1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2011 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
36 #include <sys/ioctl.h>
37 #include <sys/inotify.h>
45 #include "sd-journal.h"
49 #include "logs-show.h"
51 #include "path-util.h"
58 #include "journal-internal.h"
59 #include "journal-def.h"
60 #include "journal-verify.h"
61 #include "journal-authenticate.h"
62 #include "journal-qrcode.h"
63 #include "journal-vacuum.h"
65 #include "unit-name.h"
69 #include "bus-error.h"
71 #define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
74 /* Special values for arg_lines */
75 ARG_LINES_DEFAULT = -2,
79 static OutputMode arg_output = OUTPUT_SHORT;
80 static bool arg_utc = false;
81 static bool arg_pager_end = false;
82 static bool arg_follow = false;
83 static bool arg_full = true;
84 static bool arg_all = false;
85 static bool arg_no_pager = false;
86 static int arg_lines = ARG_LINES_DEFAULT;
87 static bool arg_no_tail = false;
88 static bool arg_quiet = false;
89 static bool arg_merge = false;
90 static bool arg_boot = false;
91 static sd_id128_t arg_boot_id = {};
92 static int arg_boot_offset = 0;
93 static bool arg_dmesg = false;
94 static const char *arg_cursor = NULL;
95 static const char *arg_after_cursor = NULL;
96 static bool arg_show_cursor = false;
97 static const char *arg_directory = NULL;
98 static char **arg_file = NULL;
99 static int arg_priorities = 0xFF;
100 static const char *arg_verify_key = NULL;
102 static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
103 static bool arg_force = false;
105 static usec_t arg_since, arg_until;
106 static bool arg_since_set = false, arg_until_set = false;
107 static char **arg_syslog_identifier = NULL;
108 static char **arg_system_units = NULL;
109 static char **arg_user_units = NULL;
110 static const char *arg_field = NULL;
111 static bool arg_catalog = false;
112 static bool arg_reverse = false;
113 static int arg_journal_type = 0;
114 static const char *arg_root = NULL;
115 static const char *arg_machine = NULL;
116 static off_t arg_vacuum_size = (off_t) -1;
117 static usec_t arg_vacuum_time = USEC_INFINITY;
128 ACTION_UPDATE_CATALOG,
132 } arg_action = ACTION_SHOW;
134 typedef struct boot_id_t {
140 static void pager_open_if_enabled(void) {
145 pager_open(arg_pager_end);
148 static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
151 return format_timestamp_utc(buf, l, t);
153 return format_timestamp(buf, l, t);
156 static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
157 sd_id128_t id = SD_ID128_NULL;
160 if (strlen(x) >= 32) {
164 r = sd_id128_from_string(t, &id);
168 if (*x != '-' && *x != '+' && *x != 0)
172 r = safe_atoi(x, &off);
177 r = safe_atoi(x, &off);
191 static void help(void) {
193 pager_open_if_enabled();
195 printf("%s [OPTIONS...] [MATCHES...]\n\n"
196 "Query the journal.\n\n"
198 " --system Show the system journal\n"
199 " --user Show the user journal for the current user\n"
200 " -M --machine=CONTAINER Operate on local container\n"
201 " --since=DATE Start showing entries on or newer than the specified date\n"
202 " --until=DATE Stop showing entries on or newer than the specified date\n"
203 " -c --cursor=CURSOR Start showing entries from the specified cursor\n"
204 " --after-cursor=CURSOR Start showing entries from after the specified cursor\n"
205 " --show-cursor Print the cursor after all the entries\n"
206 " -b --boot[=ID] Show data only from ID or, if unspecified, the current boot\n"
207 " --list-boots Show terse information about recorded boots\n"
208 " -k --dmesg Show kernel message log from the current boot\n"
209 " -u --unit=UNIT Show data only from the specified unit\n"
210 " --user-unit=UNIT Show data only from the specified user session unit\n"
211 " -t --identifier=STRING Show only messages with the specified syslog identifier\n"
212 " -p --priority=RANGE Show only messages within the specified priority range\n"
213 " -e --pager-end Immediately jump to end of the journal in the pager\n"
214 " -f --follow Follow the journal\n"
215 " -n --lines[=INTEGER] Number of journal entries to show\n"
216 " --no-tail Show all lines, even in follow mode\n"
217 " -r --reverse Show the newest entries first\n"
218 " -o --output=STRING Change journal output mode (short, short-iso,\n"
219 " short-precise, short-monotonic, verbose,\n"
220 " export, json, json-pretty, json-sse, cat)\n"
221 " --utc Express time in Coordinated Universal Time (UTC)\n"
222 " -x --catalog Add message explanations where available\n"
223 " --no-full Ellipsize fields\n"
224 " -a --all Show all fields, including long and unprintable\n"
225 " -q --quiet Do not show privilege warning\n"
226 " --no-pager Do not pipe output into a pager\n"
227 " -m --merge Show entries from all available journals\n"
228 " -D --directory=PATH Show journal files from directory\n"
