picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Systemd/src/journal/journalctl.c

2786 lines
106 KiB
C
Raw Normal View History

Add SPDX license identifiers to source files under the LGPL This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
2017-11-18 17:09:20 +01:00
/* SPDX-License-Identifier: LGPL-2.1+ */
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include <errno.h>
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
#include <fcntl.h>
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
#include <fnmatch.h>
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include <getopt.h>
#include <linux/fs.h>
#include <poll.h>
#include <signal.h>
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
#include <stddef.h>
journal: implement parallel file traversal
2011-10-14 04:44:50 +02:00
#include <stdio.h>
#include <stdlib.h>
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
#include <sys/inotify.h>
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include <sys/stat.h>
#include <unistd.h>
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#if HAVE_PCRE2
# define PCRE2_CODE_UNIT_WIDTH 8
# include <pcre2.h>
#endif
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
#include "sd-bus.h"
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
#include "sd-device.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "sd-journal.h"
tmpfiles: add 'a' type to set ACLs
2015-01-18 05:27:39 +01:00
#include "acl-util.h"
util-lib: split out allocation calls into alloc-util.[ch]
2015-10-27 03:01:06 +01:00
#include "alloc-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "bus-error.h"
#include "bus-util.h"
#include "catalog.h"
util-lib: split out file attribute calls to chattr-util.[ch]
2015-10-26 20:39:23 +01:00
#include "chattr-util.h"
tree-wide: uniformly bump RLIMIT_NOFILE in all our tools that access the journal This makes use of rlimit_nofile_bump() in all tools that access the journal. In some cases this replaces older code to achieve this, and others we add it in where it was missing.
2018-10-01 17:44:46 +02:00
#include "def.h"
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
#include "device-private.h"
util-lib: split out fd-related operations into fd-util.[ch] There are more than enough to deserve their own .c file, hence move them over.
2015-10-25 13:14:12 +01:00
#include "fd-util.h"
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
#include "fileio.h"
util: introduce format_bytes_full() And move it into format-util.c.
2019-06-17 09:08:24 +02:00
#include "format-util.h"
util-lib: move a number of fs operations into fs-util.[ch]
2015-10-26 21:16:26 +01:00
#include "fs-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "fsprg.h"
util-lib: split out globbing related calls into glob-util.[ch]
2015-10-27 01:48:17 +01:00
#include "glob-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "hostname-util.h"
journalctl: move generate_new_id128() to shared
2018-08-21 15:38:04 +02:00
#include "id128-print.h"
util-lib: split out IO related calls to io-util.[ch]
2015-10-25 14:08:25 +01:00
#include "io-util.h"
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
#include "journal-def.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "journal-internal.h"
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
#include "journal-qrcode.h"
journalctl: move access_check() to shared/ The only functional change is that log_notice("No journal files were found.") is not printed any more with --quiet. log_error("No journal files were opened due to insufficient permissions.") is still printed. I wasn't quite sure where to put this function, but shared/ seems to be the right place and none of the existing files seem to fit too well. v2: rename journal_access_check to journal_access_check_and_warn.
2017-02-27 00:00:39 +01:00
#include "journal-util.h"
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
#include "journal-vacuum.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "journal-verify.h"
util-lib: move more locale-related calls to locale-util.[ch]
2015-10-26 23:01:30 +01:00
#include "locale-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "log.h"
#include "logs-show.h"
util: split out memcmp()/memset() related calls into memory-util.[ch] Just some source rearranging.
2019-03-13 12:02:21 +01:00
#include "memory-util.h"
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
#include "mkdir.h"
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
#include "mountpoint-util.h"
util: split out nulstr related stuff to nulstr-util.[ch]
2019-03-14 13:14:33 +01:00
#include "nulstr-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "pager.h"
util-lib: split string parsing related calls from util.[ch] into parse-util.[ch]
2015-10-26 16:18:16 +01:00
#include "parse-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "path-util.h"
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
#include "pcre2-dlopen.h"
Split out pretty-print.c and move pager.c and main-func.h to shared/ This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
2018-11-20 15:42:57 +01:00
#include "pretty-print.h"
util-lib: split out resource limits related calls into rlimit-util.[ch]
2015-10-26 19:40:43 +01:00
#include "rlimit-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "set.h"
#include "sigbus.h"
tree-wide: port various bits of the tree over to the new DUMP_STRING_TABLE() macro
2018-05-22 12:10:56 +02:00
#include "string-table.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "strv.h"
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
#include "stdio-util.h"
util-lib: split out syslog-related calls into syslog-util.[ch]
2015-10-27 00:40:25 +01:00
#include "syslog-util.h"
shared: add terminal-util.[ch]
2015-04-10 23:15:59 +02:00
#include "terminal-util.h"
util-lib: split out all temporary file related calls into tmpfiles-util.c This splits out a bunch of functions from fileio.c that have to do with temporary files. Simply to make the header files a bit shorter, and to group things more nicely. No code changes, just some rearranging of source files.
2018-11-30 21:05:27 +01:00
#include "tmpfile-util.h"
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
#include "unit-name.h"
util-lib: split out user/group/uid/gid calls into user-util.[ch]
2015-10-25 22:32:30 +01:00
#include "user-util.h"
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
#include "varlink.h"
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
journalctl: Periodically call sd_journal_process in journalctl If `journalctl` take a long time to process messages, and during that time journal file rotation occurs, a `journalctl` client will keep those rotated files open until it calls `sd_journal_process()`, which typically happens as a result of calling `sd_journal_wait()` below in the "following" case. By periodically calling `sd_journal_process()` during the processing loop we shrink the window of time a client instance has open file descriptors for rotated (deleted) journal files. (Lennart: slightly reworked version, that dropped some of the commenting which was solved otherwise)
2018-01-28 22:48:04 +01:00
#define PROCESS_INOTIFY_INTERVAL 1024 /* Every 1,024 messages processed */
journalctl: don't introduce numeric constants with special names, give them names
2014-10-22 20:23:45 +02:00
enum {
/* Special values for arg_lines */
ARG_LINES_DEFAULT = -2,
ARG_LINES_ALL = -1,
};
journal: beef up journal output of systemctl and journalctl
2012-01-04 18:33:36 +01:00
static OutputMode arg_output = OUTPUT_SHORT;
journalctl: add --utc option Introduce option to display time in UTC.
2014-10-02 14:39:29 +02:00
static bool arg_utc = false;
journalctl: add json, export, short and verbose output modes
2011-12-21 18:17:22 +01:00
static bool arg_follow = false;
journalctl: flip to --full by default We already shew lines in full when using a pager or not on a tty. The commit disables ellipsization in the sole remaining case, namely when --follow is used. This has been a popular request for a long time, and indeed, full output seems much more useful. Old behaviour can still be requested by using --no-full. Old options retain their behaviour for compatiblity, but aren't advertised as much. This change applies only to jornalctl, not to systemctl, when ellipsization is useful to keep the layout. https://bugzilla.redhat.com/show_bug.cgi?id=984758
2013-10-07 03:55:18 +02:00
static bool arg_full = true;
journalctl: don't ellipsize unless on a tty
2012-10-18 23:22:56 +02:00
static bool arg_all = false;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
static PagerFlags arg_pager_flags = 0;
journalctl: don't introduce numeric constants with special names, give them names
2014-10-22 20:23:45 +02:00
static int arg_lines = ARG_LINES_DEFAULT;
journalctl: only output 10 most recent lines in --follow mode
2012-01-04 15:27:31 +01:00
static bool arg_no_tail = false;
journalctl: warn if the user is not in the adm group
2012-03-14 19:54:22 +01:00
static bool arg_quiet = false;
journalctl: replace --local by --merge, i.e. don't interleave remote journals by default
2012-09-06 01:49:00 +02:00
static bool arg_merge = false;
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
static bool arg_boot = false;
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
static sd_id128_t arg_boot_id = {};
static int arg_boot_offset = 0;
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
static bool arg_dmesg = false;
journalctl: add --no-hostname switch This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-20 20:09:57 +02:00
static bool arg_no_hostname = false;
journalctl: add --cursor switch
2012-09-27 23:25:23 +02:00
static const char *arg_cursor = NULL;
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
static const char *arg_cursor_file = NULL;
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
static const char *arg_after_cursor = NULL;
static bool arg_show_cursor = false;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
static const char *arg_directory = NULL;
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
static char **arg_file = NULL;
sd-journal: add API for opening journal files or directories by fd Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature remains undocumented though, as it is probably not too useful in real-life as this still requires fds that support mmaping and seeking, i.e. does not work for pipes, for which reading from STDIN is most commonly used.
2016-04-25 00:31:24 +02:00
static bool arg_file_stdin = false;
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
static int arg_priorities = 0xFF;
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
static Set *arg_facilities = NULL;
journalctl: expunge verification key from argv (#5081) After parsing the --verify-key argument, overwrite it with null bytes. This minimizes (but does not completely eliminate) the time frame within which another process on the system can extract the verification key from the journalctl command line.
2017-01-15 05:03:00 +01:00
static char *arg_verify_key = NULL;
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_GCRYPT
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
static usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
journalctl: add --force option to recreate FSS
2013-07-15 05:13:09 +02:00
static bool arg_force = false;
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
#endif
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
static usec_t arg_since, arg_until;
static bool arg_since_set = false, arg_until_set = false;
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
static char **arg_syslog_identifier = NULL;
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
static char **arg_system_units = NULL;
static char **arg_user_units = NULL;
journal: add ability to list values a specified field can take in all entries of the journal The new 'unique' API allows listing all unique field values that a field specified by a field name can take in all entries of the journal. This allows answering queries such as "What units logged to the journal?", "What hosts have logged into the journal?", "Which boot IDs have logged into the journal?". Ultimately this allows implementation of tools similar to lastlog based on journal data. Note that listing these field values will not work for journal files created with older journald, as the field values are not indexed in older files.
2012-10-18 03:29:19 +02:00
static const char *arg_field = NULL;
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
static bool arg_catalog = false;
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
static bool arg_reverse = false;
journalctl: add --system/--user flags --user basically gives messages from your own systemd --user services. --system basically gives messages from PID 1, kernel, and --system services. Those two options are not exahustive, because a priviledged user might be able to see messages from other users, and they will not be shown with either or both of those flags.
2013-06-05 01:33:34 +02:00
static int arg_journal_type = 0;
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
static int arg_namespace_flags = 0;
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
static char *arg_root = NULL;
journal: add ability to browse journals of running OS containers This adds the new library call sd_journal_open_container() and a new "-M" switch to journalctl. Particular care is taken that journalctl's "-b" switch resolves to the current boot ID of the container, not the host.
2013-12-11 22:04:03 +01:00
static const char *arg_machine = NULL;
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
static const char *arg_namespace = NULL;
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
static uint64_t arg_vacuum_size = 0;
static uint64_t arg_vacuum_n_files = 0;
static usec_t arg_vacuum_time = 0;
journalctl: add --output-fields= (#7181) This option allows restricting the shown fields in the output modes that would normally show all fields. It allows clients that are only interested in a subset of the fields to access those more efficiently. Also, it makes the resulting size of the output more predictable. It has no effect on the various `short` output modes, because those already only show a subset of the fields.
2017-10-27 05:10:47 +02:00
static char **arg_output_fields = NULL;
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#if HAVE_PCRE2
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
static const char *arg_pattern = NULL;
static pcre2_code *arg_compiled_pattern = NULL;
static int arg_case_sensitive = -1; /* -1 means be smart */
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#endif
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
static enum {
ACTION_SHOW,
ACTION_NEW_ID128,
ACTION_PRINT_HEADER,
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
ACTION_SETUP_KEYS,
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
ACTION_VERIFY,
ACTION_DISK_USAGE,
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
ACTION_LIST_CATALOG,
journalct: beef up entry listing The ability to dump catalog entries in full and by id is added.
2013-03-20 01:54:04 +01:00
ACTION_DUMP_CATALOG,
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
ACTION_UPDATE_CATALOG,
ACTION_LIST_BOOTS,
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
ACTION_FLUSH,
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
ACTION_RELINQUISH_VAR,
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
ACTION_SYNC,
journalctl: add --rotate option shortcut for `systemctl kill --kill-who main --signal SIGUSR2 systemd-journald`
2015-09-30 21:54:58 +02:00
ACTION_ROTATE,
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
ACTION_VACUUM,
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
ACTION_ROTATE_AND_VACUUM,
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
ACTION_LIST_FIELDS,
ACTION_LIST_FIELD_NAMES,
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
} arg_action = ACTION_SHOW;
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
typedef struct BootId {
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
sd_id128_t id;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
uint64_t first;
uint64_t last;
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
LIST_FIELDS(struct BootId, boot_list);
} BootId;
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
journalctl: move pcre function code down We usually put the static arguments at the top of each source files, do so here too, and thus move the first code down.
2019-11-25 18:31:44 +01:00
#if HAVE_PCRE2
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_match_data*, sym_pcre2_match_data_free);
DEFINE_TRIVIAL_CLEANUP_FUNC(pcre2_code*, sym_pcre2_code_free);
journalctl: move pcre function code down We usually put the static arguments at the top of each source files, do so here too, and thus move the first code down.
2019-11-25 18:31:44 +01:00
static int pattern_compile(const char *pattern, unsigned flags, pcre2_code **out) {
int errorcode, r;
PCRE2_SIZE erroroffset;
pcre2_code *p;
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
p = sym_pcre2_compile((PCRE2_SPTR8) pattern,
PCRE2_ZERO_TERMINATED, flags, &errorcode, &erroroffset, NULL);
journalctl: move pcre function code down We usually put the static arguments at the top of each source files, do so here too, and thus move the first code down.
2019-11-25 18:31:44 +01:00
if (!p) {
unsigned char buf[LINE_MAX];
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
r = sym_pcre2_get_error_message(errorcode, buf, sizeof buf);
journalctl: move pcre function code down We usually put the static arguments at the top of each source files, do so here too, and thus move the first code down.
2019-11-25 18:31:44 +01:00
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Bad pattern \"%s\": %s", pattern,
r < 0 ? "unknown error" : (char *)buf);
}
*out = p;
return 0;
}
#endif
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
static int add_matches_for_device(sd_journal *j, const char *devpath) {
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
_cleanup_(sd_device_unrefp) sd_device *device = NULL;
sd_device *d = NULL;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
struct stat st;
udev: add helper udev_device_new_from_stat_rdev() This is a simple wrapper around udev_device_new_from_devnum(), and uses the data from a struct stat's .st_rdev field to derive the udev_device object.
2018-06-04 22:52:02 +02:00
int r;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
assert(j);
assert(devpath);
if (!path_startswith(devpath, "/dev/")) {
log_error("Devpath does not start with /dev/");
return -EINVAL;
}
udev: add helper udev_device_new_from_stat_rdev() This is a simple wrapper around udev_device_new_from_devnum(), and uses the data from a struct stat's .st_rdev field to derive the udev_device object.
2018-06-04 22:52:02 +02:00
if (stat(devpath, &st) < 0)
return log_error_errno(errno, "Couldn't stat file: %m");
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
r = device_new_from_stat_rdev(&device, &st);
udev: add helper udev_device_new_from_stat_rdev() This is a simple wrapper around udev_device_new_from_devnum(), and uses the data from a struct stat's .st_rdev field to derive the udev_device object.
2018-06-04 22:52:02 +02:00
if (r < 0)
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
return log_error_errno(r, "Failed to get device from devnum %u:%u: %m", major(st.st_rdev), minor(st.st_rdev));
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
for (d = device; d; ) {
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
_cleanup_free_ char *match = NULL;
const char *subsys, *sysname, *devnode;
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
sd_device *parent;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
r = sd_device_get_subsystem(d, &subsys);
if (r < 0)
goto get_parent;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
r = sd_device_get_sysname(d, &sysname);
if (r < 0)
goto get_parent;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
tree-wide: drop NULL sentinel from strjoin This makes strjoin and strjoina more similar and avoids the useless final argument. spatch -I . -I ./src -I ./src/basic -I ./src/basic -I ./src/shared -I ./src/shared -I ./src/network -I ./src/locale -I ./src/login -I ./src/journal -I ./src/journal -I ./src/timedate -I ./src/timesync -I ./src/nspawn -I ./src/resolve -I ./src/resolve -I ./src/systemd -I ./src/core -I ./src/core -I ./src/libudev -I ./src/udev -I ./src/udev/net -I ./src/udev -I ./src/libsystemd/sd-bus -I ./src/libsystemd/sd-event -I ./src/libsystemd/sd-login -I ./src/libsystemd/sd-netlink -I ./src/libsystemd/sd-network -I ./src/libsystemd/sd-hwdb -I ./src/libsystemd/sd-device -I ./src/libsystemd/sd-id128 -I ./src/libsystemd-network --sp-file coccinelle/strjoin.cocci --in-place $(git ls-files src/*.c) git grep -e '\bstrjoin\b.*NULL' -l|xargs sed -i -r 's/strjoin\((.*), NULL\)/strjoin(\1)/' This might have missed a few cases (spatch has a really hard time dealing with _cleanup_ macros), but that's no big issue, they can always be fixed later.
