilege warning\n"
222 " --no-pager Do not pipe output into a pager\n"
223 " -m --merge Show entries from all available journals\n"
224 " -D --directory=PATH Show journal files from directory\n"
225 " --file=PATH Show journal file\n"
226 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
228 " --interval=TIME Time interval for changing the FSS sealing key\n"
229 " --verify-key=KEY Specify FSS verification key\n"
230 " --force Override of the FSS key pair with --setup-keys\n"
233 " -h --help Show this help text\n"
234 " --version Show package version\n"
235 " -F --field=FIELD List all values that a specified field takes\n"
236 " --new-id128 Generate a new 128-bit ID\n"
237 " --disk-usage Show total disk usage of all journal files\n"
238 " --vacuum-size=BYTES Reduce disk usage below specified size\n"
239 " --vacuum-time=TIME Remove journal files older than specified date\n"
240 " --flush Flush all journal data from /run into /var\n"
241 " --header Show journal header information\n"
242 " --list-catalog Show all message IDs in the catalog\n"
243 " --dump-catalog Show entries in the message catalog\n"
244 " --update-catalog Update the message catalog database\n"
246 " --setup-keys Generate a new FSS key pair\n"
247 " --verify Verify journal file consistency\n"
249 , program_invocation_short_name);
252 static int parse_argv(int argc, char *argv[]) {
286 static const struct option options[] = {
287 { "help", no_argument, NULL, 'h' },
288 { "version" , no_argument, NULL, ARG_VERSION },
289 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
290 { "pager-end", no_argument, NULL, 'e' },
291 { "follow", no_argument, NULL, 'f' },
292 { "force", no_argument, NULL, ARG_FORCE },
293 { "output", required_argument, NULL, 'o' },
294 { "all", no_argument, NULL, 'a' },
295 { "full", no_argument, NULL, 'l' },
296 { "no-full", no_argument, NULL, ARG_NO_FULL },
297 { "lines", optional_argument, NULL, 'n' },
298 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
299 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
300 { "quiet", no_argument, NULL, 'q' },
301 { "merge", no_argument, NULL, 'm' },
302 { "boot", optional_argument, NULL, 'b' },
303 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
304 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
305 { "dmesg", no_argument, NULL, 'k' },
306 { "system", no_argument, NULL, ARG_SYSTEM },
307 { "user", no_argument, NULL, ARG_USER },
308 { "directory", required_argument, NULL, 'D' },
309 { "file", required_argument, NULL, ARG_FILE },
310 { "root", required_argument, NULL, ARG_ROOT },
311 { "header", no_argument, NULL, ARG_HEADER },
312 { "identifier", required_argument, NULL, 't' },
313 { "priority", required_argument, NULL, 'p' },
314 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
315 { "interval", required_argument, NULL, ARG_INTERVAL },
316 { "verify", no_argument, NULL, ARG_VERIFY },
317 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
318 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
319 { "cursor", required_argument, NULL, 'c' },
320 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
321 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
322 { "since", required_argument, NULL, ARG_SINCE },
323 { "until", required_argument, NULL, ARG_UNTIL },
324 { "unit", required_argument, NULL, 'u' },
325 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
326 { "field", required_argument, NULL, 'F' },
327 { "catalog", no_argument, NULL, 'x' },
328 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
329 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
330 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
331 { "reverse", no_argument, NULL, 'r' },
332 { "machine", required_argument, NULL, 'M' },
333 { "utc", no_argument, NULL, ARG_UTC },
334 { "flush", no_argument, NULL, ARG_FLUSH },
335 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
336 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
345 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
354 puts(PACKAGE_STRING);
355 puts(SYSTEMD_FEATURES);
363 arg_pager_end = true;
365 if (arg_lines == ARG_LINES_DEFAULT)