229 " --file=PATH Show journal file\n"
230 " --root=ROOT Operate on catalog files underneath the root ROOT\n"
232 " --interval=TIME Time interval for changing the FSS sealing key\n"
233 " --verify-key=KEY Specify FSS verification key\n"
234 " --force Force overriding of the FSS key pair with --setup-keys\n"
237 " -h --help Show this help text\n"
238 " --version Show package version\n"
239 " -F --field=FIELD List all values that a specified field takes\n"
240 " --new-id128 Generate a new 128-bit ID\n"
241 " --disk-usage Show total disk usage of all journal files\n"
242 " --vacuum-size=BYTES Remove old journals until disk space drops below size\n"
243 " --vacuum-time=TIME Remove old journals until none left older than\n"
244 " --flush Flush all journal data from /run into /var\n"
245 " --header Show journal header information\n"
246 " --list-catalog Show message IDs of all entries in the message catalog\n"
247 " --dump-catalog Show entries in the message catalog\n"
248 " --update-catalog Update the message catalog database\n"
250 " --setup-keys Generate a new FSS key pair\n"
251 " --verify Verify journal file consistency\n"
253 , program_invocation_short_name);
256 static int parse_argv(int argc, char *argv[]) {
290 static const struct option options[] = {
291 { "help", no_argument, NULL, 'h' },
292 { "version" , no_argument, NULL, ARG_VERSION },
293 { "no-pager", no_argument, NULL, ARG_NO_PAGER },
294 { "pager-end", no_argument, NULL, 'e' },
295 { "follow", no_argument, NULL, 'f' },
296 { "force", no_argument, NULL, ARG_FORCE },
297 { "output", required_argument, NULL, 'o' },
298 { "all", no_argument, NULL, 'a' },
299 { "full", no_argument, NULL, 'l' },
300 { "no-full", no_argument, NULL, ARG_NO_FULL },
301 { "lines", optional_argument, NULL, 'n' },
302 { "no-tail", no_argument, NULL, ARG_NO_TAIL },
303 { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
304 { "quiet", no_argument, NULL, 'q' },
305 { "merge", no_argument, NULL, 'm' },
306 { "boot", optional_argument, NULL, 'b' },
307 { "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
308 { "this-boot", optional_argument, NULL, 'b' }, /* deprecated */
309 { "dmesg", no_argument, NULL, 'k' },
310 { "system", no_argument, NULL, ARG_SYSTEM },
311 { "user", no_argument, NULL, ARG_USER },
312 { "directory", required_argument, NULL, 'D' },
313 { "file", required_argument, NULL, ARG_FILE },
314 { "root", required_argument, NULL, ARG_ROOT },
315 { "header", no_argument, NULL, ARG_HEADER },
316 { "identifier", required_argument, NULL, 't' },
317 { "priority", required_argument, NULL, 'p' },
318 { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
319 { "interval", required_argument, NULL, ARG_INTERVAL },
320 { "verify", no_argument, NULL, ARG_VERIFY },
321 { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
322 { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
323 { "cursor", required_argument, NULL, 'c' },
324 { "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
325 { "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
326 { "since", required_argument, NULL, ARG_SINCE },
327 { "until", required_argument, NULL, ARG_UNTIL },
328 { "unit", required_argument, NULL, 'u' },
329 { "user-unit", required_argument, NULL, ARG_USER_UNIT },
330 { "field", required_argument, NULL, 'F' },
331 { "catalog", no_argument, NULL, 'x' },
332 { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
333 { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
334 { "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
335 { "reverse", no_argument, NULL, 'r' },
336 { "machine", required_argument, NULL, 'M' },
337 { "utc", no_argument, NULL, ARG_UTC },
338 { "flush", no_argument, NULL, ARG_FLUSH },
339 { "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
340 { "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
349 while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:c:t:u:F:xrM:", options, NULL)) >= 0)
358 puts(PACKAGE_STRING);
359 puts(SYSTEMD_FEATURES);
367 arg_pager_end = true;
369 if (arg_lines == ARG_LINES_DEFAULT)
379 arg_output = output_mode_from_string(optarg);
380 if (arg_output < 0) {
381 log_error("Unknown output format '%s'.", optarg);
385 if (arg_output == OUTPUT_EXPORT ||
386 arg_output == OUTPUT_JSON ||
387 arg_output == OUTPUT_JSON_PRETTY ||
388 arg_output == OUTPUT_JSON_SSE ||
389 arg_output == OUTPUT_CAT)
408 if (streq(optarg, "all"))
409 arg_lines = ARG_LINES_ALL;
411 r = safe_atoi(optarg, &arg_lines);
412 if (r < 0 || arg_lines < 0) {
413 log_error("Failed to parse lines '%s'", optarg);
420 /* Hmm, no argument? Maybe the next
421 * word on the command line is
422 * supposed to be the argument? Let's
423 * see if there is one, and is
427 if (streq(argv[optind], "all")) {
428 arg_lines = ARG_LINES_ALL;
430 } else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