2016-10-23 17:43:27 +02:00
match = strjoin("_KERNEL_DEVICE=+", subsys, ":", sysname);
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
if (!match)
return log_oom();
r = sd_journal_add_match(j, match, 0);
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
if (sd_device_get_devname(d, &devnode) >= 0) {
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
_cleanup_free_ char *match1 = NULL;
r = stat(devnode, &st);
if (r < 0)
return log_error_errno(r, "Failed to stat() device node \"%s\": %m", devnode);
r = asprintf(&match1, "_KERNEL_DEVICE=%c%u:%u", S_ISBLK(st.st_mode) ? 'b' : 'c', major(st.st_rdev), minor(st.st_rdev));
if (r < 0)
return log_oom();
r = sd_journal_add_match(j, match1, 0);
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
}
journal: replace udev_device by sd_device
2018-08-22 07:04:11 +02:00
get_parent:
if (sd_device_get_parent(d, &parent) < 0)
break;
d = parent;
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
}
journalctl: add match for the current boot when called with devpath
2016-02-03 11:22:52 +01:00
r = add_match_this_boot(j, arg_machine);
if (r < 0)
return log_error_errno(r, "Failed to add match for the current boot: %m");
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
return 0;
}
time: functions named "internal" really shouldn't be exported Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08 22:37:45 +02:00
static char *format_timestamp_maybe_utc(char *buf, size_t l, usec_t t) {
if (arg_utc)
return format_timestamp_utc(buf, l, t);
return format_timestamp(buf, l, t);
}
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
static int parse_boot_descriptor(const char *x, sd_id128_t *boot_id, int *offset) {
sd_id128_t id = SD_ID128_NULL;
int off = 0, r;
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
if (streq(x, "all")) {
*boot_id = SD_ID128_NULL;
*offset = 0;
return 0;
} else if (strlen(x) >= 32) {
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
char *t;
t = strndupa(x, 32);
r = sd_id128_from_string(t, &id);
if (r >= 0)
x += 32;
tree-wide: use IN_SET macro (#6977)
2017-10-04 16:01:32 +02:00
if (!IN_SET(*x, 0, '-', '+'))
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
return -EINVAL;
if (*x != 0) {
r = safe_atoi(x, &off);
if (r < 0)
return r;
}
} else {
r = safe_atoi(x, &off);
if (r < 0)
return r;
}
if (boot_id)
*boot_id = id;
if (offset)
*offset = off;
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
return 1;
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
}
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
static int help_facilities(void) {
if (!arg_quiet)
puts("Available facilities:");
for (int i = 0; i < LOG_NFACILITIES; i++) {
_cleanup_free_ char *t = NULL;
if (log_facility_unshifted_to_string_alloc(i, &t))
return log_oom();
puts(t);
}
return 0;
}
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
journal: pipe journalctl help output into a pager journalctl help output might run off the screen, so be consistent as other systemd tools do and pipe it into a pager.
2013-12-12 00:22:48 +01:00
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
r = terminal_urlify_man("journalctl", "1", &link);
if (r < 0)
return log_oom();
journalctl: underline sections in --help
2019-11-28 10:50:49 +01:00
printf("%1$s [OPTIONS...] [MATCHES...]\n\n"
"%5$sQuery the journal.%6$s\n\n"
"%3$sOptions:%4$s\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" --system Show the system journal\n"
" --user Show the user journal for the current user\n"
" -M --machine=CONTAINER Operate on local container\n"
" -S --since=DATE Show entries not older than the specified date\n"
" -U --until=DATE Show entries not newer than the specified date\n"
" -c --cursor=CURSOR Show entries starting at the specified cursor\n"
" --after-cursor=CURSOR Show entries after the specified cursor\n"
" --show-cursor Print the cursor after all the entries\n"
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
" --cursor-file=FILE Show entries after cursor in FILE and update FILE\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" -b --boot[=ID] Show current boot or the specified boot\n"
" --list-boots Show terse information about recorded boots\n"
" -k --dmesg Show kernel message log from the current boot\n"
" -u --unit=UNIT Show logs from the specified unit\n"
" --user-unit=UNIT Show logs from the specified user unit\n"
" -t --identifier=STRING Show entries with the specified syslog identifier\n"
" -p --priority=RANGE Show entries with the specified priority\n"
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
" --facility=FACILITY... Show entries with the specified facilities\n"
journalctl: typo fix
2018-01-28 20:49:55 +01:00
" -g --grep=PATTERN Show entries with MESSAGE matching PATTERN\n"
tree-wide: fix spelling errors Based on a report from Fossies.org using Codespell. Followup to #15436
2020-04-21 20:46:53 +02:00
" --case-sensitive[=BOOL] Force case sensitive or insensitive matching\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" -e --pager-end Immediately jump to the end in the pager\n"
" -f --follow Follow the journal\n"
" -n --lines[=INTEGER] Number of journal entries to show\n"
" --no-tail Show all lines, even in follow mode\n"
" -r --reverse Show the newest entries first\n"
" -o --output=STRING Change journal output mode (short, short-precise,\n"
" short-iso, short-iso-precise, short-full,\n"
" short-monotonic, short-unix, verbose, export,\n"
journalctl: port JSON output mode to new JSON API Also, while we are at it, beef it up, by adding json-seq support (i.e. https://tools.ietf.org/html/rfc7464). This is particularly useful in conjunction with jq's --seq switch.
2018-07-23 20:22:30 +02:00
" json, json-pretty, json-sse, json-seq, cat,\n"
" with-unit)\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" --output-fields=LIST Select fields to print in verbose/export/json modes\n"
" --utc Express time in Coordinated Universal Time (UTC)\n"
" -x --catalog Add message explanations where available\n"
" --no-full Ellipsize fields\n"
" -a --all Show all fields, including long and unprintable\n"
" -q --quiet Do not show info messages and privilege warning\n"
" --no-pager Do not pipe output into a pager\n"
" --no-hostname Suppress output of hostname field\n"
" -m --merge Show entries from all available journals\n"
" -D --directory=PATH Show journal files from directory\n"
" --file=PATH Show journal file\n"
" --root=ROOT Operate on files below a root directory\n"
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
" --namespace=NAMESPACE Show journal data from specified namespace\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" --interval=TIME Time interval for changing the FSS sealing key\n"
" --verify-key=KEY Specify FSS verification key\n"
" --force Override of the FSS key pair with --setup-keys\n"
journalctl: underline sections in --help
2019-11-28 10:50:49 +01:00
"\n%3$sCommands:%4$s\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" -h --help Show this help text\n"
" --version Show package version\n"
" -N --fields List all field names currently used\n"
" -F --field=FIELD List all values that a specified field takes\n"
" --disk-usage Show total disk usage of all journal files\n"
" --vacuum-size=BYTES Reduce disk usage below specified size\n"
" --vacuum-files=INT Leave only the specified number of journal files\n"
" --vacuum-time=TIME Remove journal files older than specified time\n"
" --verify Verify journal file consistency\n"
" --sync Synchronize unwritten journal messages to disk\n"
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
" --relinquish-var Stop logging to disk, log to temporary file system\n"
" --smart-relinquish-var Similar, but NOP if log directory is on root mount\n"
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
" --flush Flush all journal data from /run into /var\n"
" --rotate Request immediate rotation of the journal files\n"
" --header Show journal header information\n"
" --list-catalog Show all message IDs in the catalog\n"
" --dump-catalog Show entries in the message catalog\n"
" --update-catalog Update the message catalog database\n"
" --setup-keys Generate a new FSS key pair\n"
journalctl: underline sections in --help
2019-11-28 10:50:49 +01:00
"\nSee the %2$s for details.\n"
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
, program_invocation_short_name
, link
journalctl: underline sections in --help
2019-11-28 10:50:49 +01:00
, ansi_underline(), ansi_normal()
, ansi_highlight(), ansi_normal()
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
);
return 0;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
}
static int parse_argv(int argc, char *argv[]) {
enum {
ARG_VERSION = 0x100,
journalctl: only output 10 most recent lines in --follow mode
2012-01-04 15:27:31 +01:00
ARG_NO_PAGER,
journalctl: flip to --full by default We already shew lines in full when using a pager or not on a tty. The commit disables ellipsization in the sole remaining case, namely when --follow is used. This has been a popular request for a long time, and indeed, full output seems much more useful. Old behaviour can still be requested by using --no-full. Old options retain their behaviour for compatiblity, but aren't advertised as much. This change applies only to jornalctl, not to systemctl, when ellipsization is useful to keep the layout. https://bugzilla.redhat.com/show_bug.cgi?id=984758
2013-10-07 03:55:18 +02:00
ARG_NO_FULL,
journalctl: add --new-id switch to generate a new 128Bit id
2012-01-05 16:28:17 +01:00
ARG_NO_TAIL,
journal: automatically rotate journal files if the data hash table is full > 75% Previously, when the main data hash table grows too full the performance simply started to decrease drastically. Instead, now simply rotate to a new journal file as the hash table gets to full, so that we can start with a new fresh empty hash table.
2012-07-16 22:24:02 +02:00
ARG_NEW_ID128,
journalct: do no allow --this-boot to take arguments Before --this-boot was deprecated in a331b5e6d47243, it did not take any arguments.
2016-06-28 21:39:56 +02:00
ARG_THIS_BOOT,
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
ARG_LIST_BOOTS,
journalctl: add --system/--user flags --user basically gives messages from your own systemd --user services. --system basically gives messages from PID 1, kernel, and --system services. Those two options are not exahustive, because a priviledged user might be able to see messages from other users, and they will not be shown with either or both of those flags.
2013-06-05 01:33:34 +02:00
ARG_USER,
ARG_SYSTEM,
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
ARG_ROOT,
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
ARG_HEADER,
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
ARG_FACILITY,
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
ARG_SETUP_KEYS,
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
ARG_FILE,
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
ARG_INTERVAL,
journalctl: add --verify-seed= switch to specify seed value
2012-08-16 02:14:34 +02:00
ARG_VERIFY,
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
ARG_VERIFY_KEY,
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
ARG_DISK_USAGE,
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
ARG_AFTER_CURSOR,
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
ARG_CURSOR_FILE,
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
ARG_SHOW_CURSOR,
journalctl: add --user-unit= switch Add --user-unit= to make it possible to query for user logs by the name of the service.
2013-03-01 14:39:04 +01:00
ARG_USER_UNIT,
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
ARG_LIST_CATALOG,
journalct: beef up entry listing The ability to dump catalog entries in full and by id is added.
2013-03-20 01:54:04 +01:00
ARG_DUMP_CATALOG,
journalctl: add --system/--user flags --user basically gives messages from your own systemd --user services. --system basically gives messages from PID 1, kernel, and --system services. Those two options are not exahustive, because a priviledged user might be able to see messages from other users, and they will not be shown with either or both of those flags.
2013-06-05 01:33:34 +02:00
ARG_UPDATE_CATALOG,
journalctl: add --force option to recreate FSS
2013-07-15 05:13:09 +02:00
ARG_FORCE,
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
ARG_CASE_SENSITIVE,
journalctl: add --utc option Introduce option to display time in UTC.
2014-10-02 14:39:29 +02:00
ARG_UTC,
journalctl: add new --sync switch for syncing the journal to disk With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11 12:59:09 +01:00
ARG_SYNC,
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
ARG_FLUSH,
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
ARG_RELINQUISH_VAR,
ARG_SMART_RELINQUISH_VAR,
journalctl: add --rotate option shortcut for `systemctl kill --kill-who main --signal SIGUSR2 systemd-journald`
2015-09-30 21:54:58 +02:00
ARG_ROTATE,
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
ARG_VACUUM_SIZE,
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
ARG_VACUUM_FILES,
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
ARG_VACUUM_TIME,
journalctl: add --no-hostname switch This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-20 20:09:57 +02:00
ARG_NO_HOSTNAME,
journalctl: add --output-fields= (#7181) This option allows restricting the shown fields in the output modes that would normally show all fields. It allows clients that are only interested in a subset of the fields to access those more efficiently. Also, it makes the resulting size of the output more predictable. It has no effect on the various `short` output modes, because those already only show a subset of the fields.
2017-10-27 05:10:47 +02:00
ARG_OUTPUT_FIELDS,
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
ARG_NAMESPACE,
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
};
static const struct option options[] = {
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
{ "help", no_argument, NULL, 'h' },
{ "version" , no_argument, NULL, ARG_VERSION },
{ "no-pager", no_argument, NULL, ARG_NO_PAGER },
{ "pager-end", no_argument, NULL, 'e' },
{ "follow", no_argument, NULL, 'f' },
{ "force", no_argument, NULL, ARG_FORCE },
{ "output", required_argument, NULL, 'o' },
{ "all", no_argument, NULL, 'a' },
{ "full", no_argument, NULL, 'l' },
{ "no-full", no_argument, NULL, ARG_NO_FULL },
{ "lines", optional_argument, NULL, 'n' },
{ "no-tail", no_argument, NULL, ARG_NO_TAIL },
{ "new-id128", no_argument, NULL, ARG_NEW_ID128 }, /* deprecated */
{ "quiet", no_argument, NULL, 'q' },
{ "merge", no_argument, NULL, 'm' },
{ "this-boot", no_argument, NULL, ARG_THIS_BOOT }, /* deprecated */
{ "boot", optional_argument, NULL, 'b' },
{ "list-boots", no_argument, NULL, ARG_LIST_BOOTS },
{ "dmesg", no_argument, NULL, 'k' },
{ "system", no_argument, NULL, ARG_SYSTEM },
{ "user", no_argument, NULL, ARG_USER },
{ "directory", required_argument, NULL, 'D' },
{ "file", required_argument, NULL, ARG_FILE },
{ "root", required_argument, NULL, ARG_ROOT },
{ "header", no_argument, NULL, ARG_HEADER },
{ "identifier", required_argument, NULL, 't' },
{ "priority", required_argument, NULL, 'p' },
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
{ "facility", required_argument, NULL, ARG_FACILITY },
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
{ "grep", required_argument, NULL, 'g' },
{ "case-sensitive", optional_argument, NULL, ARG_CASE_SENSITIVE },
{ "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
{ "interval", required_argument, NULL, ARG_INTERVAL },
{ "verify", no_argument, NULL, ARG_VERIFY },
{ "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
{ "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
{ "cursor", required_argument, NULL, 'c' },
{ "cursor-file", required_argument, NULL, ARG_CURSOR_FILE },
{ "after-cursor", required_argument, NULL, ARG_AFTER_CURSOR },
{ "show-cursor", no_argument, NULL, ARG_SHOW_CURSOR },
{ "since", required_argument, NULL, 'S' },
{ "until", required_argument, NULL, 'U' },
{ "unit", required_argument, NULL, 'u' },
{ "user-unit", required_argument, NULL, ARG_USER_UNIT },
{ "field", required_argument, NULL, 'F' },
{ "fields", no_argument, NULL, 'N' },
{ "catalog", no_argument, NULL, 'x' },
{ "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
{ "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
{ "update-catalog", no_argument, NULL, ARG_UPDATE_CATALOG },
{ "reverse", no_argument, NULL, 'r' },
{ "machine", required_argument, NULL, 'M' },
{ "utc", no_argument, NULL, ARG_UTC },
{ "flush", no_argument, NULL, ARG_FLUSH },
{ "relinquish-var", no_argument, NULL, ARG_RELINQUISH_VAR },
{ "smart-relinquish-var", no_argument, NULL, ARG_SMART_RELINQUISH_VAR },
{ "sync", no_argument, NULL, ARG_SYNC },
{ "rotate", no_argument, NULL, ARG_ROTATE },
{ "vacuum-size", required_argument, NULL, ARG_VACUUM_SIZE },
{ "vacuum-files", required_argument, NULL, ARG_VACUUM_FILES },
{ "vacuum-time", required_argument, NULL, ARG_VACUUM_TIME },
{ "no-hostname", no_argument, NULL, ARG_NO_HOSTNAME },
{ "output-fields", required_argument, NULL, ARG_OUTPUT_FIELDS },
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
{ "namespace", required_argument, NULL, ARG_NAMESPACE },
clients: unify how we invoke getopt_long() Among other things this makes sure we always expose a --version command and show it in the help texts.