375 arg_output = output_mode_from_string(optarg);
376 if (arg_output < 0) {
377 log_error("Unknown output format '%s'.", optarg);
381 if (arg_output == OUTPUT_EXPORT ||
382 arg_output == OUTPUT_JSON ||
383 arg_output == OUTPUT_JSON_PRETTY ||
384 arg_output == OUTPUT_JSON_SSE ||
385 arg_output == OUTPUT_CAT)
404 if (streq(optarg, "all"))
405 arg_lines = ARG_LINES_ALL;
407 r = safe_atoi(optarg, &arg_lines);
408 if (r < 0 || arg_lines < 0) {
409 log_error("Failed to parse lines '%s'", optarg);
416 /* Hmm, no argument? Maybe the next
417 * word on the command line is
418 * supposed to be the argument? Let's
419 * see if there is one, and is
423 if (streq(argv[optind], "all")) {
424 arg_lines = ARG_LINES_ALL;
426 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
440 arg_action = ACTION_NEW_ID128;
455 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
457 log_error("Failed to parse boot descriptor '%s'", optarg);
462 /* Hmm, no argument? Maybe the next
463 * word on the command line is
464 * supposed to be the argument? Let's
465 * see if there is one and is parsable
466 * as a boot descriptor... */
469 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
476 arg_action = ACTION_LIST_BOOTS;
480 arg_boot = arg_dmesg = true;
484 arg_journal_type |= SD_JOURNAL_SYSTEM;
488 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
492 arg_machine = optarg;
496 arg_directory = optarg;
500 r = glob_extend(&arg_file, optarg);
502 return log_error_errno(r, "Failed to add paths: %m");
513 case ARG_AFTER_CURSOR:
514 arg_after_cursor = optarg;
517 case ARG_SHOW_CURSOR:
518 arg_show_cursor = true;
522 arg_action = ACTION_PRINT_HEADER;
526 arg_action = ACTION_VERIFY;
530 arg_action = ACTION_DISK_USAGE;
533 case ARG_VACUUM_SIZE:
534 r = parse_size(optarg, 1024, &arg_vacuum_size);
536 log_error("Failed to parse vacuum size: %s", optarg);
540 arg_action = ACTION_VACUUM;
543 case ARG_VACUUM_TIME:
544 r = parse_sec(optarg, &arg_vacuum_time);
546 log_error("Failed to parse vacuum time: %s", optarg);
550 arg_action = ACTION_VACUUM;
559 arg_action = ACTION_SETUP_KEYS;
564 arg_action = ACTION_VERIFY;
565 arg_verify_key = optarg;
570 r = parse_sec(optarg, &arg_interval);
571 if (r < 0 || arg_interval <= 0) {
572 log_error("Failed to parse sealing key change interval: %s", optarg);
581 log_error("Forward-secure sealing not available.");
588 dots = strstr(optarg, "..");
594 a = strndup(optarg, dots - optarg);
598 from = log_level_from_string(a);
599 to = log_level_from_string(dots + 2);
602 if (from < 0 || to < 0) {
603 log_error("Failed to parse log level range %s", optarg);
610 for (i = from; i <= to; i++)
611 arg_priorities |= 1 << i;
613 for (i = to; i <= from; i++)
614 arg_priorities |= 1 << i;
620 p = log_level_from_string(optarg);
622 log_error("Unknown log level %s", optarg);
628 for (i = 0; i <= p; i++)
629 arg_priorities |= 1 << i;
636 r = parse_timestamp(optarg, &arg_since);
638 log_error("Failed to parse timestamp: %s", optarg);
641 arg_since_set = true;
645 r = parse_timestamp(optarg, &arg_until);
647 log_error("Failed to parse timestamp: %s", optarg);
650 arg_until_set = true;
654 r = strv_extend(&arg_syslog_identifier, optarg);
660 r = strv_extend(&arg_system_units, optarg);
666 r = strv_extend(&arg_user_units, optarg);
679 case ARG_LIST_CATALOG:
680 arg_action = ACTION_LIST_CATALOG;
683 case ARG_DUMP_CATALOG:
684 arg_action = ACTION_DUMP_CATALOG;
687 case ARG_UPDATE_CATALOG:
688 arg_action = ACTION_UPDATE_CATALOG;
700 arg_action = ACTION_FLUSH;
707 assert_not_reached("Unhandled option");
710 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
713 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
714 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
718 if (arg_since_set && arg_until_set && arg_since > arg_until) {
719 log_error("--since= must be before --until=.");
723 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
724 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
728 if (arg_follow && arg_reverse) {
729 log_error("Please specify either --reverse= or --follow=, not both.");
733 if (arg_action != ACTION_SHOW && optind < argc) {