444 arg_action = ACTION_NEW_ID128;
459 r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
461 log_error("Failed to parse boot descriptor '%s'", optarg);
466 /* Hmm, no argument? Maybe the next
467 * word on the command line is
468 * supposed to be the argument? Let's
469 * see if there is one and is parsable
470 * as a boot descriptor... */
473 parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset) >= 0)
480 arg_action = ACTION_LIST_BOOTS;
484 arg_boot = arg_dmesg = true;
488 arg_journal_type |= SD_JOURNAL_SYSTEM;
492 arg_journal_type |= SD_JOURNAL_CURRENT_USER;
496 arg_machine = optarg;
500 arg_directory = optarg;
504 r = glob_extend(&arg_file, optarg);
506 return log_error_errno(r, "Failed to add paths: %m");
517 case ARG_AFTER_CURSOR:
518 arg_after_cursor = optarg;
521 case ARG_SHOW_CURSOR:
522 arg_show_cursor = true;
526 arg_action = ACTION_PRINT_HEADER;
530 arg_action = ACTION_VERIFY;
534 arg_action = ACTION_DISK_USAGE;
537 case ARG_VACUUM_SIZE:
538 r = parse_size(optarg, 1024, &arg_vacuum_size);
540 log_error("Failed to parse vacuum size: %s", optarg);
544 arg_action = ACTION_VACUUM;
547 case ARG_VACUUM_TIME:
548 r = parse_sec(optarg, &arg_vacuum_time);
550 log_error("Failed to parse vacuum time: %s", optarg);
554 arg_action = ACTION_VACUUM;
563 arg_action = ACTION_SETUP_KEYS;
568 arg_action = ACTION_VERIFY;
569 arg_verify_key = optarg;
574 r = parse_sec(optarg, &arg_interval);
575 if (r < 0 || arg_interval <= 0) {
576 log_error("Failed to parse sealing key change interval: %s", optarg);
585 log_error("Forward-secure sealing not available.");
592 dots = strstr(optarg, "..");
598 a = strndup(optarg, dots - optarg);
602 from = log_level_from_string(a);
603 to = log_level_from_string(dots + 2);
606 if (from < 0 || to < 0) {
607 log_error("Failed to parse log level range %s", optarg);
614 for (i = from; i <= to; i++)
615 arg_priorities |= 1 << i;
617 for (i = to; i <= from; i++)
618 arg_priorities |= 1 << i;
624 p = log_level_from_string(optarg);
626 log_error("Unknown log level %s", optarg);
632 for (i = 0; i <= p; i++)
633 arg_priorities |= 1 << i;
640 r = parse_timestamp(optarg, &arg_since);
642 log_error("Failed to parse timestamp: %s", optarg);
645 arg_since_set = true;
649 r = parse_timestamp(optarg, &arg_until);
651 log_error("Failed to parse timestamp: %s", optarg);
654 arg_until_set = true;
658 r = strv_extend(&arg_syslog_identifier, optarg);
664 r = strv_extend(&arg_system_units, optarg);
670 r = strv_extend(&arg_user_units, optarg);
683 case ARG_LIST_CATALOG:
684 arg_action = ACTION_LIST_CATALOG;
687 case ARG_DUMP_CATALOG:
688 arg_action = ACTION_DUMP_CATALOG;
691 case ARG_UPDATE_CATALOG:
692 arg_action = ACTION_UPDATE_CATALOG;
704 arg_action = ACTION_FLUSH;
711 assert_not_reached("Unhandled option");
714 if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
717 if (!!arg_directory + !!arg_file + !!arg_machine > 1) {
718 log_error("Please specify either -D/--directory= or --file= or -M/--machine=, not more than one.");
722 if (arg_since_set && arg_until_set && arg_since > arg_until) {
723 log_error("--since= must be before --until=.");
727 if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
728 log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
732 if (arg_follow && arg_reverse) {
733 log_error("Please specify either --reverse= or --follow=, not both.");
737 if (arg_action != ACTION_SHOW && optind < argc) {
738 log_error("Extraneous arguments starting with '%s'", argv[optind]);
745 static int generate_new_id128(void) {
750 r = sd_id128_randomize(&id);
752 return log_error_errno(r, "Failed to generate ID: %m");
754 printf("As string:\n"
755 SD_ID128_FORMAT_STR "\n\n"
757 "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
759 "#define MESSAGE_XYZ SD_ID128_MAKE(",
760 SD_ID128_FORMAT_VAL(id),
761 SD_ID128_FORMAT_VAL(id));
762 for (i = 0; i < 16; i++)
763 printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
764 fputs(")\n\n", stdout);
766 printf("As Python constant:\n"
768 ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
769 SD_ID128_FORMAT_VAL(id));
774 static int add_matches(sd_journal *j, char **args) {
776 bool have_term = false;
780 STRV_FOREACH(i, args) {
783 if (streq(*i, "+")) {
786 r = sd_journal_add_disjunction(j);
789 } else if (path_is_absolute(*i)) {
790 _cleanup_free_ char *p, *t = NULL, *t2 = NULL;
792 _cleanup_free_ char *interpreter = NULL;
795 p = canonicalize_file_name(*i);
798 if (stat(path, &st) < 0)
799 return log_error_errno(errno, "Couldn't stat file: %m");
801 if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
802 if (executable_is_script(path, &interpreter) > 0) {
803 _cleanup_free_ char *comm;
805 comm = strndup(basename(path), 15);
809 t = strappend("_COMM=", comm);
811 /* Append _EXE only if the interpreter is not a link.