2013-11-06 18:28:39 +01:00
{}
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
};
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
int c, r;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
assert(argc >= 0);
assert(argv);
journalctl: make journalctl -g work as documented Add "g" to optstring so both "--grep" and "-g" work with journalctl
2018-02-28 02:16:26 +01:00
while ((c = getopt_long(argc, argv, "hefo:aln::qmb::kD:p:g:c:S:U:t:u:NF:xrM:", options, NULL)) >= 0)
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
switch (c) {
case 'h':
tree-wide: add clickable man page link to all --help texts This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
2018-08-09 10:32:31 +02:00
return help();
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
case ARG_VERSION:
util: introduce common version() implementation and use it everywhere This also allows us to drop build.h from a ton of files, hence do so. Since we touched the #includes of those files, let's order them properly according to CODING_STYLE.
2015-09-23 03:01:06 +02:00
return version();
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
case ARG_NO_PAGER:
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
arg_pager_flags |= PAGER_DISABLE;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
break;
pager: introduce "jump to end" option $ journalctl -be is what you want :) https://bugzilla.redhat.com/show_bug.cgi?id=867841
2013-03-07 20:44:35 +01:00
case 'e':
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
arg_pager_flags |= PAGER_JUMP_TO_END;
journalctl: imply -n1000 when -e is used Make sure the pager does not have to buffer an unbounded number of log messages, by default.
2013-03-07 21:49:12 +01:00
journalctl: don't introduce numeric constants with special names, give them names
2014-10-22 20:23:45 +02:00
if (arg_lines == ARG_LINES_DEFAULT)
journalctl: imply -n1000 when -e is used Make sure the pager does not have to buffer an unbounded number of log messages, by default.
2013-03-07 21:49:12 +01:00
arg_lines = 1000;
pager: introduce "jump to end" option $ journalctl -be is what you want :) https://bugzilla.redhat.com/show_bug.cgi?id=867841
2013-03-07 20:44:35 +01:00
break;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
case 'f':
arg_follow = true;
break;
case 'o':
tree-wide: port various bits of the tree over to the new DUMP_STRING_TABLE() macro
2018-05-22 12:10:56 +02:00
if (streq(optarg, "help")) {
DUMP_STRING_TABLE(output_mode, OutputMode, _OUTPUT_MODE_MAX);
return 0;
}
journalctl: make the argument to -n optional
2012-09-21 22:33:02 +02:00
arg_output = output_mode_from_string(optarg);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (arg_output < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown output format '%s'.", optarg);
journal: beef up journal output of systemctl and journalctl
2012-01-04 18:33:36 +01:00
journalctl: port JSON output mode to new JSON API Also, while we are at it, beef it up, by adding json-seq support (i.e. https://tools.ietf.org/html/rfc7464). This is particularly useful in conjunction with jq's --seq switch.
2018-07-23 20:22:30 +02:00
if (IN_SET(arg_output, OUTPUT_EXPORT, OUTPUT_JSON, OUTPUT_JSON_PRETTY, OUTPUT_JSON_SSE, OUTPUT_JSON_SEQ, OUTPUT_CAT))
journalctl: skip informational messages in export/json modes
2012-10-15 18:14:09 +02:00
arg_quiet = true;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
break;
journalctl,loginctl,systemctl,systemd-cgls: add -l as alias for --full https://bugs.freedesktop.org/show_bug.cgi?id=65850
2013-06-17 11:36:35 +02:00
case 'l':
journalctl: add option to forgo ellipsization Sometimes it is better to see messages in full, and the existing set of options didn't allow this easily. E.g. now journalctl -f --full will behave like tail -f /var/log/messages of yore. Long option only for now, since small letters are becoming scarce, and this doesn't feel like a capital-letter-option. '-u' would be nice, and the above command would be spelled journalctl -fu
2012-11-17 15:27:59 +01:00
arg_full = true;
break;
journalctl: flip to --full by default We already shew lines in full when using a pager or not on a tty. The commit disables ellipsization in the sole remaining case, namely when --follow is used. This has been a popular request for a long time, and indeed, full output seems much more useful. Old behaviour can still be requested by using --no-full. Old options retain their behaviour for compatiblity, but aren't advertised as much. This change applies only to jornalctl, not to systemctl, when ellipsization is useful to keep the layout. https://bugzilla.redhat.com/show_bug.cgi?id=984758
2013-10-07 03:55:18 +02:00
case ARG_NO_FULL:
arg_full = false;
break;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
case 'a':
journalctl: don't ellipsize unless on a tty
2012-10-18 23:22:56 +02:00
arg_all = true;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
break;
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
case 'n':
journalctl: make the argument to -n optional
2012-09-21 22:33:02 +02:00
if (optarg) {
journalctl: Allow to disable line cap with --lines=all
2014-08-31 11:12:22 +02:00
if (streq(optarg, "all"))
journalctl: don't introduce numeric constants with special names, give them names
2014-10-22 20:23:45 +02:00
arg_lines = ARG_LINES_ALL;
journalctl: Allow to disable line cap with --lines=all
2014-08-31 11:12:22 +02:00
else {
r = safe_atoi(optarg, &arg_lines);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0 || arg_lines < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to parse lines '%s'", optarg);
journalctl: make the argument to -n optional
2012-09-21 22:33:02 +02:00
}
journalctl: allow both "-n 55" and "-n55" on the command line, as equivalent syntaxes https://bugs.freedesktop.org/show_bug.cgi?id=60596
2013-02-12 00:31:13 +01:00
} else {
journalctl: Allow to disable line cap with --lines=all
2014-08-31 11:12:22 +02:00
arg_lines = 10;
journalctl: allow both "-n 55" and "-n55" on the command line, as equivalent syntaxes https://bugs.freedesktop.org/show_bug.cgi?id=60596
2013-02-12 00:31:13 +01:00
/* Hmm, no argument? Maybe the next
* word on the command line is
* supposed to be the argument? Let's
* see if there is one, and is
journalctl: Allow to disable line cap with --lines=all
2014-08-31 11:12:22 +02:00
* parsable. */
if (optind < argc) {
int n;
if (streq(argv[optind], "all")) {
journalctl: don't introduce numeric constants with special names, give them names
2014-10-22 20:23:45 +02:00
arg_lines = ARG_LINES_ALL;
journalctl: Allow to disable line cap with --lines=all
2014-08-31 11:12:22 +02:00
optind++;
} else if (safe_atoi(argv[optind], &n) >= 0 && n >= 0) {
arg_lines = n;
optind++;
}
}
journalctl: allow both "-n 55" and "-n55" on the command line, as equivalent syntaxes https://bugs.freedesktop.org/show_bug.cgi?id=60596
2013-02-12 00:31:13 +01:00
}
journalctl: make the argument to -n optional
2012-09-21 22:33:02 +02:00
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
break;
journalctl: only output 10 most recent lines in --follow mode
2012-01-04 15:27:31 +01:00
case ARG_NO_TAIL:
arg_no_tail = true;
break;
journalctl: rename --new-id to --new-id128 in order not to introduce yet another new name
2012-01-07 01:37:15 +01:00
case ARG_NEW_ID128:
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
arg_action = ACTION_NEW_ID128;
journalctl: add --new-id switch to generate a new 128Bit id
2012-01-05 16:28:17 +01:00
break;
journalctl: warn if the user is not in the adm group
2012-03-14 19:54:22 +01:00
case 'q':
arg_quiet = true;
journalctl: add a missing 'break' There is a 'break' missing in the -q handling so, for example, 'systemd-journalctl --new-id128 -q' does nothing. This patch fixes the problem.
2012-03-15 07:26:55 +01:00
break;
journalctl: warn if the user is not in the adm group
2012-03-14 19:54:22 +01:00
journalctl: replace --local by --merge, i.e. don't interleave remote journals by default
2012-09-06 01:49:00 +02:00
case 'm':
arg_merge = true;
journalctl: add --local switch
2012-03-27 00:14:29 +02:00
break;
journalct: do no allow --this-boot to take arguments Before --this-boot was deprecated in a331b5e6d47243, it did not take any arguments.
2016-06-28 21:39:56 +02:00
case ARG_THIS_BOOT:
arg_boot = true;
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
arg_boot_id = SD_ID128_NULL;
arg_boot_offset = 0;
journalct: do no allow --this-boot to take arguments Before --this-boot was deprecated in a331b5e6d47243, it did not take any arguments.
2016-06-28 21:39:56 +02:00
break;
journalctl: add new switch -b to show data from current boot only
2012-07-01 18:47:40 +02:00
case 'b':
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
arg_boot = true;
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
arg_boot_id = SD_ID128_NULL;
arg_boot_offset = 0;
Revert "journalctl: remove unexpected behavior of journalctl -b" This reverts commit cf5bccc2bb9569030cb04debbc4208aaca0fe5b4. We should fix thinks properly if they aren't perfect, not just break other things...
2013-12-25 19:17:10 +01:00
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
if (optarg) {
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
r = parse_boot_descriptor(optarg, &arg_boot_id, &arg_boot_offset);
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse boot descriptor '%s'", optarg);
arg_boot = r;
/* Hmm, no argument? Maybe the next
* word on the command line is
* supposed to be the argument? Let's
* see if there is one and is parsable
* as a boot descriptor... */
} else if (optind < argc) {
r = parse_boot_descriptor(argv[optind], &arg_boot_id, &arg_boot_offset);
if (r >= 0) {
arg_boot = r;
Revert "journalctl: remove unexpected behavior of journalctl -b" This reverts commit cf5bccc2bb9569030cb04debbc4208aaca0fe5b4. We should fix thinks properly if they aren't perfect, not just break other things...
2013-12-25 19:17:10 +01:00
optind++;
journalctl: support `-b all` to negate effect of -b Also fix an issue where -b without argument didn't always behave as -b0
2019-03-07 02:20:06 +01:00
}
Revert "journalctl: remove unexpected behavior of journalctl -b" This reverts commit cf5bccc2bb9569030cb04debbc4208aaca0fe5b4. We should fix thinks properly if they aren't perfect, not just break other things...
2013-12-25 19:17:10 +01:00
}
journalctl: add new switch -b to show data from current boot only
2012-07-01 18:47:40 +02:00
break;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
case ARG_LIST_BOOTS:
arg_action = ACTION_LIST_BOOTS;
break;
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
case 'k':
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
arg_boot = arg_dmesg = true;
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
break;
journalctl: add --system/--user flags --user basically gives messages from your own systemd --user services. --system basically gives messages from PID 1, kernel, and --system services. Those two options are not exahustive, because a priviledged user might be able to see messages from other users, and they will not be shown with either or both of those flags.
2013-06-05 01:33:34 +02:00
case ARG_SYSTEM:
arg_journal_type |= SD_JOURNAL_SYSTEM;
break;
case ARG_USER:
arg_journal_type |= SD_JOURNAL_CURRENT_USER;
break;
journal: add ability to browse journals of running OS containers This adds the new library call sd_journal_open_container() and a new "-M" switch to journalctl. Particular care is taken that journalctl's "-b" switch resolves to the current boot ID of the container, not the host.
2013-12-11 22:04:03 +01:00
case 'M':
arg_machine = optarg;
break;
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
case ARG_NAMESPACE:
if (streq(optarg, "*")) {
arg_namespace_flags = SD_JOURNAL_ALL_NAMESPACES;
arg_namespace = NULL;
} else if (startswith(optarg, "+")) {
arg_namespace_flags = SD_JOURNAL_INCLUDE_DEFAULT_NAMESPACE;
arg_namespace = optarg + 1;
} else if (isempty(optarg)) {
arg_namespace_flags = 0;
arg_namespace = NULL;
} else {
arg_namespace_flags = 0;
arg_namespace = optarg;
}
break;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
case 'D':
arg_directory = optarg;
break;
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
case ARG_FILE:
sd-journal: add API for opening journal files or directories by fd Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature remains undocumented though, as it is probably not too useful in real-life as this still requires fds that support mmaping and seeking, i.e. does not work for pipes, for which reading from STDIN is most commonly used.
2016-04-25 00:31:24 +02:00
if (streq(optarg, "-"))
/* An undocumented feature: we can read journal files from STDIN. We don't document
* this though, since after all we only support this for mmap-able, seekable files, and
* not for example pipes which are probably the primary usecase for reading things from
* STDIN. To avoid confusion we hence don't document this feature. */
arg_file_stdin = true;
else {
journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo is not readable It annoyed me for quite a while that running "journalctl --file=…" on a file that is not readable failed with a "File not found" error instead of a permission error. Let's fix that. We make this work by using the GLOB_NOCHECK flag for glob() which means that files are not accessible will be returned in the array as they are instead of being filtered away. This then means that our later attemps to open the files will fail cleanly with a good error message.
2020-05-12 23:36:27 +02:00
r = glob_extend(&arg_file, optarg, GLOB_NOCHECK);
sd-journal: add API for opening journal files or directories by fd Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature remains undocumented though, as it is probably not too useful in real-life as this still requires fds that support mmaping and seeking, i.e. does not work for pipes, for which reading from STDIN is most commonly used.
2016-04-25 00:31:24 +02:00
if (r < 0)
return log_error_errno(r, "Failed to add paths: %m");
}
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
break;
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
case ARG_ROOT:
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
r = parse_path_argument_and_warn(optarg, true, &arg_root);
if (r < 0)
return r;
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
break;
journalctl: add --cursor switch
2012-09-27 23:25:23 +02:00
case 'c':
arg_cursor = optarg;
break;
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
case ARG_CURSOR_FILE:
arg_cursor_file = optarg;
break;
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
case ARG_AFTER_CURSOR:
arg_after_cursor = optarg;
break;
case ARG_SHOW_CURSOR:
arg_show_cursor = true;
break;
journal: automatically rotate journal files if the data hash table is full > 75% Previously, when the main data hash table grows too full the performance simply started to decrease drastically. Instead, now simply rotate to a new journal file as the hash table gets to full, so that we can start with a new fresh empty hash table.
2012-07-16 22:24:02 +02:00
case ARG_HEADER:
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
arg_action = ACTION_PRINT_HEADER;
break;
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
case ARG_VERIFY:
arg_action = ACTION_VERIFY;
break;
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
case ARG_DISK_USAGE:
arg_action = ACTION_DISK_USAGE;
break;
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
case ARG_VACUUM_SIZE:
r = parse_size(optarg, 1024, &arg_vacuum_size);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse vacuum size: %s", optarg);
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
break;
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
case ARG_VACUUM_FILES:
r = safe_atou64(optarg, &arg_vacuum_n_files);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse vacuum files: %s", optarg);
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
break;
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
case ARG_VACUUM_TIME:
r = parse_sec(optarg, &arg_vacuum_time);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0)
return log_error_errno(r, "Failed to parse vacuum time: %s", optarg);
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
arg_action = arg_action == ACTION_ROTATE ? ACTION_ROTATE_AND_VACUUM : ACTION_VACUUM;
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
break;
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_GCRYPT
journalctl: add --force option to recreate FSS
2013-07-15 05:13:09 +02:00
case ARG_FORCE:
arg_force = true;
break;
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
case ARG_SETUP_KEYS:
arg_action = ACTION_SETUP_KEYS;
journal: automatically rotate journal files if the data hash table is full > 75% Previously, when the main data hash table grows too full the performance simply started to decrease drastically. Instead, now simply rotate to a new journal file as the hash table gets to full, so that we can start with a new fresh empty hash table.
2012-07-16 22:24:02 +02:00
break;
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
case ARG_VERIFY_KEY:
journalctl: fix memleak This is harmless, it would only happen if --verify-key is used multiple times. But let's fix it for correctness. CID ##1368415.
2017-01-15 17:55:46 +01:00
r = free_and_strdup(&arg_verify_key, optarg);
if (r < 0)
return r;
Remove string_erase
2019-07-10 13:54:50 +02:00
/* Use memset not explicit_bzero() or similar so this doesn't look confusing
journalctl: replace string_erase with memset('x') The compiler should not be able to optimize out the memset, because optarg is global memory. In this case, not making the argument an empty string is nicer, so just use an open-coded version of string_erase from before the explicit_bzero change.
2017-02-06 02:09:41 +01:00
* in ps or htop output. */
memset(optarg, 'x', strlen(optarg));
journalctl: fix memleak This is harmless, it would only happen if --verify-key is used multiple times. But let's fix it for correctness. CID ##1368415.
2017-01-15 17:55:46 +01:00
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
arg_action = ACTION_VERIFY;
journalctl: fix memleak This is harmless, it would only happen if --verify-key is used multiple times. But let's fix it for correctness. CID ##1368415.
2017-01-15 17:55:46 +01:00
arg_merge = false;
journalctl: add --verify-seed= switch to specify seed value
2012-08-16 02:14:34 +02:00
break;
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
case ARG_INTERVAL:
util: rename parse_usec() to parse_sec() sinds the default unit is seconds Internally we store all time values in usec_t, however parse_usec() actually was used mostly to parse values in seconds (unless explicit units were specified to define a different unit). Hence, be clear about this and name the function about what we pass into it, not what we get out of it.