734 log_error("Extraneous arguments starting with '%s'", argv[optind]);
741 static int generate_new_id128(void) {
746 r = sd_id128_randomize(&id);
748 return log_error_errno(r, "Failed to generate ID: %m");
750 printf("As string:\n"
751 SD_ID128_FORMAT_STR "\n\n"
753 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
755 "#define MESSAGE_XYZ SD_ID128_MAKE(",
756 SD_ID128_FORMAT_VAL(id),
757 SD_ID128_FORMAT_VAL(id));
758 for (i = 0; i < 16; i++)
759 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
760 fputs(")\n\n", stdout);
762 printf("As Python constant:\n"
764 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
765 SD_ID128_FORMAT_VAL(id));
770 static int add_matches(sd_journal *j, char **args) {
772 bool have_term = false;
776 STRV_FOREACH(i, args) {
779 if (streq(*i, "+")) {
782 r = sd_journal_add_disjunction(j);
785 } else if (path_is_absolute(*i)) {
786 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
788 _cleanup_free_ char *interpreter = NULL;
791 p = canonicalize_file_name(*i);
794 if (stat(path, &st) < 0)
795 return log_error_errno(errno, "Couldn't stat file: %m");
797 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
798 if (executable_is_script(path, &interpreter) > 0) {
799 _cleanup_free_ char *comm;
801 comm = strndup(basename(path), 15);
805 t = strappend("_COMM=", comm);
807 /* Append _EXE only if the interpreter is not a link.
808 Otherwise, it might be outdated often. */
809 if (lstat(interpreter, &st) == 0 &&
810 !S_ISLNK(st.st_mode)) {
811 t2 = strappend("_EXE=", interpreter);
816 t = strappend("_EXE=", path);
817 } else if (S_ISCHR(st.st_mode)) {
818 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
820 minor(st.st_rdev)) < 0)
822 } else if (S_ISBLK(st.st_mode)) {
823 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
825 minor(st.st_rdev)) < 0)
828 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
835 r = sd_journal_add_match(j, t, 0);
837 r = sd_journal_add_match(j, t2, 0);
841 r = sd_journal_add_match(j, *i, 0);
846 return log_error_errno(r, "Failed to add match '%s': %m", *i);
849 if (!strv_isempty(args) && !have_term) {
850 log_error("\"+\" can only be used between terms");
857 static int boot_id_cmp(const void *a, const void *b) {
860 _a = ((const boot_id_t *)a)->first;
861 _b = ((const boot_id_t *)b)->first;
863 return _a < _b ? -1 : (_a > _b ? 1 : 0);
866 static int get_boots(sd_journal *j,
869 boot_id_t *query_ref_boot) {
872 size_t length, allocated = 0;
878 r = sd_journal_query_unique(j, "_BOOT_ID");
883 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
886 assert(startswith(data, "_BOOT_ID="));
888 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
891 id = *boots + *count;
893 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
897 r = sd_journal_add_match(j, data, length);
901 r = sd_journal_seek_head(j);
905 r = sd_journal_next(j);
911 r = sd_journal_get_realtime_usec(j, &id->first);
915 if (query_ref_boot) {
917 if (sd_id128_equal(id->id, query_ref_boot->id))
918 *query_ref_boot = *id;
920 r = sd_journal_seek_tail(j);
924 r = sd_journal_previous(j);
930 r = sd_journal_get_realtime_usec(j, &id->last);
937 sd_journal_flush_matches(j);
940 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
944 static int list_boots(sd_journal *j) {
948 _cleanup_free_ boot_id_t *all_ids = NULL;
952 r = get_boots(j, &all_ids, &count, NULL);
956 pager_open_if_enabled();
958 /* numbers are one less, but we need an extra char for the sign */
959 w = DECIMAL_STR_WIDTH(count - 1) + 1;
961 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
962 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
964 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
966 SD_ID128_FORMAT_VAL(id->id),
967 format_timestamp_maybe_utc(a, sizeof(a), id->first),
968 format_timestamp_maybe_utc(b, sizeof(b), id->last));
974 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
977 boot_id_t ref_boot_id = {}, *id;
978 _cleanup_free_ boot_id_t *all_ids = NULL;
983 ref_boot_id.id = *boot_id;
984 r = get_boots(j, &all_ids, &count, &ref_boot_id);
988 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