812 Otherwise, it might be outdated often. */
813 if (lstat(interpreter, &st) == 0 &&
814 !S_ISLNK(st.st_mode)) {
815 t2 = strappend("_EXE=", interpreter);
820 t = strappend("_EXE=", path);
821 } else if (S_ISCHR(st.st_mode)) {
822 if (asprintf(&t, "_KERNEL_DEVICE=c%u:%u",
824 minor(st.st_rdev)) < 0)
826 } else if (S_ISBLK(st.st_mode)) {
827 if (asprintf(&t, "_KERNEL_DEVICE=b%u:%u",
829 minor(st.st_rdev)) < 0)
832 log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
839 r = sd_journal_add_match(j, t, 0);
841 r = sd_journal_add_match(j, t2, 0);
845 r = sd_journal_add_match(j, *i, 0);
850 return log_error_errno(r, "Failed to add match '%s': %m", *i);
853 if (!strv_isempty(args) && !have_term) {
854 log_error("\"+\" can only be used between terms");
861 static int boot_id_cmp(const void *a, const void *b) {
864 _a = ((const boot_id_t *)a)->first;
865 _b = ((const boot_id_t *)b)->first;
867 return _a < _b ? -1 : (_a > _b ? 1 : 0);
870 static int get_boots(sd_journal *j,
873 boot_id_t *query_ref_boot) {
876 size_t length, allocated = 0;
882 r = sd_journal_query_unique(j, "_BOOT_ID");
887 SD_JOURNAL_FOREACH_UNIQUE(j, data, length) {
890 assert(startswith(data, "_BOOT_ID="));
892 if (!GREEDY_REALLOC(*boots, allocated, *count + 1))
895 id = *boots + *count;
897 r = sd_id128_from_string(((const char *)data) + strlen("_BOOT_ID="), &id->id);
901 r = sd_journal_add_match(j, data, length);
905 r = sd_journal_seek_head(j);
909 r = sd_journal_next(j);
915 r = sd_journal_get_realtime_usec(j, &id->first);
919 if (query_ref_boot) {
921 if (sd_id128_equal(id->id, query_ref_boot->id))
922 *query_ref_boot = *id;
924 r = sd_journal_seek_tail(j);
928 r = sd_journal_previous(j);
934 r = sd_journal_get_realtime_usec(j, &id->last);
941 sd_journal_flush_matches(j);
944 qsort_safe(*boots, *count, sizeof(boot_id_t), boot_id_cmp);
948 static int list_boots(sd_journal *j) {
952 _cleanup_free_ boot_id_t *all_ids = NULL;
956 r = get_boots(j, &all_ids, &count, NULL);
960 pager_open_if_enabled();
962 /* numbers are one less, but we need an extra char for the sign */
963 w = DECIMAL_STR_WIDTH(count - 1) + 1;
965 for (id = all_ids, i = 0; id < all_ids + count; id++, i++) {
966 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
968 printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
970 SD_ID128_FORMAT_VAL(id->id),
971 format_timestamp_maybe_utc(a, sizeof(a), id->first),
972 format_timestamp_maybe_utc(b, sizeof(b), id->last));
978 static int get_boot_id_by_offset(sd_journal *j, sd_id128_t *boot_id, int offset) {
981 boot_id_t ref_boot_id = {}, *id;
982 _cleanup_free_ boot_id_t *all_ids = NULL;
987 ref_boot_id.id = *boot_id;
988 r = get_boots(j, &all_ids, &count, &ref_boot_id);
992 if (sd_id128_equal(*boot_id, SD_ID128_NULL)) {
993 if (offset > (int) count || offset <= -(int)count)
994 return -EADDRNOTAVAIL;
996 *boot_id = all_ids[(offset <= 0)*count + offset - 1].id;
998 id = bsearch(&ref_boot_id, all_ids, count, sizeof(boot_id_t), boot_id_cmp);
1001 offset <= 0 ? (id - all_ids) + offset < 0 :
1002 (id - all_ids) + offset >= (int) count)
1003 return -EADDRNOTAVAIL;
1005 *boot_id = (id + offset)->id;
1011 static int add_boot(sd_journal *j) {
1012 char match[9+32+1] = "_BOOT_ID=";
1020 if (arg_boot_offset == 0 && sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1021 return add_match_this_boot(j, arg_machine);
1023 r = get_boot_id_by_offset(j, &arg_boot_id, arg_boot_offset);
1025 if (sd_id128_equal(arg_boot_id, SD_ID128_NULL))
1026 log_error_errno(r, "Failed to look up boot %+i: %m", arg_boot_offset);
1028 log_error("Failed to look up boot ID "SD_ID128_FORMAT_STR"%+i: %s",
1029 SD_ID128_FORMAT_VAL(arg_boot_id), arg_boot_offset, strerror(-r));
1033 sd_id128_to_string(arg_boot_id, match + 9);
1035 r = sd_journal_add_match(j, match, sizeof(match) - 1);
1037 return log_error_errno(r, "Failed to add match: %m");
1039 r = sd_journal_add_conjunction(j);
1046 static int add_dmesg(sd_journal *j) {
1053 r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
1055 return log_error_errno(r, "Failed to add match: %m");
1057 r = sd_journal_add_conjunction(j);
1064 static int get_possible_units(sd_journal *j,
1068 _cleanup_set_free_free_ Set *found;
1072 found = set_new(&string_hash_ops);
1076 NULSTR_FOREACH(field, fields) {
1080 r = sd_journal_query_unique(j, field);
1084 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1085 char **pattern, *eq;
1087 _cleanup_free_ char *u = NULL;
1089 eq = memchr(data, '=', size);
1091 prefix = eq - (char*) data + 1;
1095 u = strndup((char*) data + prefix, size - prefix);
1099 STRV_FOREACH(pattern, patterns)
1100 if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