2013-04-02 20:38:16 +02:00
r = parse_sec(optarg, &arg_interval);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0 || arg_interval <= 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to parse sealing key change interval: %s", optarg);
journal: add FSPRG journal authentication
2012-08-16 23:58:14 +02:00
break;
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
#else
case ARG_SETUP_KEYS:
case ARG_VERIFY_KEY:
case ARG_INTERVAL:
journalctl: add --force option to recreate FSS
2013-07-15 05:13:09 +02:00
case ARG_FORCE:
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Compiled without forward-secure sealing support.");
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
#endif
journal: add FSPRG journal authentication
2012-08-16 23:58:14 +02:00
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
case 'p': {
const char *dots;
dots = strstr(optarg, "..");
if (dots) {
journalctl: use automatic memory cleanup
2019-11-25 18:44:19 +01:00
_cleanup_free_ char *a = NULL;
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
int from, to, i;
/* a range */
a = strndup(optarg, dots - optarg);
if (!a)
return log_oom();
from = log_level_from_string(a);
to = log_level_from_string(dots + 2);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (from < 0 || to < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to parse log level range %s", optarg);
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
arg_priorities = 0;
if (from < to) {
for (i = from; i <= to; i++)
arg_priorities |= 1 << i;
} else {
for (i = to; i <= from; i++)
arg_priorities |= 1 << i;
}
} else {
int p, i;
p = log_level_from_string(optarg);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (p < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Unknown log level %s", optarg);
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
arg_priorities = 0;
for (i = 0; i <= p; i++)
arg_priorities |= 1 << i;
}
break;
}
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
case ARG_FACILITY: {
const char *p;
for (p = optarg;;) {
_cleanup_free_ char *fac = NULL;
int num;
r = extract_first_word(&p, &fac, ",", 0);
if (r < 0)
return log_error_errno(r, "Failed to parse facilities: %s", optarg);
if (r == 0)
break;
if (streq(fac, "help")) {
help_facilities();
return 0;
}
num = log_facility_unshifted_from_string(fac);
if (num < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Bad --facility= argument \"%s\".", fac);
tree-wide: use set_ensure_put() Patch contains a coccinelle script, but it only works in some cases. Many parts were converted by hand. Note: I did not fix errors in return value handing. This will be done separate to keep the patch comprehensible. No functional change is intended in this patch.
2020-06-05 15:12:29 +02:00
if (set_ensure_put(&arg_facilities, NULL, INT_TO_PTR(num)) < 0)
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
return log_oom();
}
break;
}
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#if HAVE_PCRE2
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
case 'g':
arg_pattern = optarg;
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
break;
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
case ARG_CASE_SENSITIVE:
if (optarg) {
r = parse_boolean(optarg);
if (r < 0)
return log_error_errno(r, "Bad --case-sensitive= argument \"%s\": %m", optarg);
arg_case_sensitive = r;
} else
arg_case_sensitive = true;
break;
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#else
case 'g':
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
case ARG_CASE_SENSITIVE:
journalctl: return EOPNOTSUPP if pcre is not enabled
2019-11-25 18:44:40 +01:00
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Compiled without pattern matching support");
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#endif
journalctl: introduce short options for --since and --until Fixes #1514.
2015-10-13 10:50:49 +02:00
case 'S':
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
r = parse_timestamp(optarg, &arg_since);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to parse timestamp: %s", optarg);
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
arg_since_set = true;
break;
journalctl: introduce short options for --since and --until Fixes #1514.
2015-10-13 10:50:49 +02:00
case 'U':
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
r = parse_timestamp(optarg, &arg_until);
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
if (r < 0)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"Failed to parse timestamp: %s", optarg);
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
arg_until_set = true;
break;
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
case 't':
r = strv_extend(&arg_syslog_identifier, optarg);
if (r < 0)
return log_oom();
break;
journalctl: show systemd messages about unit for -u journalctl -u unit is not very useful, because it doesn't show systemd messages about starting, stopping, coredumps, etc, like systemctl status unit does. Make it show the same information using the same rules. If somebody really want to see just messages from by the unit, it is easy enough to use _SYSTEMD_UNIT=...
2013-03-14 00:30:05 +01:00
case 'u':
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
r = strv_extend(&arg_system_units, optarg);
if (r < 0)
return log_oom();
journalctl: add --user-unit= switch Add --user-unit= to make it possible to query for user logs by the name of the service.
2013-03-01 14:39:04 +01:00
break;
journalctl: show systemd messages about unit for -u journalctl -u unit is not very useful, because it doesn't show systemd messages about starting, stopping, coredumps, etc, like systemctl status unit does. Make it show the same information using the same rules. If somebody really want to see just messages from by the unit, it is easy enough to use _SYSTEMD_UNIT=...
2013-03-14 00:30:05 +01:00
case ARG_USER_UNIT:
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
r = strv_extend(&arg_user_units, optarg);
if (r < 0)
return log_oom();
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
break;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
case 'F':
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
arg_action = ACTION_LIST_FIELDS;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
arg_field = optarg;
break;
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
case 'N':
arg_action = ACTION_LIST_FIELD_NAMES;
break;
journalctl: add --no-hostname switch This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-20 20:09:57 +02:00
case ARG_NO_HOSTNAME:
arg_no_hostname = true;
break;
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
case 'x':
arg_catalog = true;
break;
case ARG_LIST_CATALOG:
arg_action = ACTION_LIST_CATALOG;
break;
journalct: beef up entry listing The ability to dump catalog entries in full and by id is added.
2013-03-20 01:54:04 +01:00
case ARG_DUMP_CATALOG:
arg_action = ACTION_DUMP_CATALOG;
break;
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
case ARG_UPDATE_CATALOG:
arg_action = ACTION_UPDATE_CATALOG;
break;
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
case 'r':
arg_reverse = true;
break;
journalctl: add --utc option Introduce option to display time in UTC.
2014-10-02 14:39:29 +02:00
case ARG_UTC:
arg_utc = true;
break;
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
case ARG_FLUSH:
arg_action = ACTION_FLUSH;
break;
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
case ARG_SMART_RELINQUISH_VAR: {
int root_mnt_id, log_mnt_id;
/* Try to be smart about relinquishing access to /var/log/journal/ during shutdown:
* if it's on the same mount as the root file system there's no point in
* relinquishing access and we can leave journald write to it until the very last
* moment. */
r = path_get_mnt_id("/", &root_mnt_id);
if (r < 0)
log_debug_errno(r, "Failed to get root mount ID, ignoring: %m");
else {
r = path_get_mnt_id("/var/log/journal/", &log_mnt_id);
if (r < 0)
log_debug_errno(r, "Failed to get journal directory mount ID, ignoring: %m");
else if (root_mnt_id == log_mnt_id) {
log_debug("/var/log/journal/ is on root file system, not relinquishing access to /var.");
return 0;
} else
log_debug("/var/log/journal/ is not on the root file system, relinquishing access to it.");
}
_fallthrough_;
}
case ARG_RELINQUISH_VAR:
arg_action = ACTION_RELINQUISH_VAR;
break;
journalctl: add --rotate option shortcut for `systemctl kill --kill-who main --signal SIGUSR2 systemd-journald`
2015-09-30 21:54:58 +02:00
case ARG_ROTATE:
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
arg_action = arg_action == ACTION_VACUUM ? ACTION_ROTATE_AND_VACUUM : ACTION_ROTATE;
journalctl: add --rotate option shortcut for `systemctl kill --kill-who main --signal SIGUSR2 systemd-journald`
2015-09-30 21:54:58 +02:00
break;
journalctl: add new --sync switch for syncing the journal to disk With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11 12:59:09 +01:00
case ARG_SYNC:
arg_action = ACTION_SYNC;
break;
journalctl: add --output-fields= (#7181) This option allows restricting the shown fields in the output modes that would normally show all fields. It allows clients that are only interested in a subset of the fields to access those more efficiently. Also, it makes the resulting size of the output more predictable. It has no effect on the various `short` output modes, because those already only show a subset of the fields.
2017-10-27 05:10:47 +02:00
case ARG_OUTPUT_FIELDS: {
_cleanup_strv_free_ char **v = NULL;
v = strv_split(optarg, ",");
if (!v)
return log_oom();
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
if (!arg_output_fields)
arg_output_fields = TAKE_PTR(v);
else {
journalctl: add --output-fields= (#7181) This option allows restricting the shown fields in the output modes that would normally show all fields. It allows clients that are only interested in a subset of the fields to access those more efficiently. Also, it makes the resulting size of the output more predictable. It has no effect on the various `short` output modes, because those already only show a subset of the fields.
2017-10-27 05:10:47 +02:00
r = strv_extend_strv(&arg_output_fields, v, true);
if (r < 0)
return log_oom();
}
break;
}
clients: unify how we invoke getopt_long() Among other things this makes sure we always expose a --version command and show it in the help texts.
2013-11-06 18:28:39 +01:00
case '?':
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
return -EINVAL;
clients: unify how we invoke getopt_long() Among other things this makes sure we always expose a --version command and show it in the help texts.
2013-11-06 18:28:39 +01:00
default:
assert_not_reached("Unhandled option");
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
}
journalctl: print all possible lines immediately with --follow + --since When I tryed to run journalctl with --follow and --since arguments it behaved very strangely. First It prints logs from what I specified in --since argument, then printed 10 lines (as is default in --follow) and when app put something new in to log journalctl printed everithing from the last printed line. How to reproduce: 1. run: journalctl -m --since 14:00 --follow Then you'll see 10 lines of logs since 14:00. After that wait until some app add something in the journal or just run `systemd-cat echo test` 2. After that journalctl will print every single line since 14:00 and will follow as expected. As long as --since and --follow will eventually print all relevant lines, I seen no reason why not to print them right away and not after first new message in journal. Relevant bugzillas: https://bugs.freedesktop.org/show_bug.cgi?id=71546 https://bugs.freedesktop.org/show_bug.cgi?id=64291
2014-11-25 20:47:49 +01:00
if (arg_follow && !arg_no_tail && !arg_since && arg_lines == ARG_LINES_DEFAULT)
journalctl: only output 10 most recent lines in --follow mode
2012-01-04 15:27:31 +01:00
arg_lines = 10;
journalctl: allow --root argument for journal watching It is useful to look at a (possibly inactive) container or other os tree with --root=/path/to/container. This is similar to specifying --directory=/path/to/container/var/log/journal --directory=/path/to/container/run/systemd/journal (if using --directory multiple times was allowed), but doesn't require as much typing.
2016-08-12 06:34:45 +02:00
if (!!arg_directory + !!arg_file + !!arg_machine + !!arg_root > 1) {
log_error("Please specify at most one of -D/--directory=, --file=, -M/--machine=, --root.");
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
return -EINVAL;
}
journal: fix --until https://bugs.freedesktop.org/show_bug.cgi?id=58946
2013-02-24 15:27:51 +01:00
if (arg_since_set && arg_until_set && arg_since > arg_until) {
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
log_error("--since= must be before --until=.");
return -EINVAL;
}
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
if (!!arg_cursor + !!arg_after_cursor + !!arg_since_set > 1) {
log_error("Please specify only one of --since=, --cursor=, and --after-cursor.");
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
return -EINVAL;
}
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
if (arg_follow && arg_reverse) {
log_error("Please specify either --reverse= or --follow=, not both.");
return -EINVAL;
}
journalctl: enable args for --dump-catalog and --list-catalog `journalctl --dump-catalog ID1 ID2 ...` works fine.
2015-10-13 08:04:11 +02:00
if (!IN_SET(arg_action, ACTION_SHOW, ACTION_DUMP_CATALOG, ACTION_LIST_CATALOG) && optind < argc) {
journalctl: refuse extra arguments with --verify and similar Positional arguments only make sense with the default action. For other actions, complain instead of ignoring them silently.
2014-02-27 05:01:43 +01:00
log_error("Extraneous arguments starting with '%s'", argv[optind]);
return -EINVAL;
}
journalctl: allow --file/--directory with --boot or --list-boots It works mostly fine, and can be quite useful to examine data from another system. OTOH, a single boot id doesn't make sense with --merge, so mixing with --merge is still not allowed.
2016-06-28 21:27:07 +02:00
if ((arg_boot || arg_action == ACTION_LIST_BOOTS) && arg_merge) {
log_error("Using --boot or --list-boots with --merge is not supported.");
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
return -EINVAL;
}
journalctl: improve hint about lack of access for --user-unit=... When running journalctl --user-unit=foo as an unprivileged user we could get the usual hint: Hint: You are currently not seeing messages from the system and other users. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. ... But with --user-unit our filter is: (((_UID=0 OR _UID=1000) AND OBJECT_SYSTEMD_USER_UNIT=foo.service) OR ((_UID=0 OR _UID=1000) AND COREDUMP_USER_UNIT=foo.service) OR (_UID=1000 AND USER_UNIT=foo.service) OR (_UID=1000 AND _SYSTEMD_USER_UNIT=foo.service)) so we would never see messages from other users. We could still see messages from the system. In fact, on my machine the only messages with OBJECT_SYSTEMD_USER_UNIT= are from the system: journalctl $(journalctl -F OBJECT_SYSTEMD_USER_UNIT|sed 's/.*/OBJECT_SYSTEMD_USER_UNIT=\0/') Thus, a more correct hint is that we cannot see messages from the system. Make it so. Fixes #7887.
2018-02-19 22:40:26 +01:00
if (!strv_isempty(arg_system_units) && arg_journal_type == SD_JOURNAL_CURRENT_USER) {
journalctl: turn --unit= in combination with --user into --user-unit= Let's be nice to users, and let's turn the nonsensical "--unit=… --user" into "--user-unit=…" which the user more likely meant. Fixes #1621
2016-04-25 11:57:56 +02:00
/* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
* journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
* to users, and automatically turn --unit= into --user-unit= if combined with --user. */
r = strv_extend_strv(&arg_user_units, arg_system_units, true);
if (r < 0)
journalctl: fix memleak This is harmless, it would only happen if --verify-key is used multiple times. But let's fix it for correctness. CID ##1368415.
2017-01-15 17:55:46 +01:00
return r;
journalctl: turn --unit= in combination with --user into --user-unit= Let's be nice to users, and let's turn the nonsensical "--unit=… --user" into "--user-unit=…" which the user more likely meant. Fixes #1621
2016-04-25 11:57:56 +02:00
arg_system_units = strv_free(arg_system_units);
}
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
#if HAVE_PCRE2
if (arg_pattern) {
unsigned flags;
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
r = dlopen_pcre2();
if (r < 0)
return r;
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
if (arg_case_sensitive >= 0)
flags = !arg_case_sensitive * PCRE2_CASELESS;
else {
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
_cleanup_(sym_pcre2_match_data_freep) pcre2_match_data *md = NULL;
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
bool has_case;
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
_cleanup_(sym_pcre2_code_freep) pcre2_code *cs = NULL;
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
md = sym_pcre2_match_data_create(1, NULL);
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
if (!md)
return log_oom();
r = pattern_compile("[[:upper:]]", 0, &cs);
if (r < 0)
return r;
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
r = sym_pcre2_match(cs, (PCRE2_SPTR8) arg_pattern, PCRE2_ZERO_TERMINATED, 0, 0, md, NULL);
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
has_case = r >= 0;
flags = !has_case * PCRE2_CASELESS;
}
log_debug("Doing case %s matching based on %s",
flags & PCRE2_CASELESS ? "insensitive" : "sensitive",
arg_case_sensitive >= 0 ? "request" : "pattern casing");
r = pattern_compile(arg_pattern, flags, &arg_compiled_pattern);
if (r < 0)
return r;
}
#endif
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
return 1;
}
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
static int add_matches(sd_journal *j, char **args) {
char **i;
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
bool have_term = false;
journalctl: add new switch -b to show data from current boot only
2012-07-01 18:47:40 +02:00
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
assert(j);
journalctl: add new switch -b to show data from current boot only
2012-07-01 18:47:40 +02:00
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
STRV_FOREACH(i, args) {
journalctl: use _cleanup_ in one function
2013-03-15 23:00:57 +01:00
int r;
journalctl: add new switch -b to show data from current boot only
2012-07-01 18:47:40 +02:00
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
if (streq(*i, "+")) {
if (!have_term)
break;
journal: beef up journal matches considerably we now can take multiple matches, and they will apply as AND if they apply to different fields and OR if they apply to the same fields. Also, terms of this kind can be combined with an overreaching OR.