989 if (offset > (int) count || offset <= -(int)count)
990 return -EADDRNOTAVAIL;
992 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
994 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
997 offset <= 0 ? (id - all_ids) + offset < 0 :
998 (id - all_ids) + offset >= (int) count)
999 return -EADDRNOTAVAIL;
1001 *boot_id = (id + offset)->id;
1007 static int add_boot(sd_journal *j) {
1008 char match[9+32+1] = "_BOOT_ID=";
1016 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1017 return add_match_this_boot(j, arg_machine);
1019 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1021 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1022 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1024 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1025 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1029 sd_id128_to_string(arg_boot_id, match + 9);
1031 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1033 return log_error_errno(r, "Failed to add match: %m");
1035 r = sd_journal_add_conjunction(j);
1042 static int add_dmesg(sd_journal *j) {
1049 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1051 return log_error_errno(r, "Failed to add match: %m");
1053 r = sd_journal_add_conjunction(j);
1060 static int get_possible_units(sd_journal *j,
1064 _cleanup_set_free_free_ Set *found;
1068 found = set_new(&string_hash_ops);
1072 NULSTR_FOREACH(field, fields) {
1076 r = sd_journal_query_unique(j, field);
1080 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1081 char **pattern, *eq;
1083 _cleanup_free_ char *u = NULL;
1085 eq = memchr(data, '=', size);
1087 prefix = eq - (char*) data + 1;
1091 u = strndup((char*) data + prefix, size - prefix);
1095 STRV_FOREACH(pattern, patterns)
1096 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1097 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1099 r = set_consume(found, u);
1101 if (r < 0 && r != -EEXIST)
1114 /* This list is supposed to return the superset of unit names
1115 * possibly matched by rules added with add_matches_for_unit... */
1116 #define SYSTEM_UNITS \
1120 "OBJECT_SYSTEMD_UNIT\0" \
1123 /* ... and add_matches_for_user_unit */
1124 #define USER_UNITS \
1125 "_SYSTEMD_USER_UNIT\0" \
1127 "COREDUMP_USER_UNIT\0" \
1128 "OBJECT_SYSTEMD_USER_UNIT\0"
1130 static int add_units(sd_journal *j) {
1131 _cleanup_strv_free_ char **patterns = NULL;
1137 STRV_FOREACH(i, arg_system_units) {
1138 _cleanup_free_ char *u = NULL;
1140 u = unit_name_mangle(*i, MANGLE_GLOB);
1144 if (string_is_glob(u)) {
1145 r = strv_push(&patterns, u);
1150 r = add_matches_for_unit(j, u);
1153 r = sd_journal_add_disjunction(j);
1160 if (!strv_isempty(patterns)) {
1161 _cleanup_set_free_free_ Set *units = NULL;
1165 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1169 SET_FOREACH(u, units, it) {
1170 r = add_matches_for_unit(j, u);
1173 r = sd_journal_add_disjunction(j);
1180 strv_free(patterns);
1183 STRV_FOREACH(i, arg_user_units) {
1184 _cleanup_free_ char *u = NULL;
1186 u = unit_name_mangle(*i, MANGLE_GLOB);
1190 if (string_is_glob(u)) {
1191 r = strv_push(&patterns, u);
1196 r = add_matches_for_user_unit(j, u, getuid());
1199 r = sd_journal_add_disjunction(j);
1206 if (!strv_isempty(patterns)) {
1207 _cleanup_set_free_free_ Set *units = NULL;
1211 r = get_possible_units(j, USER_UNITS, patterns, &units);
1215 SET_FOREACH(u, units, it) {
1216 r = add_matches_for_user_unit(j, u, getuid());
1219 r = sd_journal_add_disjunction(j);
1226 /* Complain if the user request matches but nothing whatsoever was
1227 * found, since otherwise everything would be matched. */
1228 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1231 r = sd_journal_add_conjunction(j);
1238 static int add_priorities(sd_journal *j) {
1239 char match[] = "PRIORITY=0";
1243 if (arg_priorities == 0xFF)
1246 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1247 if (arg_priorities & (1 << i)) {
1248 match[sizeof(match)-2] = '0' + i;
1250 r = sd_journal_add_match(j, match, strlen(match));
1252 return log_error_errno(r, "Failed to add match: %m");
1255 r = sd_journal_add_conjunction(j);
1263 static int add_syslog_identifier(sd_journal *j) {