1101 log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
1103 r = set_consume(found, u);
1105 if (r < 0 && r != -EEXIST)
1118 /* This list is supposed to return the superset of unit names
1119 * possibly matched by rules added with add_matches_for_unit... */
1120 #define SYSTEM_UNITS \
1124 "OBJECT_SYSTEMD_UNIT\0" \
1127 /* ... and add_matches_for_user_unit */
1128 #define USER_UNITS \
1129 "_SYSTEMD_USER_UNIT\0" \
1131 "COREDUMP_USER_UNIT\0" \
1132 "OBJECT_SYSTEMD_USER_UNIT\0"
1134 static int add_units(sd_journal *j) {
1135 _cleanup_strv_free_ char **patterns = NULL;
1141 STRV_FOREACH(i, arg_system_units) {
1142 _cleanup_free_ char *u = NULL;
1144 u = unit_name_mangle(*i, MANGLE_GLOB);
1148 if (string_is_glob(u)) {
1149 r = strv_push(&patterns, u);
1154 r = add_matches_for_unit(j, u);
1157 r = sd_journal_add_disjunction(j);
1164 if (!strv_isempty(patterns)) {
1165 _cleanup_set_free_free_ Set *units = NULL;
1169 r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
1173 SET_FOREACH(u, units, it) {
1174 r = add_matches_for_unit(j, u);
1177 r = sd_journal_add_disjunction(j);
1184 strv_free(patterns);
1187 STRV_FOREACH(i, arg_user_units) {
1188 _cleanup_free_ char *u = NULL;
1190 u = unit_name_mangle(*i, MANGLE_GLOB);
1194 if (string_is_glob(u)) {
1195 r = strv_push(&patterns, u);
1200 r = add_matches_for_user_unit(j, u, getuid());
1203 r = sd_journal_add_disjunction(j);
1210 if (!strv_isempty(patterns)) {
1211 _cleanup_set_free_free_ Set *units = NULL;
1215 r = get_possible_units(j, USER_UNITS, patterns, &units);
1219 SET_FOREACH(u, units, it) {
1220 r = add_matches_for_user_unit(j, u, getuid());
1223 r = sd_journal_add_disjunction(j);
1230 /* Complain if the user request matches but nothing whatsoever was
1231 * found, since otherwise everything would be matched. */
1232 if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
1235 r = sd_journal_add_conjunction(j);
1242 static int add_priorities(sd_journal *j) {
1243 char match[] = "PRIORITY=0";
1247 if (arg_priorities == 0xFF)
1250 for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
1251 if (arg_priorities & (1 << i)) {
1252 match[sizeof(match)-2] = '0' + i;
1254 r = sd_journal_add_match(j, match, strlen(match));
1256 return log_error_errno(r, "Failed to add match: %m");
1259 r = sd_journal_add_conjunction(j);
1267 static int add_syslog_identifier(sd_journal *j) {
1273 STRV_FOREACH(i, arg_syslog_identifier) {
1276 u = strappenda("SYSLOG_IDENTIFIER=", *i);
1277 r = sd_journal_add_match(j, u, 0);
1280 r = sd_journal_add_disjunction(j);
1285 r = sd_journal_add_conjunction(j);
1292 static int setup_keys(void) {
1294 size_t mpk_size, seed_size, state_size, i;
1295 uint8_t *mpk, *seed, *state;
1297 int fd = -1, r, attr = 0;
1298 sd_id128_t machine, boot;
1299 char *p = NULL, *k = NULL;
1304 r = stat("/var/log/journal", &st);
1305 if (r < 0 && errno != ENOENT && errno != ENOTDIR)
1306 return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
1308 if (r < 0 || !S_ISDIR(st.st_mode)) {
1309 log_error("%s is not a directory, must be using persistent logging for FSS.",
1310 "/var/log/journal");
1311 return r < 0 ? -errno : -ENOTDIR;
1314 r = sd_id128_get_machine(&machine);
1316 return log_error_errno(r, "Failed to get machine ID: %m");
1318 r = sd_id128_get_boot(&boot);
1320 return log_error_errno(r, "Failed to get boot ID: %m");
1322 if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
1323 SD_ID128_FORMAT_VAL(machine)) < 0)
1326 if (access(p, F_OK) >= 0) {
1330 log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
1335 log_error("Sealing key file %s exists already. (--force to recreate)", p);
1341 if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
1342 SD_ID128_FORMAT_VAL(machine)) < 0) {
1347 mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
1348 mpk = alloca(mpk_size);
1350 seed_size = FSPRG_RECOMMENDED_SEEDLEN;
1351 seed = alloca(seed_size);
1353 state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
1354 state = alloca(state_size);
1356 fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
1358 log_error_errno(errno, "Failed to open /dev/random: %m");
1363 log_info("Generating seed...");
1364 l = loop_read(fd, seed, seed_size, true);
1365 if (l < 0 || (size_t) l != seed_size) {
1366 log_error_errno(EIO, "Failed to read random seed: %m");
1371 log_info("Generating key pair...");
1372 FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
1374 log_info("Generating sealing key...");
1375 FSPRG_GenState0(state, mpk, seed, seed_size);
1377 assert(arg_interval > 0);
1379 n = now(CLOCK_REALTIME);
1383 fd = mkostemp_safe(k, O_WRONLY|O_CLOEXEC);
1385 log_error_errno(errno, "Failed to open %s: %m", k);
