" -n --lines=INTEGER Journal entries to show\n"
" --no-tail Show all lines, even in follow mode\n"
" -o --output=STRING Change journal output mode (short, short-monotonic,\n"
- " verbose, export, json, cat)\n"
+ " verbose, export, json, json-pretty, cat)\n"
" -q --quiet Don't show privilege warning\n"
" -l --local Only local entries\n"
" -b --this-boot Show data only from current boot\n"
case ARG_VERIFY_KEY:
arg_action = ACTION_VERIFY;
arg_verify_key = optarg;
+ arg_local = true;
break;
case ARG_INTERVAL:
assert(j);
+ log_show_color(true);
+
HASHMAP_FOREACH(f, j->files, i) {
int k;
usec_t from, to, total;
#ifdef HAVE_GCRYPT
if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
- log_warning("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
+ log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
#endif
k = journal_file_verify(f, arg_verify_key, &from, &to, &total, true);
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
log_info("PASS: %s", f->path);
- if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
- log_info("=> Validated from %s to %s, %s missing",
- format_timestamp(a, sizeof(a), from),
- format_timestamp(b, sizeof(b), to),
- format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
+ if (from > 0) {
+ log_info("=> Validated from %s to %s, final %s entries not sealed.",
+ format_timestamp(a, sizeof(a), from),
+ format_timestamp(b, sizeof(b), to),
+ format_timespan(c, sizeof(c), total > to ? total - to : 0));
+ } else if (total > 0)
+ log_info("=> No sealing yet, %s of entries not sealed.",
+ format_timespan(c, sizeof(c), total));
+ else
+ log_info("=> No sealing yet, no entries in file.");
+ }
}
}
}
#ifdef HAVE_ACL
+ if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) {
+ log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages.");
+ r = -EACCES;
+ goto finish;
+ }
+
if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
- log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off.");
+ log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off.");
+#else
+ if (geteuid() != 0 && in_group("adm") <= 0) {
+ log_error("No access to messages. Only users in the group 'adm' can see messages.");
+ r = -EACCES;
+ goto finish;
+ }
#endif
r = add_this_boot(j);
on_tty();
have_pager = !arg_no_pager && !arg_follow && pager_open();
- if (arg_output == OUTPUT_JSON) {
- fputc('[', stdout);
- fflush(stdout);
- }
-
for (;;) {
for (;;) {
sd_id128_t boot_id;
}
}
- if (arg_output == OUTPUT_JSON)
- fputs("\n]\n", stdout);
-
finish:
if (j)
sd_journal_close(j);