1269 STRV_FOREACH(i, arg_syslog_identifier) {
1272 u = strjoina("SYSLOG_IDENTIFIER=", *i);
1273 r = sd_journal_add_match(j, u, 0);
1276 r = sd_journal_add_disjunction(j);
1281 r = sd_journal_add_conjunction(j);
1288 static int setup_keys(void) {
1290 size_t mpk_size, seed_size, state_size, i;
1291 uint8_t *mpk, *seed, *state;
1294 sd_id128_t machine, boot;
1295 char *p = NULL, *k = NULL;
1300 r = stat("/var/log/journal", &st);
1301 if (r < 0 && errno != ENOENT && errno != ENOTDIR)
1302 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1304 if (r < 0 || !S_ISDIR(st.st_mode)) {
1305 log_error("%s is not a directory, must be using persistent logging for FSS.",
1306 "/var/log/journal");
1307 return r < 0 ? -errno : -ENOTDIR;
1310 r = sd_id128_get_machine(&machine);
1312 return log_error_errno(r, "Failed to get machine ID: %m");
1314 r = sd_id128_get_boot(&boot);
1316 return log_error_errno(r, "Failed to get boot ID: %m");
1318 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1319 SD_ID128_FORMAT_VAL(machine)) < 0)
1322 if (access(p, F_OK) >= 0) {
1326 log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1331 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1337 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1338 SD_ID128_FORMAT_VAL(machine)) < 0) {
1343 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1344 mpk = alloca(mpk_size);
1346 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1347 seed = alloca(seed_size);
1349 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1350 state = alloca(state_size);
1352 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1354 log_error_errno(errno, "Failed to open /dev/random: %m");
1359 log_info("Generating seed...");
1360 l = loop_read(fd, seed, seed_size, true);
1361 if (l < 0 || (size_t) l != seed_size) {
1362 log_error_errno(EIO, "Failed to read random seed: %m");
1367 log_info("Generating key pair...");
1368 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1370 log_info("Generating sealing key...");
1371 FSPRG_GenState0(state, mpk, seed, seed_size);
1373 assert(arg_interval > 0);
1375 n = now(CLOCK_REALTIME);
1379 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1381 log_error_errno(errno, "Failed to open %s: %m", k);
1386 /* Enable secure remove, exclusion from dump, synchronous
1387 * writing and in-place updating */
1388 r = chattr_fd(fd, true, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL);
1390 log_warning_errno(errno, "Failed to set file attributes: %m");
1393 memcpy(h.signature, "KSHHRHLP", 8);
1394 h.machine_id = machine;
1396 h.header_size = htole64(sizeof(h));
1397 h.start_usec = htole64(n * arg_interval);
1398 h.interval_usec = htole64(arg_interval);
1399 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1400 h.fsprg_state_size = htole64(state_size);
1402 r = loop_write(fd, &h, sizeof(h), false);
1404 log_error_errno(r, "Failed to write header: %m");
1408 r = loop_write(fd, state, state_size, false);
1410 log_error_errno(r, "Failed to write state: %m");
1414 if (link(k, p) < 0) {
1415 log_error_errno(errno, "Failed to link file: %m");
1423 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1424 "the following local file. This key file is automatically updated when the\n"
1425 "sealing key is advanced. It should not be used on multiple hosts.\n"
1429 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1430 "at a safe location and should not be saved locally on disk.\n"
1431 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1434 for (i = 0; i < seed_size; i++) {
1435 if (i > 0 && i % 3 == 0)
1437 printf("%02x", ((uint8_t*) seed)[i]);
1440 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1443 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1446 ANSI_HIGHLIGHT_OFF "\n"
1447 "The sealing key is automatically changed every %s.\n",
1448 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1450 hn = gethostname_malloc();
1453 hostname_cleanup(hn, false);
1454 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1456 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1458 #ifdef HAVE_QRENCODE