2012-07-13 00:29:26 +02:00
r = sd_journal_add_disjunction(j);
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
have_term = false;
} else if (path_is_absolute(*i)) {
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
_cleanup_free_ char *p = NULL, *t = NULL, *t2 = NULL, *interpreter = NULL;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
struct stat st;
journalctl: check first if match is a path name
2012-05-30 22:45:47 +02:00
basic/fs-util: change CHASE_OPEN flag into a separate output parameter chase_symlinks() would return negative on error, and either a non-negative status or a non-negative fd when CHASE_OPEN was given. This made the interface quite complicated, because dependning on the flags used, we would get two different "types" of return object. Coverity was always confused by this, and flagged every use of chase_symlinks() without CHASE_OPEN as a resource leak (because it would this that an fd is returned). This patch uses a saparate output parameter, so there is no confusion. (I think it is OK to have functions which return either an error or an fd. It's only returning *either* an fd or a non-fd that is confusing.)
2019-10-24 10:33:20 +02:00
r = chase_symlinks(*i, NULL, CHASE_TRAIL_SLASH, &p, NULL);
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
if (r < 0)
return log_error_errno(r, "Couldn't canonicalize path: %m");
journalctl: check first if match is a path name
2012-05-30 22:45:47 +02:00
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
if (lstat(p, &st) < 0)
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
return log_error_errno(errno, "Couldn't stat file: %m");
journalctl: check first if match is a path name
2012-05-30 22:45:47 +02:00
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
if (S_ISREG(st.st_mode) && (0111 & st.st_mode)) {
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
if (executable_is_script(p, &interpreter) > 0) {
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
_cleanup_free_ char *comm;
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
comm = strndup(basename(p), 15);
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
if (!comm)
return log_oom();
tree-wide: get rid of strappend() It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
2019-07-11 19:14:16 +02:00
t = strjoin("_COMM=", comm);
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
if (!t)
return log_oom();
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
/* Append _EXE only if the interpreter is not a link.
doc: update punctuation Resolve spotted issues related to missing or extraneous commas, dashes.
2014-02-17 03:37:13 +01:00
Otherwise, it might be outdated often. */
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
if (lstat(interpreter, &st) == 0 && !S_ISLNK(st.st_mode)) {
tree-wide: get rid of strappend() It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
2019-07-11 19:14:16 +02:00
t2 = strjoin("_EXE=", interpreter);
journalctl: use _COMM= match for scripts In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-19 10:02:50 +02:00
if (!t2)
return log_oom();
}
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
} else {
tree-wide: get rid of strappend() It's a special case of strjoin(), so no need to keep both. In particular as typing strjoin() is even shoert than strappend().
2019-07-11 19:14:16 +02:00
t = strjoin("_EXE=", p);
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
if (!t)
return log_oom();
}
r = sd_journal_add_match(j, t, 0);
if (r >=0 && t2)
r = sd_journal_add_match(j, t2, 0);
} else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
tree-wide: stop using canonicalize_file_name(), use chase_symlinks() instead Let's use chase_symlinks() everywhere, and stop using GNU canonicalize_file_name() everywhere. For most cases this should not change behaviour, however increase exposure of our function to get better tested. Most importantly in a few cases (most notably nspawn) it can take the correct root directory into account when chasing symlinks.
2016-11-18 21:35:21 +01:00
r = add_matches_for_device(j, p);
journalctl: make "journalctl /dev/sda" work Currently when journalctl is called with path to block device node we add following match _KERNEL_DEVICE=b$MAJOR:$MINOR. That is not sufficient to actually obtain logs about the disk because dev_printk() kernel helper puts to /dev/kmsg information about the device in following format, +$SUBSYSTEM:$ADDRESS, e.g. "+pci:pci:0000:00:14.0". Now we will walk upward the syspath and add match for every device in format produced by dev_printk() as well as match for its device node if it exists.
2016-02-01 10:44:58 +01:00
if (r < 0)
return r;
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
} else
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"File is neither a device node, nor regular file, nor executable: %s",
*i);
journalctl: check first if match is a path name
2012-05-30 22:45:47 +02:00
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
have_term = true;
} else {
journal: beef up journal matches considerably we now can take multiple matches, and they will apply as AND if they apply to different fields and OR if they apply to the same fields. Also, terms of this kind can be combined with an overreaching OR.
2012-07-13 00:29:26 +02:00
r = sd_journal_add_match(j, *i, 0);
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
have_term = true;
}
journalctl: check first if match is a path name
2012-05-30 22:45:47 +02:00
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to add match '%s': %m", *i);
journal: properly implement matching with multiple matches
2011-10-15 01:13:37 +02:00
}
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
if (!strv_isempty(args) && !have_term)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
"\"+\" can only be used between terms");
journalctl,man: allow + only between terms https://bugzilla.redhat.com/show_bug.cgi?id=1110712
2014-07-20 03:05:07 +02:00
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
return 0;
}
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
static void boot_id_free_all(BootId *l) {
while (l) {
BootId *i = l;
LIST_REMOVE(boot_list, l, i);
free(i);
}
}
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
static int discover_next_boot(sd_journal *j,
sd_id128_t previous_boot_id,
bool advance_older,
BootId **ret) {
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
_cleanup_free_ BootId *next_boot = NULL;
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
char match[9+32+1] = "_BOOT_ID=";
sd_id128_t boot_id;
int r;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
assert(j);
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
assert(ret);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
/* We expect the journal to be on the last position of a boot
* (in relation to the direction we are going), so that the next
* invocation of sd_journal_next/previous will be from a different
* boot. We then collect any information we desire and then jump
* to the last location of the new boot by using a _BOOT_ID match
* coming from the other journal direction. */
/* Make sure we aren't restricted by any _BOOT_ID matches, so that
* we can actually advance to a *different* boot. */
sd_journal_flush_matches(j);
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
do {
if (advance_older)
r = sd_journal_previous(j);
else
r = sd_journal_next(j);
if (r < 0)
return r;
else if (r == 0)
return 0; /* End of journal, yay. */
r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
if (r < 0)
return r;
/* We iterate through this in a loop, until the boot ID differs from the previous one. Note that
* normally, this will only require a single iteration, as we seeked to the last entry of the previous
* boot entry already. However, it might happen that the per-journal-field entry arrays are less
* complete than the main entry array, and hence might reference an entry that's not actually the last
* one of the boot ID as last one. Let's hence use the per-field array is initial seek position to
* speed things up, but let's not trust that it is complete, and hence, manually advance as
* necessary. */
} while (sd_id128_equal(boot_id, previous_boot_id));
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
next_boot = new0(BootId, 1);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (!next_boot)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return -ENOMEM;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
next_boot->id = boot_id;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: simplify discover_next_boot() a bit Drop the "read_realtime" parameter. Getting the realtime timestamp from an entry is cheap, as it is a normal header field, hence let's just get this unconditionally, and simplify our code a bit.
2016-04-25 16:37:09 +02:00
r = sd_journal_get_realtime_usec(j, &next_boot->first);
if (r < 0)
return r;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
/* Now seek to the last occurrence of this boot ID. */
sd_id128_to_string(next_boot->id, match + 9);
r = sd_journal_add_match(j, match, sizeof(match) - 1);
if (r < 0)
return r;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (advance_older)
r = sd_journal_seek_head(j);
else
r = sd_journal_seek_tail(j);
if (r < 0)
return r;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (advance_older)
r = sd_journal_next(j);
else
r = sd_journal_previous(j);
if (r < 0)
return r;
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
else if (r == 0)
return log_debug_errno(SYNTHETIC_ERRNO(ENODATA),
"Whoopsie! We found a boot ID but can't read its last entry."); /* This shouldn't happen. We just came from this very boot ID. */
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: simplify discover_next_boot() a bit Drop the "read_realtime" parameter. Getting the realtime timestamp from an entry is cheap, as it is a normal header field, hence let's just get this unconditionally, and simplify our code a bit.
2016-04-25 16:37:09 +02:00
r = sd_journal_get_realtime_usec(j, &next_boot->last);
if (r < 0)
return r;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*ret = TAKE_PTR(next_boot);
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
return 0;
}
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
static int get_boots(
sd_journal *j,
BootId **boots,
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
sd_id128_t *boot_id,
int offset) {
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
bool skip_once;
int r, count = 0;
Avoid forever loop for journalctl --list-boots command (#4278) When date is changed in system to future and normal user logs to new journal file, and then date is changed back to present time, the "journalctl --list-boot" command goes to forever loop. This commit tries to fix this problem by checking first the boot id list if the found boot id was already in that list. If it is found, then stopping the boot id find loop.
2016-10-12 18:40:28 +02:00
BootId *head = NULL, *tail = NULL, *id;
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
const bool advance_older = boot_id && offset <= 0;
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
sd_id128_t previous_boot_id;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
assert(j);
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
/* Adjust for the asymmetry that offset 0 is
* the last (and current) boot, while 1 is considered the
* (chronological) first boot in the journal. */
journalct: allow --boot=0 to DTRT with --file/--directory --boot=0 magically meant "this boot", but when used with --file/--directory it should simply refer to the last boot found in the specified journal. This way, --boot and --list-boots are consistent. Fixes #3603.
2016-06-28 22:12:47 +02:00
skip_once = boot_id && sd_id128_is_null(*boot_id) && offset <= 0;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
/* Advance to the earliest/latest occurrence of our reference
* boot ID (taking our lookup direction into account), so that
* discover_next_boot() can do its job.
* If no reference is given, the journal head/tail will do,
* they're "virtual" boots after all. */
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
if (boot_id && !sd_id128_is_null(*boot_id)) {
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
char match[9+32+1] = "_BOOT_ID=";
sd_journal_flush_matches(j);
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
sd_id128_to_string(*boot_id, match + 9);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
r = sd_journal_add_match(j, match, sizeof(match) - 1);
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
if (r < 0)
return r;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (advance_older)
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_seek_head(j); /* seek to oldest */
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
else
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_seek_tail(j); /* seek to newest */
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
if (r < 0)
return r;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (advance_older)
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_next(j); /* read the oldest entry */
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
else
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_previous(j); /* read the most recently added entry */
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
if (r < 0)
return r;
else if (r == 0)
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
goto finish;
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
else if (offset == 0) {
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
count = 1;
goto finish;
}
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
codespell: fix spelling errors
2019-04-27 02:22:40 +02:00
/* At this point the read pointer is positioned at the oldest/newest occurrence of the reference boot
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
* ID. After flushing the matches, one more invocation of _previous()/_next() will hence place us at
* the following entry, which must then have an older/newer boot ID */
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
} else {
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (advance_older)
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_seek_tail(j); /* seek to newest */
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
else
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
r = sd_journal_seek_head(j); /* seek to oldest */
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
if (r < 0)
return r;
journalctl: add some explanatory comments to get_boots()
2016-04-25 16:23:29 +02:00
/* No sd_journal_next()/_previous() here.
*
* At this point the read pointer is positioned after the newest/before the oldest entry in the whole
* journal. The next invocation of _previous()/_next() will hence position us at the newest/oldest
* entry we have. */
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
}
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
previous_boot_id = SD_ID128_NULL;
journalctl: rename boot_id_t to BootId So far we tried to reserve the _t suffix to types we use like a value in contrast to types we use as objects, hence let's do this in journalctl too.
2015-05-19 00:24:27 +02:00
for (;;) {
_cleanup_free_ BootId *current = NULL;
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
r = discover_next_boot(j, previous_boot_id, advance_older, &current);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (r < 0) {
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
boot_id_free_all(head);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
return r;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
}
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (!current)
break;
journalctl: don't trust the per-field entry tables when looking for boot IDs When appending to a journal file, journald will: a) first, append the actual entry to the end of the journal file b) second, add an offset reference to it to the global entry array stored at the beginning of the file c) third, add offset references to it to the per-field entry array stored at various places of the file The global entry array, maintained by b) is used when iterating through the journal without matches applied. The per-field entry array maintained by c) is used when iterating through the journal with a match for that specific field applied. In the wild, there are journal files where a) and b) were completed, but c) was not before the files were abandoned. This means, that in some cases log entries are at the end of these files that appear in the global entry array, but not in the per-field entry array of the _BOOT_ID= field. Now, the "journalctl --list-boots" command alternatingly uses the global entry array and the per-field entry array of the _BOOT_ID= field. It seeks to the last entry of a specific _BOOT_ID=field by having the right match installed, and then jumps to the next following entry with no match installed anymore, under the assumption this would bring it to the next boot ID. However, if the per-field entry wasn't written fully, it might actually turn out that the global entry array might know one more entry with the same _BOOT_ID, thus resulting in a indefinite loop around the same _BOOT_ID. This patch fixes that, by updating the boot search logic to always continue reading entries until the boot ID actually changed from the previous. Thus, the per-field entry array is used as quick jump index (i.e. as an optimization), but not trusted otherwise. Only the global entry array is trusted. This replaces PR #1904, which is actually very similar to this one. However, this one actually reads the boot ID directly from the entry header, and doesn't try to read it at all until the read pointer is actually really located on the first item to read. Fixes: #617 Replaces: #1904
2016-04-25 18:08:42 +02:00
previous_boot_id = current->id;
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
if (boot_id) {
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (!skip_once)
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
offset += advance_older ? 1 : -1;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
skip_once = false;
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
if (offset == 0) {
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
count = 1;
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
*boot_id = current->id;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
break;
}
} else {
Avoid forever loop for journalctl --list-boots command (#4278) When date is changed in system to future and normal user logs to new journal file, and then date is changed back to present time, the "journalctl --list-boot" command goes to forever loop. This commit tries to fix this problem by checking first the boot id list if the found boot id was already in that list. If it is found, then stopping the boot id find loop.
2016-10-12 18:40:28 +02:00
LIST_FOREACH(boot_list, id, head) {
if (sd_id128_equal(id->id, current->id)) {
/* boot id already stored, something wrong with the journal files */
/* exiting as otherwise this problem would cause forever loop */
goto finish;
}
}
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
LIST_INSERT_AFTER(boot_list, head, tail, current);
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
tail = TAKE_PTR(current);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
count++;
}
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
}
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
finish:
if (boots)
*boots = head;
sd_journal_flush_matches(j);
return count;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
}
static int list_boots(sd_journal *j) {
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
int w, i, count;
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
BootId *id, *all_ids;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
assert(j);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
count = get_boots(j, &all_ids, NULL, 0);
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
if (count < 0)
return log_error_errno(count, "Failed to determine boots: %m");
if (count == 0)
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
return count;
journalctl: Unify boot id lookup into common function get_boots
2014-10-23 19:37:29 +02:00
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
/* numbers are one less, but we need an extra char for the sign */
w = DECIMAL_STR_WIDTH(count - 1) + 1;
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
i = 0;
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
LIST_FOREACH(boot_list, id, all_ids) {
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
printf("% *i " SD_ID128_FORMAT_STR " %s—%s\n",
w, i - count + 1,
SD_ID128_FORMAT_VAL(id->id),
time: functions named "internal" really shouldn't be exported Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08 22:37:45 +02:00
format_timestamp_maybe_utc(a, sizeof(a), id->first),
format_timestamp_maybe_utc(b, sizeof(b), id->last));
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
i++;
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
}
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
journalctl: unify how we free boot id lists a bit Instead of use LIST_FOREACH_SAFE, just use the same, seperate destructor everywhere.
2015-05-19 00:35:02 +02:00
boot_id_free_all(all_ids);
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
return 0;
}
static int add_boot(sd_journal *j) {
char match[9+32+1] = "_BOOT_ID=";
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
sd_id128_t boot_id;
journalctl: make sure -b --foobar cannot be misunderstood as --boot=--foobar
2013-12-26 01:52:01 +01:00
int r;
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
assert(j);
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
if (!arg_boot)
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
return 0;
journalct: allow --boot=0 to DTRT with --file/--directory --boot=0 magically meant "this boot", but when used with --file/--directory it should simply refer to the last boot found in the specified journal. This way, --boot and --list-boots are consistent. Fixes #3603.
2016-06-28 22:12:47 +02:00
/* Take a shortcut and use the current boot_id, which we can do very quickly.
* We can do this only when we logs are coming from the current machine,
* so take the slow path if log location is specified. */
tree-wide: use sd_id128_is_null() instead of sd_id128_equal where appropriate It's a bit easier to read because shorter. Also, most likely a tiny bit faster.
2016-07-21 16:06:31 +02:00
if (arg_boot_offset == 0 && sd_id128_is_null(arg_boot_id) &&
journalctl: allow --root argument for journal watching It is useful to look at a (possibly inactive) container or other os tree with --root=/path/to/container. This is similar to specifying --directory=/path/to/container/var/log/journal --directory=/path/to/container/run/systemd/journal (if using --directory multiple times was allowed), but doesn't require as much typing.