1390 /* Enable secure remove, exclusion from dump, synchronous
1391 * writing and in-place updating */
1392 if (ioctl(fd, FS_IOC_GETFLAGS, &attr) < 0)
1393 log_warning_errno(errno, "FS_IOC_GETFLAGS failed: %m");
1395 attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
1397 if (ioctl(fd, FS_IOC_SETFLAGS, &attr) < 0)
1398 log_warning_errno(errno, "FS_IOC_SETFLAGS failed: %m");
1401 memcpy(h.signature, "KSHHRHLP", 8);
1402 h.machine_id = machine;
1404 h.header_size = htole64(sizeof(h));
1405 h.start_usec = htole64(n * arg_interval);
1406 h.interval_usec = htole64(arg_interval);
1407 h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
1408 h.fsprg_state_size = htole64(state_size);
1410 r = loop_write(fd, &h, sizeof(h), false);
1412 log_error_errno(r, "Failed to write header: %m");
1416 r = loop_write(fd, state, state_size, false);
1418 log_error_errno(r, "Failed to write state: %m");
1422 if (link(k, p) < 0) {
1423 log_error_errno(errno, "Failed to link file: %m");
1431 "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
1432 "the following local file. This key file is automatically updated when the\n"
1433 "sealing key is advanced. It should not be used on multiple hosts.\n"
1437 "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
1438 "at a safe location and should not be saved locally on disk.\n"
1439 "\n\t" ANSI_HIGHLIGHT_RED_ON, p);
1442 for (i = 0; i < seed_size; i++) {
1443 if (i > 0 && i % 3 == 0)
1445 printf("%02x", ((uint8_t*) seed)[i]);
1448 printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
1451 char tsb[FORMAT_TIMESPAN_MAX], *hn;
1454 ANSI_HIGHLIGHT_OFF "\n"
1455 "The sealing key is automatically changed every %s.\n",
1456 format_timespan(tsb, sizeof(tsb), arg_interval, 0));
1458 hn = gethostname_malloc();
1461 hostname_cleanup(hn, false);
1462 fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
1464 fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
1466 #ifdef HAVE_QRENCODE
1467 /* If this is not an UTF-8 system don't print any QR codes */
1468 if (is_locale_utf8()) {
1469 fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
1470 print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
1490 log_error("Forward-secure sealing not available.");
1495 static int verify(sd_journal *j) {
1502 log_show_color(true);
1504 ORDERED_HASHMAP_FOREACH(f, j->files, i) {
1506 usec_t first, validated, last;
1509 if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
1510 log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
1513 k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
1515 /* If the key was invalid give up right-away. */
1518 log_warning("FAIL: %s (%s)", f->path, strerror(-k));
1521 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
1522 log_info("PASS: %s", f->path);
1524 if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
1525 if (validated > 0) {
1526 log_info("=> Validated from %s to %s, final %s entries not sealed.",
1527 format_timestamp_maybe_utc(a, sizeof(a), first),
1528 format_timestamp_maybe_utc(b, sizeof(b), validated),
1529 format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
1530 } else if (last > 0)
1531 log_info("=> No sealing yet, %s of entries not sealed.",
1532 format_timespan(c, sizeof(c), last - first, 0));
1534 log_info("=> No sealing yet, no entries in file.");
1543 static int access_check_var_log_journal(sd_journal *j) {
1544 _cleanup_strv_free_ char **g = NULL;
1550 have_access = in_group("systemd-journal") > 0;
1553 /* Let's enumerate all groups from the default ACL of
1554 * the directory, which generally should allow access
1555 * to most journal files too */
1556 r = search_acl_groups(&g, "/var/log/journal/", &have_access);
1563 if (strv_isempty(g))
1564 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1565 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
1566 " turn off this notice.");
1568 _cleanup_free_ char *s = NULL;
1570 r = strv_extend(&g, "systemd-journal");
1577 s = strv_join(g, "', '");
1581 log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
1582 " Users in the groups '%s' can see all messages.\n"
1583 " Pass -q to turn off this notice.", s);
1591 static int access_check(sd_journal *j) {
1598 if (set_isempty(j->errors)) {
1599 if (ordered_hashmap_isempty(j->files))
1600 log_notice("No journal files were found.");
1604 if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
1606 /* If /var/log/journal doesn't even exist,
1607 * unprivileged users have no access at all */
1608 if (access("/var/log/journal", F_OK) < 0 &&
1610 in_group("systemd-journal") <= 0) {
1611 log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
1612 "enabled. Users in the 'systemd-journal' group may always access messages.");