1459 /* If this is not an UTF-8 system don't print any QR codes */
1460 if (is_locale_utf8()) {
1461 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1462 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1482 log_error("Forward-secure sealing not available.");
1487 static int verify(sd_journal *j) {
1494 log_show_color(true);
1496 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1498 usec_t first, validated, last;
1501 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1502 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1505 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1507 /* If the key was invalid give up right-away. */
1510 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1513 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1514 log_info("PASS: %s", f->path);
1516 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1517 if (validated > 0) {
1518 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1519 format_timestamp_maybe_utc(a, sizeof(a), first),
1520 format_timestamp_maybe_utc(b, sizeof(b), validated),
1521 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1522 } else if (last > 0)
1523 log_info("=> No sealing yet, %s of entries not sealed.",
1524 format_timespan(c, sizeof(c), last - first, 0));
1526 log_info("=> No sealing yet, no entries in file.");
1535 static int access_check_var_log_journal(sd_journal *j) {
1536 _cleanup_strv_free_ char **g = NULL;
1542 have_access = in_group("systemd-journal") > 0;
1545 /* Let's enumerate all groups from the default ACL of
1546 * the directory, which generally should allow access
1547 * to most journal files too */
1548 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1555 if (strv_isempty(g))
1556 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1557 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1558 " turn off this notice.");
1560 _cleanup_free_ char *s = NULL;
1562 r = strv_extend(&g, "systemd-journal");
1569 s = strv_join(g, "', '");
1573 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1574 " Users in the groups '%s' can see all messages.\n"
1575 " Pass -q to turn off this notice.", s);
1583 static int access_check(sd_journal *j) {
1590 if (set_isempty(j->errors)) {
1591 if (ordered_hashmap_isempty(j->files))
1592 log_notice("No journal files were found.");
1596 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1598 /* If /var/log/journal doesn't even exist,
1599 * unprivileged users have no access at all */
1600 if (access("/var/log/journal", F_OK) < 0 &&
1602 in_group("systemd-journal") <= 0) {
1603 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1604 "enabled. Users in the 'systemd-journal' group may always access messages.");
1608 /* If /var/log/journal exists, try to pring a nice
1609 notice if the user lacks access to it */
1610 if (!arg_quiet && geteuid() != 0) {
1611 r = access_check_var_log_journal(j);
1616 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1617 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1618 "group may access messages.");
1623 if (ordered_hashmap_isempty(j->files)) {
1624 log_error("No journal files were opened due to insufficient permissions.");
1629 SET_FOREACH(code, j->errors, it) {
1632 err = -PTR_TO_INT(code);
1636 log_warning_errno(err, "Error was encountered while opening journal files: %m");
1642 static int flush_to_var(void) {
1643 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1644 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1645 _cleanup_close_ int watch_fd = -1;
1649 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1652 /* OK, let's actually do the full logic, send SIGUSR1 to the
1653 * daemon and set up inotify to wait for the flushed file to appear */
1654 r = bus_open_system_systemd(&bus);
1656 return log_error_errno(r, "Failed to get D-Bus connection: %m");
1658 r = sd_bus_call_method(
1660 "org.freedesktop.systemd1",
1661 "/org/freedesktop/systemd1",
1662 "org.freedesktop.systemd1.Manager",
1666 "ssi", "systemd-journald.service", "main", SIGUSR1);
1668 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1672 mkdir_p("/run/systemd/journal", 0755);