2016-08-12 06:34:45 +02:00
!arg_directory && !arg_file && !arg_root)
journal: add ability to browse journals of running OS containers This adds the new library call sd_journal_open_container() and a new "-M" switch to journalctl. Particular care is taken that journalctl's "-b" switch resolves to the current boot ID of the container, not the host.
2013-12-11 22:04:03 +01:00
return add_match_this_boot(j, arg_machine);
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
boot_id = arg_boot_id;
r = get_boots(j, NULL, &boot_id, arg_boot_offset);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
assert(r <= 1);
if (r <= 0) {
tree-wide: introduce strerror_safe()
2019-07-03 16:56:17 +02:00
const char *reason = (r == 0) ? "No such boot ID in journal" : strerror_safe(r);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
if (sd_id128_is_null(arg_boot_id))
journalctl: improve error messages when the specified boot is not found
2016-02-01 09:29:02 +01:00
log_error("Data from the specified boot (%+i) is not available: %s",
arg_boot_offset, reason);
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
else
journalctl: improve error messages when the specified boot is not found
2016-02-01 09:29:02 +01:00
log_error("Data from the specified boot ("SD_ID128_FORMAT_STR") is not available: %s",
SD_ID128_FORMAT_VAL(arg_boot_id), reason);
journalctl: Improve boot ID lookup This method should greatly improve offset based lookup, by simply jumping from one boot to the next boot. It starts at the journal head to get the a boot ID, makes a _BOOT_ID match and then comes from the opposite journal direction (tail) to get to the end that boot. After flushing the matches and advancing the journal from that exact position, we arrive at the start of next boot. Rinse and repeat. This is faster than the old method of aggregating the full boot listing just so we can jump to a specific boot, which can be a real pain on big journals just for a mere "-b -1" case. As an additional benefit --list-boots should improve slightly too, because it does less seeking. Note that there can be a change in boot order with this lookup method because it will use the order of boots in the journal, not the realtime stamp stored in them. That's arguably better, though. Another deficiency is that it will get confused with boots interleaving in the journal, therefore, it will refuse operation in --merge, --file and --directory mode. https://bugs.freedesktop.org/show_bug.cgi?id=72601
2015-05-01 15:15:16 +02:00
return r == 0 ? -ENODATA : r;
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
}
journalctl: use simpler variable names in get_boots() Those are just local variables and ref_boot_offset is especially obnoxious.
2016-06-28 21:49:03 +02:00
sd_id128_to_string(boot_id, match + 9);
journalctl: remove ":" from the --boot syntax Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16 21:56:22 +02:00
r = sd_journal_add_match(j, match, sizeof(match) - 1);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
r = sd_journal_add_conjunction(j);
if (r < 0)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return log_error_errno(r, "Failed to add conjunction: %m");
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
return 0;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
}
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
static int add_dmesg(sd_journal *j) {
int r;
assert(j);
if (!arg_dmesg)
return 0;
tree-wide: make use of new STRLEN() macro everywhere (#7639) Let's employ coccinelle to do this for us. Follow-up for #7625.
2017-12-14 19:02:29 +01:00
r = sd_journal_add_match(j, "_TRANSPORT=kernel",
STRLEN("_TRANSPORT=kernel"));
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
r = sd_journal_add_conjunction(j);
if (r < 0)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return log_error_errno(r, "Failed to add conjunction: %m");
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
return 0;
}
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
static int get_possible_units(
sd_journal *j,
const char *fields,
char **patterns,
Set **units) {
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
_cleanup_set_free_free_ Set *found;
const char *field;
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
int r;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
hashmap: introduce hash_ops to make struct Hashmap smaller It is redundant to store 'hash' and 'compare' function pointers in struct Hashmap separately. The functions always comprise a pair. Store a single pointer to struct hash_ops instead. systemd keeps hundreds of hashmaps, so this saves a little bit of memory.
2014-08-13 01:00:18 +02:00
found = set_new(&string_hash_ops);
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
if (!found)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return -ENOMEM;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
NULSTR_FOREACH(field, fields) {
const void *data;
size_t size;
r = sd_journal_query_unique(j, field);
if (r < 0)
return r;
SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
char **pattern, *eq;
size_t prefix;
_cleanup_free_ char *u = NULL;
eq = memchr(data, '=', size);
if (eq)
prefix = eq - (char*) data + 1;
else
prefix = 0;
u = strndup((char*) data + prefix, size - prefix);
if (!u)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return -ENOMEM;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
STRV_FOREACH(pattern, patterns)
if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
log_debug("Matched %s with pattern %s=%s", u, field, *pattern);
r = set_consume(found, u);
u = NULL;
if (r < 0 && r != -EEXIST)
return r;
break;
}
}
}
tree-wide: use TAKE_PTR() and TAKE_FD() macros
2018-04-05 07:26:26 +02:00
*units = TAKE_PTR(found);
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
return 0;
}
/* This list is supposed to return the superset of unit names
* possibly matched by rules added with add_matches_for_unit... */
#define SYSTEM_UNITS \
"_SYSTEMD_UNIT\0" \
"COREDUMP_UNIT\0" \
"UNIT\0" \
"OBJECT_SYSTEMD_UNIT\0" \
"_SYSTEMD_SLICE\0"
/* ... and add_matches_for_user_unit */
#define USER_UNITS \
"_SYSTEMD_USER_UNIT\0" \
"USER_UNIT\0" \
"COREDUMP_USER_UNIT\0" \
journalctl: Make journalctl --user-unit= match on _SYSTEMD_USER_SLICE journalctl --unit= already did this, and allows you to tail all the logs for a certain slice easily. It seemed only natural to make --user-unit behave in a similar way. The _SYSTEMD_USER_SLICE field was not documented as being added by journald, so I have added that to the documentation too. Furthermore, I have documented the existing behaviour of --unit= and the new behaviour of --user-unit= The behaviour was actually not documented before, so I am also OK with removing the match for the --unit= command instead. The user would then have to manually provide _SYSTEMD_SLICE= filter to journalctl in both cases. Both options work for me.
2019-08-12 19:36:56 +02:00
"OBJECT_SYSTEMD_USER_UNIT\0" \
"_SYSTEMD_USER_SLICE\0"
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
static int add_units(sd_journal *j) {
_cleanup_strv_free_ char **patterns = NULL;
int r, count = 0;
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
char **i;
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
assert(j);
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
STRV_FOREACH(i, arg_system_units) {
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
_cleanup_free_ char *u = NULL;
When mangling names, optionally emit a warning (#8400) The warning is not emitted for absolute paths like /dev/sda or /home, which are converted to .device and .mount unit names without any fuss. Most of the time it's unlikely that users use invalid unit names on purpose, so let's warn them. Warnings are silenced when --quiet is used. $ build/systemctl show -p Id hello@foo-bar/baz Invalid unit name "hello@foo-bar/baz" was escaped as "hello@foo-bar-baz" (maybe you should use systemd-escape?) Id=hello@foo-bar-baz.service $ build/systemd-run --user --slice foo-bar/baz --unit foo-bar/foo true Invalid unit name "foo-bar/foo" was escaped as "foo-bar-foo" (maybe you should use systemd-escape?) Invalid unit name "foo-bar/baz" was escaped as "foo-bar-baz" (maybe you should use systemd-escape?) Running as unit: foo-bar-foo.service Fixes #8302.
2018-03-21 15:26:47 +01:00
r = unit_name_mangle(*i, UNIT_NAME_MANGLE_GLOB | (arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN), &u);
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
if (r < 0)
return r;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
if (string_is_glob(u)) {
r = strv_push(&patterns, u);
if (r < 0)
return r;
u = NULL;
} else {
r = add_matches_for_unit(j, u);
if (r < 0)
return r;
r = sd_journal_add_disjunction(j);
if (r < 0)
return r;
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
count++;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
}
}
if (!strv_isempty(patterns)) {
_cleanup_set_free_free_ Set *units = NULL;
Iterator it;
char *u;
r = get_possible_units(j, SYSTEM_UNITS, patterns, &units);
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
if (r < 0)
return r;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
SET_FOREACH(u, units, it) {
r = add_matches_for_unit(j, u);
if (r < 0)
return r;
r = sd_journal_add_disjunction(j);
if (r < 0)
return r;
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
count++;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
}
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
}
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
tree-wide: introduce mfree() Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-31 19:56:38 +02:00
patterns = strv_free(patterns);
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
STRV_FOREACH(i, arg_user_units) {
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
_cleanup_free_ char *u = NULL;
When mangling names, optionally emit a warning (#8400) The warning is not emitted for absolute paths like /dev/sda or /home, which are converted to .device and .mount unit names without any fuss. Most of the time it's unlikely that users use invalid unit names on purpose, so let's warn them. Warnings are silenced when --quiet is used. $ build/systemctl show -p Id hello@foo-bar/baz Invalid unit name "hello@foo-bar/baz" was escaped as "hello@foo-bar-baz" (maybe you should use systemd-escape?) Id=hello@foo-bar-baz.service $ build/systemd-run --user --slice foo-bar/baz --unit foo-bar/foo true Invalid unit name "foo-bar/foo" was escaped as "foo-bar-foo" (maybe you should use systemd-escape?) Invalid unit name "foo-bar/baz" was escaped as "foo-bar-baz" (maybe you should use systemd-escape?) Running as unit: foo-bar-foo.service Fixes #8302.
2018-03-21 15:26:47 +01:00
r = unit_name_mangle(*i, UNIT_NAME_MANGLE_GLOB | (arg_quiet ? 0 : UNIT_NAME_MANGLE_WARN), &u);
core: rework unit name validation and manipulation logic A variety of changes: - Make sure all our calls distuingish OOM from other errors if OOM is not the only error possible. - Be much stricter when parsing escaped paths, do not accept trailing or leading escaped slashes. - Change unit validation to take a bit mask for allowing plain names, instance names or template names or an combination thereof. - Refuse manipulating invalid unit name
2015-04-30 20:21:00 +02:00
if (r < 0)
return r;
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
if (string_is_glob(u)) {
r = strv_push(&patterns, u);
if (r < 0)
return r;
u = NULL;
} else {
r = add_matches_for_user_unit(j, u, getuid());
if (r < 0)
return r;
r = sd_journal_add_disjunction(j);
if (r < 0)
return r;
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
count++;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
}
}
if (!strv_isempty(patterns)) {
_cleanup_set_free_free_ Set *units = NULL;
Iterator it;
char *u;
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
r = get_possible_units(j, USER_UNITS, patterns, &units);
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
if (r < 0)
return r;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
SET_FOREACH(u, units, it) {
r = add_matches_for_user_unit(j, u, getuid());
if (r < 0)
return r;
r = sd_journal_add_disjunction(j);
if (r < 0)
return r;
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
count++;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
}
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
}
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
/* Complain if the user request matches but nothing whatsoever was
* found, since otherwise everything would be matched. */
if (!(strv_isempty(arg_system_units) && strv_isempty(arg_user_units)) && count == 0)
return -ENODATA;
journal: add one more level on top with AND When using "-p" and "-b" in combination with "-u", the output is not what you would expect. The reason is the sd_journal_add_disjunction() call in add_matches_for_unit() and add_matches_for_user_unit(), which adds two ORs without taking the other conditions to every OR. Adding another level on top with AND and sd_journal_add_conjunction() solves the problem. Output before: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Reboot -- [ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon... -- Reboot -- [ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon... [ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon. [36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon... [ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon. [ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22. As we see, the output is from _every_ boot and priority 0 is not taken into account. Output after patch: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. -- Increasing the priority: $ journalctl -o short-monotonic -ab -p 6 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
2013-04-11 15:27:55 +02:00
r = sd_journal_add_conjunction(j);
if (r < 0)
return r;
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
return 0;
}
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
static int add_priorities(sd_journal *j) {
char match[] = "PRIORITY=0";
int i, r;
assert(j);
if (arg_priorities == 0xFF)
return 0;
for (i = LOG_EMERG; i <= LOG_DEBUG; i++)
if (arg_priorities & (1 << i)) {
match[sizeof(match)-2] = '0' + i;
r = sd_journal_add_match(j, match, strlen(match));
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
}
journal: add one more level on top with AND When using "-p" and "-b" in combination with "-u", the output is not what you would expect. The reason is the sd_journal_add_disjunction() call in add_matches_for_unit() and add_matches_for_user_unit(), which adds two ORs without taking the other conditions to every OR. Adding another level on top with AND and sd_journal_add_conjunction() solves the problem. Output before: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Reboot -- [ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon... -- Reboot -- [ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon... [ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon. [36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon... [ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon. [ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22. As we see, the output is from _every_ boot and priority 0 is not taken into account. Output after patch: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. -- Increasing the priority: $ journalctl -o short-monotonic -ab -p 6 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
2013-04-11 15:27:55 +02:00
r = sd_journal_add_conjunction(j);
if (r < 0)
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
return log_error_errno(r, "Failed to add conjunction: %m");
journal: add one more level on top with AND When using "-p" and "-b" in combination with "-u", the output is not what you would expect. The reason is the sd_journal_add_disjunction() call in add_matches_for_unit() and add_matches_for_user_unit(), which adds two ORs without taking the other conditions to every OR. Adding another level on top with AND and sd_journal_add_conjunction() solves the problem. Output before: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Reboot -- [ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon... -- Reboot -- [ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon... [ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon. [36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon... [ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon. [ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22. As we see, the output is from _every_ boot and priority 0 is not taken into account. Output after patch: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. -- Increasing the priority: $ journalctl -o short-monotonic -ab -p 6 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
2013-04-11 15:27:55 +02:00
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
return 0;
}
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
static int add_facilities(sd_journal *j) {
void *p;
Iterator it;
int r;
SET_FOREACH(p, arg_facilities, it) {
char match[STRLEN("SYSLOG_FACILITY=") + DECIMAL_STR_MAX(int)];
xsprintf(match, "SYSLOG_FACILITY=%d", PTR_TO_INT(p));
r = sd_journal_add_match(j, match, strlen(match));
if (r < 0)
return log_error_errno(r, "Failed to add match: %m");
}
return 0;
}
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
static int add_syslog_identifier(sd_journal *j) {
int r;
char **i;
assert(j);
STRV_FOREACH(i, arg_syslog_identifier) {
tree-wide: drop alloca() in loop
2019-06-19 23:29:19 +02:00
_cleanup_free_ char *u = NULL;
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
tree-wide: drop alloca() in loop
2019-06-19 23:29:19 +02:00
u = strjoin("SYSLOG_IDENTIFIER=", *i);
if (!u)
return -ENOMEM;
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
r = sd_journal_add_match(j, u, 0);
if (r < 0)
return r;
r = sd_journal_add_disjunction(j);
if (r < 0)
return r;
}
r = sd_journal_add_conjunction(j);
if (r < 0)
return r;
return 0;
}
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
static int setup_keys(void) {
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_GCRYPT
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
size_t mpk_size, seed_size, state_size, i;
uint8_t *mpk, *seed, *state;
journald: turn off COW for journal files on btrfs btrfs' COW logic results in heavily fragment journal files, which is detrimental for perfomance. Hence, turn off COW for journal files as we create them. Turning off COW comes at the cost of data integrity guarantees, but this should be acceptable, given that we do our own checksumming, and generally have a pretty conservative write pattern. Also see discussion on linux-btrfs: http://www.spinics.net/lists/linux-btrfs/msg41001.html
2015-01-08 01:22:29 +01:00
int fd = -1, r;
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
sd_id128_t machine, boot;
char *p = NULL, *k = NULL;
journal: add FSPRG journal authentication
2012-08-16 23:58:14 +02:00
uint64_t n;
journalctl: have a useful --setup-keys error message when using non-persistant logging Generating seed... Generating key pair... Generating sealing key... Failed to open /var/log/journal/33f46101703a10c5fc6fa4f451840101/fss.tmp.k2wDDU: No such file or directory
2013-07-13 05:57:15 +02:00
struct stat st;
r = stat("/var/log/journal", &st);
tree-wide: use IN_SET macro (#6977)
2017-10-04 16:01:32 +02:00
if (r < 0 && !IN_SET(errno, ENOENT, ENOTDIR))
treewide: another round of simplifications Using the same scripts as in f647962d64e "treewide: yet more log_*_errno + return simplifications".
2014-11-28 19:57:32 +01:00
return log_error_errno(errno, "stat(\"%s\") failed: %m", "/var/log/journal");
journalctl: have a useful --setup-keys error message when using non-persistant logging Generating seed... Generating key pair... Generating sealing key... Failed to open /var/log/journal/33f46101703a10c5fc6fa4f451840101/fss.tmp.k2wDDU: No such file or directory
2013-07-13 05:57:15 +02:00
if (r < 0 || !S_ISDIR(st.st_mode)) {
log_error("%s is not a directory, must be using persistent logging for FSS.",
"/var/log/journal");
return r < 0 ? -errno : -ENOTDIR;
}
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
r = sd_id128_get_machine(&machine);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to get machine ID: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
r = sd_id128_get_boot(&boot);
treewide: more log_*_errno + return simplifications
2014-11-28 18:23:20 +01:00
if (r < 0)
return log_error_errno(r, "Failed to get boot ID: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
SD_ID128_FORMAT_VAL(machine)) < 0)
return log_oom();
journalctl: unlink without checking with access first It is more elegant to do this in one step. Coverity complains about the TOCTOU difference, but it is not an actual problem (CID #1237777).