1616 /* If /var/log/journal exists, try to pring a nice
1617 notice if the user lacks access to it */
1618 if (!arg_quiet && geteuid() != 0) {
1619 r = access_check_var_log_journal(j);
1624 if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
1625 log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
1626 "group may access messages.");
1631 if (ordered_hashmap_isempty(j->files)) {
1632 log_error("No journal files were opened due to insufficient permissions.");
1637 SET_FOREACH(code, j->errors, it) {
1640 err = -PTR_TO_INT(code);
1644 log_warning_errno(err, "Error was encountered while opening journal files: %m");
1650 static int flush_to_var(void) {
1651 _cleanup_bus_error_free_ sd_bus_error error = SD_BUS_ERROR_NULL;
1652 _cleanup_bus_close_unref_ sd_bus *bus = NULL;
1653 _cleanup_close_ int watch_fd = -1;
1657 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1660 /* OK, let's actually do the full logic, send SIGUSR1 to the
1661 * daemon and set up inotify to wait for the flushed file to appear */
1662 r = bus_open_system_systemd(&bus);
1664 return log_error_errno(r, "Failed to get D-Bus connection: %m");
1666 r = sd_bus_call_method(
1668 "org.freedesktop.systemd1",
1669 "/org/freedesktop/systemd1",
1670 "org.freedesktop.systemd1.Manager",
1674 "ssi", "systemd-journald.service", "main", SIGUSR1);
1676 log_error("Failed to kill journal service: %s", bus_error_message(&error, r));
1680 mkdir_p("/run/systemd/journal", 0755);
1682 watch_fd = inotify_init1(IN_NONBLOCK|IN_CLOEXEC);
1684 return log_error_errno(errno, "Failed to create inotify watch: %m");
1686 r = inotify_add_watch(watch_fd, "/run/systemd/journal", IN_CREATE|IN_DONT_FOLLOW|IN_ONLYDIR);
1688 return log_error_errno(errno, "Failed to watch journal directory: %m");
1691 if (access("/run/systemd/journal/flushed", F_OK) >= 0)
1694 if (errno != ENOENT)
1695 return log_error_errno(errno, "Failed to check for existence of /run/systemd/journal/flushed: %m");
1697 r = fd_wait_for_event(watch_fd, POLLIN, USEC_INFINITY);
1699 return log_error_errno(r, "Failed to wait for event: %m");
1701 r = flush_fd(watch_fd);
1703 return log_error_errno(r, "Failed to flush inotify events: %m");
1709 int main(int argc, char *argv[]) {
1711 _cleanup_journal_close_ sd_journal *j = NULL;
1712 bool need_seek = false;
1713 sd_id128_t previous_boot_id;
1714 bool previous_boot_id_valid = false, first_line = true;
1716 bool ellipsized = false;
1718 setlocale(LC_ALL, "");
1719 log_parse_environment();
1722 r = parse_argv(argc, argv);
1726 signal(SIGWINCH, columns_lines_cache_reset);
1729 if (arg_action == ACTION_NEW_ID128) {
1730 r = generate_new_id128();
1734 if (arg_action == ACTION_FLUSH) {
1739 if (arg_action == ACTION_SETUP_KEYS) {
1744 if (arg_action == ACTION_UPDATE_CATALOG ||
1745 arg_action == ACTION_LIST_CATALOG ||
1746 arg_action == ACTION_DUMP_CATALOG) {
1748 _cleanup_free_ char *database;
1750 database = path_join(arg_root, CATALOG_DATABASE, NULL);
1756 if (arg_action == ACTION_UPDATE_CATALOG) {
1757 r = catalog_update(database, arg_root, catalog_file_dirs);
1759 log_error_errno(r, "Failed to list catalog: %m");
1761 bool oneline = arg_action == ACTION_LIST_CATALOG;
1764 r = catalog_list_items(stdout, database,
1765 oneline, argv + optind);
1767 r = catalog_list(stdout, database, oneline);
1769 log_error_errno(r, "Failed to list catalog: %m");
1776 r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
1778 r = sd_journal_open_files(&j, (const char**) arg_file, 0);
1779 else if (arg_machine)
1780 r = sd_journal_open_container(&j, arg_machine, 0);
1782 r = sd_journal_open(&j, !arg_merge*SD_JOURNAL_LOCAL_ONLY + arg_journal_type);
1784 log_error_errno(r, "Failed to open %s: %m",
1785 arg_directory ? arg_directory : arg_file ? "files" : "journal");
1786 return EXIT_FAILURE;
1789 r = access_check(j);
1791 return EXIT_FAILURE;
1793 if (arg_action == ACTION_VERIFY) {
1798 if (arg_action == ACTION_PRINT_HEADER) {
1799 journal_print_header(j);
1800 return EXIT_SUCCESS;
1803 if (arg_action == ACTION_DISK_USAGE) {
1805 char sbytes[FORMAT_BYTES_MAX];
1807 r = sd_journal_get_usage(j, &bytes);
1809 return EXIT_FAILURE;
1811 printf("Archived and active journals take up %s on disk.\n",
1812 format_bytes(sbytes, sizeof(sbytes), bytes));
1813 return EXIT_SUCCESS;
1816 if (arg_action == ACTION_VACUUM) {
1820 HASHMAP_FOREACH(d, j->directories_by_path, i) {
1826 q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_time, NULL, true);
1828 log_error_errno(q, "Failed to vacuum: %m");
1833 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1836 if (arg_action == ACTION_LIST_BOOTS) {
1841 /* add_boot() must be called first!