1674 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1676 return log_error_errno(errno, "Failed to create inotify watch: %m");
1678 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1680 return log_error_errno(errno, "Failed to watch journal directory: %m");
1683 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1686 if (errno != ENOENT)
1687 return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1689 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1691 return log_error_errno(r, "Failed to wait for event: %m");
1693 r = flush_fd(watch_fd);
1695 return log_error_errno(r, "Failed to flush inotify events: %m");
1701 int main(int argc, char *argv[]) {
1703 _cleanup_journal_close_ sd_journal *j = NULL;
1704 bool need_seek = false;
1705 sd_id128_t previous_boot_id;
1706 bool previous_boot_id_valid = false, first_line = true;
1708 bool ellipsized = false;
1710 setlocale(LC_ALL, "");
1711 log_parse_environment();
1714 r = parse_argv(argc, argv);
1718 signal(SIGWINCH, columns_lines_cache_reset);
1721 /* Increase max number of open files to 16K if we can, we
1722 * might needs this when browsing journal files, which might
1723 * be split up into many files. */
1724 setrlimit_closest(RLIMIT_NOFILE, &RLIMIT_MAKE_CONST(16384));
1726 if (arg_action == ACTION_NEW_ID128) {
1727 r = generate_new_id128();
1731 if (arg_action == ACTION_FLUSH) {
1736 if (arg_action == ACTION_SETUP_KEYS) {
1741 if (arg_action == ACTION_UPDATE_CATALOG ||
1742 arg_action == ACTION_LIST_CATALOG ||
1743 arg_action == ACTION_DUMP_CATALOG) {
1745 _cleanup_free_ char *database;
1747 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1753 if (arg_action == ACTION_UPDATE_CATALOG) {
1754 r = catalog_update(database, arg_root, catalog_file_dirs);
1756 log_error_errno(r, "Failed to list catalog: %m");
1758 bool oneline = arg_action == ACTION_LIST_CATALOG;
1761 r = catalog_list_items(stdout, database,
1762 oneline, argv + optind);
1764 r = catalog_list(stdout, database, oneline);
1766 log_error_errno(r, "Failed to list catalog: %m");
1773 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1775 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1776 else if (arg_machine)
1777 r = sd_journal_open_container(&j, arg_machine, 0);
1779 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1781 log_error_errno(r, "Failed to open %s: %m",
1782 arg_directory ? arg_directory : arg_file ? "files" : "journal");
1783 return EXIT_FAILURE;
1786 r = access_check(j);
1788 return EXIT_FAILURE;
1790 if (arg_action == ACTION_VERIFY) {
1795 if (arg_action == ACTION_PRINT_HEADER) {
1796 journal_print_header(j);
1797 return EXIT_SUCCESS;
1800 if (arg_action == ACTION_DISK_USAGE) {
1802 char sbytes[FORMAT_BYTES_MAX];
1804 r = sd_journal_get_usage(j, &bytes);
1806 return EXIT_FAILURE;
1808 printf("Archived and active journals take up %s on disk.\n",
1809 format_bytes(sbytes, sizeof(sbytes), bytes));
1810 return EXIT_SUCCESS;
1813 if (arg_action == ACTION_VACUUM) {
1817 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1823 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1825 log_error_errno(q, "Failed to vacuum: %m");
1830 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1833 if (arg_action == ACTION_LIST_BOOTS) {
1838 /* add_boot() must be called first!
1839 * It may need to seek the journal to find parent boot IDs. */
1842 return EXIT_FAILURE;
1846 return EXIT_FAILURE;
1849 strv_free(arg_system_units);
1850 strv_free(arg_user_units);
1853 log_error_errno(r, "Failed to add filter for units: %m");
1854 return EXIT_FAILURE;
1857 r = add_syslog_identifier(j);
1859 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1860 return EXIT_FAILURE;
1863 r = add_priorities(j);
1865 log_error_errno(r, "Failed to add filter for priorities: %m");
1866 return EXIT_FAILURE;
1869 r = add_matches(j, argv + optind);
1871 log_error_errno(r, "Failed to add filters: %m");
1872 return EXIT_FAILURE;
1875 if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1876 _cleanup_free_ char *filter;
1878 filter = journal_make_match_string(j);
1879 log_debug("Journal filter: %s", filter);
1886 r = sd_journal_set_data_threshold(j, 0);