2015-03-09 23:58:47 +01:00
if (arg_force) {
r = unlink(p);
if (r < 0 && errno != ENOENT) {
r = log_error_errno(errno, "unlink(\"%s\") failed: %m", p);
journalctl: add --force option to recreate FSS
2013-07-15 05:13:09 +02:00
goto finish;
}
journalctl: unlink without checking with access first It is more elegant to do this in one step. Coverity complains about the TOCTOU difference, but it is not an actual problem (CID #1237777).
2015-03-09 23:58:47 +01:00
} else if (access(p, F_OK) >= 0) {
log_error("Sealing key file %s exists already. Use --force to recreate.", p);
r = -EEXIST;
goto finish;
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
}
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
SD_ID128_FORMAT_VAL(machine)) < 0) {
r = log_oom();
goto finish;
}
mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
mpk = alloca(mpk_size);
seed_size = FSPRG_RECOMMENDED_SEEDLEN;
seed = alloca(seed_size);
state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
state = alloca(state_size);
fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
if (fd < 0) {
tree-wide: make use of log_error_errno() return value Turns this: r = -errno; log_error_errno(errno, "foo"); into this: r = log_error_errno(errno, "foo"); and this: r = log_error_errno(errno, "foo"); return r; into this: return log_error_errno(errno, "foo");
2015-09-08 19:30:45 +02:00
r = log_error_errno(errno, "Failed to open /dev/random: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
log_info("Generating seed...");
Introduce loop_read_exact helper Usually when using loop_read(), we want to read the full buffer. Add a helper that mirrors loop_write(), and returns 0 when full buffer was read, and an error otherwise. Use -ENODATA for the short read, to distinguish it from a read error.
2015-03-10 02:23:53 +01:00
r = loop_read_exact(fd, seed, seed_size, true);
if (r < 0) {
log_error_errno(r, "Failed to read random seed: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
log_info("Generating key pair...");
FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
log_info("Generating sealing key...");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
FSPRG_GenState0(state, mpk, seed, seed_size);
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
assert(arg_interval > 0);
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
n = now(CLOCK_REALTIME);
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
n /= arg_interval;
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-18 19:22:43 +01:00
safe_close(fd);
fileio: simplify mkostemp_safe() (#4090) According to its manual page, flags given to mkostemp(3) shouldn't include O_RDWR, O_CREAT or O_EXCL flags as these are always included. Beyond those, the only flag that all callers (except a few tests where it probably doesn't matter) use is O_CLOEXEC, so set that unconditionally.
2016-09-13 08:20:38 +02:00
fd = mkostemp_safe(k);
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
if (fd < 0) {
treewide: use the negative error codes returned by our functions Our functions return negative error codes. Do not rely on errno being set after calling our own functions.
2015-11-05 13:44:06 +01:00
r = log_error_errno(fd, "Failed to open %s: %m", k);
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
journal: set secure deletion flags for FSS file
2012-08-17 22:10:11 +02:00
/* Enable secure remove, exclusion from dump, synchronous
* writing and in-place updating */
chattr: optionally, return the old flags when updating them
2018-06-25 20:04:07 +02:00
r = chattr_fd(fd, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL, NULL);
journald: turn off COW for journal files on btrfs btrfs' COW logic results in heavily fragment journal files, which is detrimental for perfomance. Hence, turn off COW for journal files as we create them. Turning off COW comes at the cost of data integrity guarantees, but this should be acceptable, given that we do our own checksumming, and generally have a pretty conservative write pattern. Also see discussion on linux-btrfs: http://www.spinics.net/lists/linux-btrfs/msg41001.html
2015-01-08 01:22:29 +01:00
if (r < 0)
treewide: use the negative error codes returned by our functions Our functions return negative error codes. Do not rely on errno being set after calling our own functions.
2015-11-05 13:44:06 +01:00
log_warning_errno(r, "Failed to set file attributes: %m");
journal: set secure deletion flags for FSS file
2012-08-17 22:10:11 +02:00
tree-wide: use structured initialization at various places
2020-04-17 15:30:48 +02:00
struct FSSHeader h = {
.machine_id = machine,
.boot_id = boot,
.header_size = htole64(sizeof(h)),
.start_usec = htole64(n * arg_interval),
.interval_usec = htole64(arg_interval),
.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR),
.fsprg_state_size = htole64(state_size),
};
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
memcpy(h.signature, "KSHHRHLP", 8);
treewide: sanitize loop_write loop_write() didn't follow the usual systemd rules and returned status partially in errno and required extensive checks from callers. Some of the callers dealt with this properly, but many did not, treating partial writes as successful. Simplify things by conforming to usual rules.
2014-12-02 02:43:19 +01:00
r = loop_write(fd, &h, sizeof(h), false);
if (r < 0) {
log_error_errno(r, "Failed to write header: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
treewide: sanitize loop_write loop_write() didn't follow the usual systemd rules and returned status partially in errno and required extensive checks from callers. Some of the callers dealt with this properly, but many did not, treating partial writes as successful. Simplify things by conforming to usual rules.
2014-12-02 02:43:19 +01:00
r = loop_write(fd, state, state_size, false);
if (r < 0) {
log_error_errno(r, "Failed to write state: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
if (link(k, p) < 0) {
tree-wide: make use of log_error_errno() return value Turns this: r = -errno; log_error_errno(errno, "foo"); into this: r = log_error_errno(errno, "foo"); and this: r = log_error_errno(errno, "foo"); return r; into this: return log_error_errno(errno, "foo");
2015-09-08 19:30:45 +02:00
r = log_error_errno(errno, "Failed to link file: %m");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
goto finish;
}
util: unify usage of on_tty() in util.c
2012-10-18 23:59:41 +02:00
if (on_tty()) {
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
fprintf(stderr,
"\n"
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
"The new key pair has been generated. The %ssecret sealing key%s has been written to\n"
journalctl: reword things a bit
2012-08-21 01:02:08 +02:00
"the following local file. This key file is automatically updated when the\n"
"sealing key is advanced. It should not be used on multiple hosts.\n"
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
"\n"
"\t%s\n"
"\n"
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
"Please write down the following %ssecret verification key%s. It should be stored\n"
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
"at a safe location and should not be saved locally on disk.\n"
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
"\n\t%s",
ansi_highlight(), ansi_normal(),
Updated formatting for printing the key for FSS (#4165) The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption. Before: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. /var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ``` After: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ```
2016-09-16 16:14:55 +02:00
p,
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
ansi_highlight(), ansi_normal(),
Updated formatting for printing the key for FSS (#4165) The key used to be jammed next to the local file path. Based on the format string on line 1675, I determined that the order of arguments was written incorrectly, and updated the function based on that assumption. Before: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. /var/log/journal/9b47c1a5b339412887a197b7654673a7/fss8f66d6-f0a998-f782d0-1fe522/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ``` After: ``` Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. d53ed4-cc43d6-284e10-8f0324/18fdb8-35a4e900 The sealing key is automatically changed every 15min. ```
2016-09-16 16:14:55 +02:00
ansi_highlight_red());
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
fflush(stderr);
}
for (i = 0; i < seed_size; i++) {
if (i > 0 && i % 3 == 0)
putchar('-');
printf("%02x", ((uint8_t*) seed)[i]);
}
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
util: unify usage of on_tty() in util.c
2012-10-18 23:59:41 +02:00
if (on_tty()) {
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
char tsb[FORMAT_TIMESPAN_MAX], *hn;
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
fprintf(stderr,
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
"%s\n"
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
"The sealing key is automatically changed every %s.\n",
tree-wide: use ansi_highlight() instead of ANSI_HIGHLIGHT where appropriate Let's make sure SYSTEMD_COLORS is honour by more tools
2016-05-30 18:22:16 +02:00
ansi_normal(),
util: make time formatting a bit smarter Instead of outputting "5h 55s 50ms 3us" we'll now output "5h 55.050003s". Also, while outputting the accuracy is configurable. Basically we now try use "dot notation" for all time values > 1min. For >= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and finally 'us'. This should give reasonably values in most cases.
2013-04-04 02:56:56 +02:00
format_timespan(tsb, sizeof(tsb), arg_interval, 0));
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
hn = gethostname_malloc();
if (hn) {
hostname-util: get rid of unused parameter of hostname_cleanup() All users are now setting lowercase=false.
2015-07-28 04:36:36 +02:00
hostname_cleanup(hn);
journal: rearrange QR code output a bit to fi to 80x25 terminals
2012-08-20 22:22:05 +02:00
fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
} else
journal: rearrange QR code output a bit to fi to 80x25 terminals
2012-08-20 22:22:05 +02:00
fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_QRENCODE
journalctl: print QR code only if we are running on an UTF-8 system
2012-09-12 09:23:38 +02:00
/* If this is not an UTF-8 system don't print any QR codes */
util: add is_locale_utf8() journalctl and vconsole-setup both implement utf8 locale detection. Let's have a common function for it. The next patch will add another use.
2012-11-02 17:27:15 +01:00
if (is_locale_utf8()) {
journalctl: print QR code only if we are running on an UTF-8 system
2012-09-12 09:23:38 +02:00
fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
}
journalctl: output FSS key as QR code on generating
2012-08-20 22:02:19 +02:00
#endif
free(hn);
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
}
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
r = 0;
finish:
util: replace close_nointr_nofail() by a more useful safe_close() safe_close() automatically becomes a NOP when a negative fd is passed, and returns -1 unconditionally. This makes it easy to write lines like this: fd = safe_close(fd); Which will close an fd if it is open, and reset the fd variable correctly. By making use of this new scheme we can drop a > 200 lines of code that was required to test for non-negative fds or to reset the closed fd variable afterwards.
2014-03-18 19:22:43 +01:00
safe_close(fd);
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
if (k) {
tree-wide: (void)ify a few unlink() and rmdir() Let's be helpful to static analyzers which care about whether we knowingly ignore return values. We do in these cases, since they are usually part of error paths.
2019-03-27 14:36:36 +01:00
(void) unlink(k);
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
free(k);
}
free(p);
return r;
#else
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
"Forward-secure sealing not available.");
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
#endif
}
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
static int verify(sd_journal *j) {
int r = 0;
Iterator i;
JournalFile *f;
assert(j);
journalctl: add a bit of color to the output
2012-08-21 15:53:48 +02:00
log_show_color(true);
journal: make sd_journal::files a OrderedHashmap Anything that uses hashmap_next() almost certainly cares about the order and needs to be an OrderedHashmap.
2014-08-19 13:38:53 +02:00
ORDERED_HASHMAP_FOREACH(f, j->files, i) {
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
int k;
fix gcc warnings about uninitialized variables like: src/shared/install.c: In function ‘unit_file_lookup_state’: src/shared/install.c:1861:16: warning: ‘r’ may be used uninitialized in this function [-Wmaybe-uninitialized] return r < 0 ? r : state; ^ src/shared/install.c:1796:13: note: ‘r’ was declared here int r; ^
2015-03-27 12:02:49 +01:00
usec_t first = 0, validated = 0, last = 0;
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
build-sys: use #if Y instead of #ifdef Y everywhere The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
2017-10-03 10:41:51 +02:00
#if HAVE_GCRYPT
journal: make libgcrypt dependency optional
2012-08-20 16:51:46 +02:00
if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
journalctl: add a bit of color to the output
2012-08-21 15:53:48 +02:00
log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
journalctl: immeidately terminate on invalid seed
2012-08-16 21:00:34 +02:00
#endif
journalctl: add --verify-seed= switch to specify seed value
2012-08-16 02:14:34 +02:00
journald: always pass first entry timestamp back from journal_file_verify()
2012-09-24 15:02:43 +02:00
k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
journalctl: immeidately terminate on invalid seed
2012-08-16 21:00:34 +02:00
if (k == -EINVAL) {
journal: rework terminology Let's clean up our terminology a bit. New terminology: FSS = Forward Secure Sealing FSPRG = Forward Secure Pseudo-Random Generator FSS is the combination of FSPRG and a HMAC. Sealing = process of adding authentication tags to the journal. Verification = process of checking authentication tags to the journal. Sealing Key = The key used for adding authentication tags to the journal. Verification Key = The key used for checking authentication tags of the journal. Key pair = The pair of Sealing Key and Verification Key Internally, the Sealing Key is the combination of the FSPRG State plus change interval/start time. Internally, the Verification Key is the combination of the FSPRG Seed plus change interval/start time.
2012-08-17 00:45:18 +02:00
/* If the key was invalid give up right-away. */
journalctl: immeidately terminate on invalid seed
2012-08-16 21:00:34 +02:00
return k;
} else if (k < 0) {
tree-wide: remove a number of invocations of strerror() and replace by %m Let's clean up our tree a bit, and reduce invocations of the thread-unsafe strerror() by replacing it with printf()'s %m specifier.
2015-09-30 22:16:17 +02:00
log_warning_errno(k, "FAIL: %s (%m)", f->path);
journalctl: immeidately terminate on invalid seed
2012-08-16 21:00:34 +02:00
r = k;
journal: after verification output validated time range
2012-08-17 03:30:22 +02:00
} else {
char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
log_info("PASS: %s", f->path);
journal: after verification output validated time range
2012-08-17 03:30:22 +02:00
journalctl: be more friendly when informing about seal verification
2012-08-21 23:03:20 +02:00
if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
journald: always pass first entry timestamp back from journal_file_verify()
2012-09-24 15:02:43 +02:00
if (validated > 0) {
journalctl: be more friendly when informing about seal verification
2012-08-21 23:03:20 +02:00
log_info("=> Validated from %s to %s, final %s entries not sealed.",
time: functions named "internal" really shouldn't be exported Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08 22:37:45 +02:00
format_timestamp_maybe_utc(a, sizeof(a), first),
format_timestamp_maybe_utc(b, sizeof(b), validated),
util: make time formatting a bit smarter Instead of outputting "5h 55s 50ms 3us" we'll now output "5h 55.050003s". Also, while outputting the accuracy is configurable. Basically we now try use "dot notation" for all time values > 1min. For >= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and finally 'us'. This should give reasonably values in most cases.
2013-04-04 02:56:56 +02:00
format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
journald: always pass first entry timestamp back from journal_file_verify()
2012-09-24 15:02:43 +02:00
} else if (last > 0)
journalctl: be more friendly when informing about seal verification
2012-08-21 23:03:20 +02:00
log_info("=> No sealing yet, %s of entries not sealed.",
util: make time formatting a bit smarter Instead of outputting "5h 55s 50ms 3us" we'll now output "5h 55.050003s". Also, while outputting the accuracy is configurable. Basically we now try use "dot notation" for all time values > 1min. For >= 1s we use 's' as unit, otherwise for >= 1ms we use 'ms' as unit, and finally 'us'. This should give reasonably values in most cases.
2013-04-04 02:56:56 +02:00
format_timespan(c, sizeof(c), last - first, 0));
journalctl: be more friendly when informing about seal verification
2012-08-21 23:03:20 +02:00
else
log_info("=> No sealing yet, no entries in file.");
}
journal: after verification output validated time range
2012-08-17 03:30:22 +02:00
}
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
}
return r;
}
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
static int simple_varlink_call(const char *option, const char *method) {
_cleanup_(varlink_flush_close_unrefp) Varlink *link = NULL;
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
const char *error, *fn;
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
int r;
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
if (arg_machine)
return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "%s is not supported in conjunction with --machine=.", option);
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
fn = arg_namespace ?
strjoina("/run/systemd/journal.", arg_namespace, "/io.systemd.journal") :
"/run/systemd/journal/io.systemd.journal";
r = varlink_connect_address(&link, fn);
journalctl: add new --sync switch for syncing the journal to disk With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11 12:59:09 +01:00
if (r < 0)
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
return log_error_errno(r, "Failed to connect to %s: %m", fn);
journalctl: improve error messages Follow-up for #12230.
2019-05-10 09:57:59 +02:00
(void) varlink_set_description(link, "journal");
journalctl: make 'journalctl --flush' or friends not fail with varlink timeout Closes #12570.
2019-05-24 15:32:08 +02:00
(void) varlink_set_relative_timeout(link, USEC_INFINITY);
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
r = varlink_call(link, method, NULL, NULL, &error, NULL);
if (r < 0)
journalctl: fix error cause in log message If varlink_call() returns negative errno, then `error` is null.