1842 * It may need to seek the journal to find parent boot IDs. */
1845 return EXIT_FAILURE;
1849 return EXIT_FAILURE;
1852 strv_free(arg_system_units);
1853 strv_free(arg_user_units);
1856 log_error_errno(r, "Failed to add filter for units: %m");
1857 return EXIT_FAILURE;
1860 r = add_syslog_identifier(j);
1862 log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
1863 return EXIT_FAILURE;
1866 r = add_priorities(j);
1868 log_error_errno(r, "Failed to add filter for priorities: %m");
1869 return EXIT_FAILURE;
1872 r = add_matches(j, argv + optind);
1874 log_error_errno(r, "Failed to add filters: %m");
1875 return EXIT_FAILURE;
1878 if (_unlikely_(log_get_max_level() >= LOG_DEBUG)) {
1879 _cleanup_free_ char *filter;
1881 filter = journal_make_match_string(j);
1882 log_debug("Journal filter: %s", filter);
1889 r = sd_journal_set_data_threshold(j, 0);
1891 log_error("Failed to unset data size threshold");
1892 return EXIT_FAILURE;
1895 r = sd_journal_query_unique(j, arg_field);
1897 log_error_errno(r, "Failed to query unique data objects: %m");
1898 return EXIT_FAILURE;
1901 SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
1904 if (arg_lines >= 0 && n_shown >= arg_lines)
1907 eq = memchr(data, '=', size);
1909 printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
1911 printf("%.*s\n", (int) size, (const char*) data);
1916 return EXIT_SUCCESS;
1919 /* Opening the fd now means the first sd_journal_wait() will actually wait */
1921 r = sd_journal_get_fd(j);
1923 return EXIT_FAILURE;
1926 if (arg_cursor || arg_after_cursor) {
1927 r = sd_journal_seek_cursor(j, arg_cursor ?: arg_after_cursor);
1929 log_error_errno(r, "Failed to seek to cursor: %m");
1930 return EXIT_FAILURE;
1933 r = sd_journal_next_skip(j, 1 + !!arg_after_cursor);
1935 r = sd_journal_previous_skip(j, 1 + !!arg_after_cursor);
1937 if (arg_after_cursor && r < 2) {
1938 /* We couldn't find the next entry after the cursor. */
1945 } else if (arg_since_set && !arg_reverse) {
1946 r = sd_journal_seek_realtime_usec(j, arg_since);
1948 log_error_errno(r, "Failed to seek to date: %m");
1949 return EXIT_FAILURE;
1951 r = sd_journal_next(j);
1953 } else if (arg_until_set && arg_reverse) {
1954 r = sd_journal_seek_realtime_usec(j, arg_until);
1956 log_error_errno(r, "Failed to seek to date: %m");
1957 return EXIT_FAILURE;
1959 r = sd_journal_previous(j);
1961 } else if (arg_lines >= 0) {
1962 r = sd_journal_seek_tail(j);
1964 log_error_errno(r, "Failed to seek to tail: %m");
1965 return EXIT_FAILURE;
1968 r = sd_journal_previous_skip(j, arg_lines);
1970 } else if (arg_reverse) {
1971 r = sd_journal_seek_tail(j);
1973 log_error_errno(r, "Failed to seek to tail: %m");
1974 return EXIT_FAILURE;
1977 r = sd_journal_previous(j);
1980 r = sd_journal_seek_head(j);
1982 log_error_errno(r, "Failed to seek to head: %m");
1983 return EXIT_FAILURE;
1986 r = sd_journal_next(j);
1990 log_error_errno(r, "Failed to iterate through journal: %m");
1991 return EXIT_FAILURE;
1995 pager_open_if_enabled();
1999 char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
2001 r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
2003 log_error_errno(r, "Failed to get cutoff: %m");
2009 printf("-- Logs begin at %s. --\n",
2010 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
2012 printf("-- Logs begin at %s, end at %s. --\n",
2013 format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
2014 format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
2019 while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
2024 r = sd_journal_next(j);
2026 r = sd_journal_previous(j);
2028 log_error_errno(r, "Failed to iterate through journal: %m");
2035 if (arg_until_set && !arg_reverse) {
2038 r = sd_journal_get_realtime_usec(j, &usec);
2040 log_error_errno(r, "Failed to determine timestamp: %m");
2043 if (usec > arg_until)
2047 if (arg_since_set && arg_reverse) {
2050 r = sd_journal_get_realtime_usec(j, &usec);
2052 log_error_errno(r, "Failed to determine timestamp: %m");
2055 if (usec < arg_since)
2059 if (!arg_merge && !arg_quiet) {
2062 r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
2064 if (previous_boot_id_valid &&
2065 !sd_id128_equal(boot_id, previous_boot_id))
2066 printf("%s-- Reboot --%s\n",
2067 ansi_highlight(), ansi_highlight_off());
2069 previous_boot_id = boot_id;
2070 previous_boot_id_valid = true;
2075 arg_all * OUTPUT_SHOW_ALL |
2076 arg_full * OUTPUT_FULL_WIDTH |
2077 on_tty() * OUTPUT_COLOR |
2078 arg_catalog * OUTPUT_CATALOG |
2079 arg_utc * OUTPUT_UTC;
2081 r = output_journal(stdout, j, arg_output, 0, flags, &ellipsized);
2083 if (r == -EADDRNOTAVAIL)
2085 else if (r < 0 || ferror(stdout))
2092 if (arg_show_cursor) {
2093 _cleanup_free_ char *cursor = NULL;
2095 r = sd_journal_get_cursor(j, &cursor);
2096 if (r < 0 && r != -EADDRNOTAVAIL)
2097 log_error_errno(r, "Failed to get cursor: %m");
2099 printf("-- cursor: %s\n", cursor);
2105 r = sd_journal_wait(j, (uint64_t) -1);
2107 log_error_errno(r, "Couldn't wait for journal event: %m");
2117 strv_free(arg_file);
2119 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
~ianmdlvl / elogind.git / blob