1888 log_error("Failed to unset data size threshold");
1889 return EXIT_FAILURE;
1892 r = sd_journal_query_unique(j, arg_field);
1894 log_error_errno(r, "Failed to query unique data objects: %m");
1895 return EXIT_FAILURE;
1898 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1901 if (arg_lines >= 0 && n_shown >= arg_lines)
1904 eq = memchr(data, '=', size);
1906 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1908 printf("%.*s\n", (int) size, (const char*) data);
1913 return EXIT_SUCCESS;
1916 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1918 r = sd_journal_get_fd(j);
1920 return EXIT_FAILURE;
1923 if (arg_cursor || arg_after_cursor) {
1924 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1926 log_error_errno(r, "Failed to seek to cursor: %m");
1927 return EXIT_FAILURE;
1930 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1932 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1934 if (arg_after_cursor && r < 2) {
1935 /* We couldn't find the next entry after the cursor. */
1942 } else if (arg_since_set && !arg_reverse) {
1943 r = sd_journal_seek_realtime_usec(j, arg_since);
1945 log_error_errno(r, "Failed to seek to date: %m");
1946 return EXIT_FAILURE;
1948 r = sd_journal_next(j);
1950 } else if (arg_until_set && arg_reverse) {
1951 r = sd_journal_seek_realtime_usec(j, arg_until);
1953 log_error_errno(r, "Failed to seek to date: %m");
1954 return EXIT_FAILURE;
1956 r = sd_journal_previous(j);
1958 } else if (arg_lines >= 0) {
1959 r = sd_journal_seek_tail(j);
1961 log_error_errno(r, "Failed to seek to tail: %m");
1962 return EXIT_FAILURE;
1965 r = sd_journal_previous_skip(j, arg_lines);
1967 } else if (arg_reverse) {
1968 r = sd_journal_seek_tail(j);
1970 log_error_errno(r, "Failed to seek to tail: %m");
1971 return EXIT_FAILURE;
1974 r = sd_journal_previous(j);
1977 r = sd_journal_seek_head(j);
1979 log_error_errno(r, "Failed to seek to head: %m");
1980 return EXIT_FAILURE;
1983 r = sd_journal_next(j);
1987 log_error_errno(r, "Failed to iterate through journal: %m");
1988 return EXIT_FAILURE;
1992 pager_open_if_enabled();
1996 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
1998 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
2000 log_error_errno(r, "Failed to get cutoff: %m");
2006 printf("-- Logs begin at %s. --\n",
2007 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2009 printf("-- Logs begin at %s, end at %s. --\n",
2010 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2011 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2016 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2021 r = sd_journal_next(j);
2023 r = sd_journal_previous(j);
2025 log_error_errno(r, "Failed to iterate through journal: %m");
2032 if (arg_until_set && !arg_reverse) {
2035 r = sd_journal_get_realtime_usec(j, &usec);
2037 log_error_errno(r, "Failed to determine timestamp: %m");
2040 if (usec > arg_until)
2044 if (arg_since_set && arg_reverse) {
2047 r = sd_journal_get_realtime_usec(j, &usec);
2049 log_error_errno(r, "Failed to determine timestamp: %m");
2052 if (usec < arg_since)
2056 if (!arg_merge && !arg_quiet) {
2059 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2061 if (previous_boot_id_valid &&
2062 !sd_id128_equal(boot_id, previous_boot_id))
2063 printf("%s-- Reboot --%s\n",
2064 ansi_highlight(), ansi_highlight_off());
2066 previous_boot_id = boot_id;
2067 previous_boot_id_valid = true;
2072 arg_all * OUTPUT_SHOW_ALL |
2073 arg_full * OUTPUT_FULL_WIDTH |
2074 on_tty() * OUTPUT_COLOR |
2075 arg_catalog * OUTPUT_CATALOG |
2076 arg_utc * OUTPUT_UTC;
2078 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2080 if (r == -EADDRNOTAVAIL)
2082 else if (r < 0 || ferror(stdout))
2089 if (arg_show_cursor) {
2090 _cleanup_free_ char *cursor = NULL;
2092 r = sd_journal_get_cursor(j, &cursor);
2093 if (r < 0 && r != -EADDRNOTAVAIL)
2094 log_error_errno(r, "Failed to get cursor: %m");
2096 printf("-- cursor: %s\n", cursor);
2102 r = sd_journal_wait(j, (uint64_t) -1);
2104 log_error_errno(r, "Couldn't wait for journal event: %m");
2114 strv_free(arg_file);
2116 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;