2019-05-24 15:22:21 +02:00
return log_error_errno(r, "Failed to execute varlink call: %m");
if (error)
return log_error_errno(SYNTHETIC_ERRNO(ENOANO),
"Failed to execute varlink call: %s", error);
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
return 0;
journalctl: add new --flush command and make use of it in systemd-journal-flush.service This new command will ask the journal daemon to flush all log data stored in /run to /var, and wait for it to complete. This is useful, so that in case of Storage=persistent we can order systemd-tmpfiles-setup afterwards, to ensure any possibly newly created directory in /var/log gets proper access mode and owners.
2014-10-23 00:28:17 +02:00
}
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
static int flush_to_var(void) {
return simple_varlink_call("--flush", "io.systemd.Journal.FlushToVar");
journalctl: add new --sync switch for syncing the journal to disk With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11 12:59:09 +01:00
}
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
static int relinquish_var(void) {
journalctl: mention --smart-relinquish-var in log message
2019-05-27 22:17:27 +02:00
return simple_varlink_call("--relinquish-var/--smart-relinquish-var", "io.systemd.Journal.RelinquishVar");
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
}
journalctl: make --rotate synchronous, too Of course, ideally we'd just use normal synchronous bus calls, but this is out of the question as long as we rely on dbus-daemon (which logs to journald, and thus cannot use to avoid cyclic sync loops). Hence, instead, reuse the wait logic already implemented for --sync, and use a signal in one direction, and a mtime watch file for the reply.
2015-11-11 13:56:54 +01:00
static int rotate(void) {
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
return simple_varlink_call("--rotate", "io.systemd.Journal.Rotate");
journalctl: make --rotate synchronous, too Of course, ideally we'd just use normal synchronous bus calls, but this is out of the question as long as we rely on dbus-daemon (which logs to journald, and thus cannot use to avoid cyclic sync loops). Hence, instead, reuse the wait logic already implemented for --sync, and use a signal in one direction, and a mtime watch file for the reply.
2015-11-11 13:56:54 +01:00
}
static int sync_journal(void) {
journalctl: port --flush/--sync/--rotate to use varlink method calls
2019-04-04 19:41:33 +02:00
return simple_varlink_call("--sync", "io.systemd.Journal.Synchronize");
journalctl: make --rotate synchronous, too Of course, ideally we'd just use normal synchronous bus calls, but this is out of the question as long as we rely on dbus-daemon (which logs to journald, and thus cannot use to avoid cyclic sync loops). Hence, instead, reuse the wait logic already implemented for --sync, and use a signal in one direction, and a mtime watch file for the reply.
2015-11-11 13:56:54 +01:00
}
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
static int wait_for_change(sd_journal *j, int poll_fd) {
struct pollfd pollfds[] = {
{ .fd = poll_fd, .events = POLLIN },
{ .fd = STDOUT_FILENO },
};
struct timespec ts;
usec_t timeout;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
int r;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
assert(j);
assert(poll_fd >= 0);
/* Much like sd_journal_wait() but also keeps an eye on STDOUT, and exits as soon as we see a POLLHUP on that,
* i.e. when it is closed. */
r = sd_journal_get_timeout(j, &timeout);
if (r < 0)
return log_error_errno(r, "Failed to determine journal waiting time: %m");
journalctl: do not treat EINTR as an error when waiting for events Fixup for 2a1e0f2228bbdfbc18635e959f47df7da50b62fe. Fixes #10724. Reproducer: start 'journalctl -f' in a terminal window, change window size.
2018-11-11 12:33:06 +01:00
if (ppoll(pollfds, ELEMENTSOF(pollfds),
timeout == USEC_INFINITY ? NULL : timespec_store(&ts, timeout), NULL) < 0) {
if (errno == EINTR)
return 0;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
return log_error_errno(errno, "Couldn't wait for journal event: %m");
journalctl: do not treat EINTR as an error when waiting for events Fixup for 2a1e0f2228bbdfbc18635e959f47df7da50b62fe. Fixes #10724. Reproducer: start 'journalctl -f' in a terminal window, change window size.
2018-11-11 12:33:06 +01:00
}
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
tree-wide: check POLLNVAL everywhere poll() sets POLLNVAL inside of the poll structures if an invalid fd is passed. So far we generally didn't check for that, thus not taking notice of the error. Given that this specific kind of error is generally indication of a programming error, and given that our code is embedded into our projects via NSS or because people link against our library, let's explicitly check for this and convert it to EBADF. (I ran into a busy loop because of this missing check when some of my test code accidentally closed an fd it shouldn't close, so this is a real thing)
2020-06-09 13:40:25 +02:00
if (pollfds[1].revents & (POLLHUP|POLLERR|POLLNVAL)) /* STDOUT has been closed? */
coccinelle: make use of SYNTHETIC_ERRNO Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
2018-11-20 23:40:44 +01:00
return log_debug_errno(SYNTHETIC_ERRNO(ECANCELED),
"Standard output has been closed.");
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
tree-wide: check POLLNVAL everywhere poll() sets POLLNVAL inside of the poll structures if an invalid fd is passed. So far we generally didn't check for that, thus not taking notice of the error. Given that this specific kind of error is generally indication of a programming error, and given that our code is embedded into our projects via NSS or because people link against our library, let's explicitly check for this and convert it to EBADF. (I ran into a busy loop because of this missing check when some of my test code accidentally closed an fd it shouldn't close, so this is a real thing)
2020-06-09 13:40:25 +02:00
if (pollfds[0].revents & POLLNVAL)
return log_debug_errno(SYNTHETIC_ERRNO(EBADF), "Change fd closed?");
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
r = sd_journal_process(j);
if (r < 0)
return log_error_errno(r, "Failed to process journal events: %m");
return 0;
}
int main(int argc, char *argv[]) {
bool previous_boot_id_valid = false, first_line = true, ellipsized = false, need_seek = false;
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
bool use_cursor = false, after_cursor = false;
tree-wide: expose "p"-suffix unref calls in public APIs to make gcc cleanup easy GLIB has recently started to officially support the gcc cleanup attribute in its public API, hence let's do the same for our APIs. With this patch we'll define an xyz_unrefp() call for each public xyz_unref() call, to make it easy to use inside a __attribute__((cleanup())) expression. Then, all code is ported over to make use of this. The new calls are also documented in the man pages, with examples how to use them (well, I only added docs where the _unref() call itself already had docs, and the examples, only cover sd_bus_unrefp() and sd_event_unrefp()). This also renames sd_lldp_free() to sd_lldp_unref(), since that's how we tend to call our destructors these days. Note that this defines no public macro that wraps gcc's attribute and makes it easier to use. While I think it's our duty in the library to make our stuff easy to use, I figure it's not our duty to make gcc's own features easy to use on its own. Most likely, client code which wants to make use of this should define its own: #define _cleanup_(function) __attribute__((cleanup(function))) Or similar, to make the gcc feature easier to use. Making this logic public has the benefit that we can remove three header files whose only purpose was to define these functions internally. See #2008.
2015-11-27 19:13:45 +01:00
_cleanup_(sd_journal_closep) sd_journal *j = NULL;
journalctl: add a marker to log output for reboots With this we'll print a marker "----- Reboot -----" between two subsequent lines with different boot IDs.
2012-07-11 01:36:55 +02:00
sd_id128_t previous_boot_id;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
int n_shown = 0, r, poll_fd = -1;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
enable localization for common *ctl commands
2012-11-12 20:16:07 +01:00
setlocale(LC_ALL, "");
log: introduce log_parse_environment_cli() and log_setup_cli() Presently, CLI utilities such as systemctl will check whether they have a tty attached or not to decide whether to parse /proc/cmdline or EFI variable SystemdOptions looking for systemd.log_* entries. But this check will be misleading if these tools are being launched by a daemon, such as a monitoring daemon or automation service that runs in background. Make log handling of CLI tools uniform by never checking /proc/cmdline or EFI variables to determine the logging level. Furthermore, introduce a new log_setup_cli() shortcut to set up common options used by most command-line utilities.
2020-06-17 21:17:54 +02:00
log_setup_cli();
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
tree-wide: uniformly bump RLIMIT_NOFILE in all our tools that access the journal This makes use of rlimit_nofile_bump() in all tools that access the journal. In some cases this replaces older code to achieve this, and others we add it in where it was missing.
2018-10-01 17:44:46 +02:00
/* Increase max number of open files if we can, we might needs this when browsing journal files, which might be
* split up into many files. */
(void) rlimit_nofile_bump(HIGH_RLIMIT_NOFILE);
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
r = parse_argv(argc, argv);
if (r <= 0)
goto finish;
util: unify line caching and column caching
2012-10-19 00:06:47 +02:00
signal(SIGWINCH, columns_lines_cache_reset);
journal: install sigbus handler for journal tools too This makes them robust regarding truncation. Ideally, we'd export this as an API, but given how messy SIGBUS handling is, and the uncertain ownership logic of signal handlers we should not do this (unless libc one day invents a scheme how to sanely install SIGBUS handlers for specific memory areas only). However, for now we can still make all our own tools robust. Note that external tools will only have read-access to the journal anyway, where SIGBUS is much more unlikely, given that only writes are subject to disk full problems.
2015-01-05 00:52:47 +01:00
sigbus_install();
util: unify line caching and column caching
2012-10-19 00:06:47 +02:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
switch (arg_action) {
journalctl: add new --sync switch for syncing the journal to disk With this new "--sync" switch we add a synchronous way to sync everything queued to disk, and return only after that's complete. This command gives the guarantee that anything queued before has hit the disk before the command returns. While we are at it, also improve the man pages and help text for journalctl a bit.
2015-11-11 12:59:09 +01:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_NEW_ID128:
id128: add new "-u" switch for outputting Ids in UUID format For some unrelated stuff I wanted the machine ID in UUID format, and it was annoying doing that manually. So let's add a switch for this, so that this works: systemd-id128 machine-id -u
2019-11-15 19:02:55 +01:00
r = id128_print_new(ID128_PRINT_PRETTY);
journalctl: add --rotate option shortcut for `systemctl kill --kill-who main --signal SIGUSR2 systemd-journald`
2015-09-30 21:54:58 +02:00
goto finish;
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_SETUP_KEYS:
journald: initial version of FSPRG hookup This adds forward-secure authentication of journal files. This patch includes key generation as well as tagging of journal files, Verification of journal files will be added in a later patch.
2012-08-13 20:31:10 +02:00
r = setup_keys();
goto finish;
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_LIST_CATALOG:
case ACTION_DUMP_CATALOG:
case ACTION_UPDATE_CATALOG: {
Add utility function to append root to path
2014-07-26 20:47:31 +02:00
_cleanup_free_ char *database;
path-util: allow NULLs in arguments to path_join() This removes the need to remember to put strempty() in places, thus reducing the likelihood of a stupid mistake.
2018-11-30 11:06:24 +01:00
database = path_join(arg_root, CATALOG_DATABASE);
Add utility function to append root to path
2014-07-26 20:47:31 +02:00
if (!database) {
r = log_oom();
goto finish;
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
}
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
if (arg_action == ACTION_UPDATE_CATALOG) {
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
r = catalog_update(database, arg_root, catalog_file_dirs);
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
if (r < 0)
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to list catalog: %m");
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
} else {
bool oneline = arg_action == ACTION_LIST_CATALOG;
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
if (optind < argc)
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
r = catalog_list_items(stdout, database, oneline, argv + optind);
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
else
journalctl: support --root for message catalogs
2013-03-29 02:44:00 +01:00
r = catalog_list(stdout, database, oneline);
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
if (r < 0)
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to list catalog: %m");
catalog: open up catalog internals In order to write tests for the catalog functions, they are made non-static and start taking a 'database' parameter, which is the name of a file with the preprocessed catalog entries. This makes it possible to make test-catalog part of the normal test suite, since it now only operates on files in /tmp. Some more tests are added.
2013-03-29 01:17:24 +01:00
}
journal: implement message catalog The message catalog can be used to attach short help texts to log lines, keyed by their MESSAGE_ID= fields. This is useful to help the administrator understand the context and cause of a message, find possible solutions and find further related documentation. Since this is keyed off MESSAGE_ID= this will only work for native journal messages. The message catalog supports i18n, and is useful to augment english language system messages with explanations in the local language. This commit only includes short explanatory messages for a few example message IDs, we'll add more complete documentation for the relevant systemd messages later on.
2012-11-15 23:03:31 +01:00
goto finish;
}
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_FLUSH:
r = flush_to_var();
goto finish;
journalctl: add new --relinquish and --smart-relinquish options The latter is identical to the former, but becomes a NOP if /var/log/journal is on the same mount as /, and thus during shutdown unmounting /var is not necessary and hence we can keep logging until the very end.
2019-04-05 18:21:02 +02:00
case ACTION_RELINQUISH_VAR:
r = relinquish_var();
goto finish;
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_SYNC:
r = sync_journal();
goto finish;
case ACTION_ROTATE:
r = rotate();
goto finish;
case ACTION_SHOW:
case ACTION_PRINT_HEADER:
case ACTION_VERIFY:
case ACTION_DISK_USAGE:
case ACTION_LIST_BOOTS:
case ACTION_VACUUM:
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
case ACTION_ROTATE_AND_VACUUM:
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
case ACTION_LIST_FIELDS:
case ACTION_LIST_FIELD_NAMES:
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
/* These ones require access to the journal files, continue below. */
break;
default:
assert_not_reached("Unknown action");
}
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
if (arg_directory)
journalctl: add --system/--user flags --user basically gives messages from your own systemd --user services. --system basically gives messages from PID 1, kernel, and --system services. Those two options are not exahustive, because a priviledged user might be able to see messages from other users, and they will not be shown with either or both of those flags.
2013-06-05 01:33:34 +02:00
r = sd_journal_open_directory(&j, arg_directory, arg_journal_type);
journalctl: allow --root argument for journal watching It is useful to look at a (possibly inactive) container or other os tree with --root=/path/to/container. This is similar to specifying --directory=/path/to/container/var/log/journal --directory=/path/to/container/run/systemd/journal (if using --directory multiple times was allowed), but doesn't require as much typing.
2016-08-12 06:34:45 +02:00
else if (arg_root)
r = sd_journal_open_directory(&j, arg_root, arg_journal_type | SD_JOURNAL_OS_ROOT);
journalctl: use an anonymous array when an array is needed I am pretty sure this makes things more readable, since the expected argument here is actually an array.
2019-11-26 11:24:33 +01:00
else if (arg_file_stdin)
r = sd_journal_open_files_fd(&j, (int[]) { STDIN_FILENO }, 1, 0);
else if (arg_file)
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
r = sd_journal_open_files(&j, (const char**) arg_file, 0);
journalctl: port --machine= switch to use machined's OpenMachineRootDirectory() This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: #49
2016-04-25 11:21:46 +02:00
else if (arg_machine) {
_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
_cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int fd;
if (geteuid() != 0) {
/* The file descriptor returned by OpenMachineRootDirectory() will be owned by users/groups of
* the container, thus we need root privileges to override them. */
journalctl: use log_error_errno() wherever we can
2019-11-25 18:42:52 +01:00
r = log_error_errno(SYNTHETIC_ERRNO(EPERM), "Using the --machine= switch requires root privileges.");
journalctl: port --machine= switch to use machined's OpenMachineRootDirectory() This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: #49
2016-04-25 11:21:46 +02:00
goto finish;
}
r = sd_bus_open_system(&bus);
if (r < 0) {
log_error_errno(r, "Failed to open system bus: %m");
goto finish;
}
r = sd_bus_call_method(
bus,
"org.freedesktop.machine1",
"/org/freedesktop/machine1",
"org.freedesktop.machine1.Manager",
"OpenMachineRootDirectory",
&error,
&reply,
"s", arg_machine);
if (r < 0) {
log_error_errno(r, "Failed to open root directory: %s", bus_error_message(&error, r));
goto finish;
}
r = sd_bus_message_read(reply, "h", &fd);
if (r < 0) {
bus_log_parse_error(r);
goto finish;
}
fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
if (fd < 0) {
r = log_error_errno(errno, "Failed to duplicate file descriptor: %m");
goto finish;
}
r = sd_journal_open_directory_fd(&j, fd, SD_JOURNAL_OS_ROOT);
if (r < 0)
safe_close(fd);
} else
journalctl: add new --namespace= switch for showing logs for namespace
2019-11-25 18:49:52 +01:00
r = sd_journal_open_namespace(
&j,
arg_namespace,
(arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY) |
arg_namespace_flags | arg_journal_type);
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
if (r < 0) {
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
log_error_errno(r, "Failed to open %s: %m", arg_directory ?: arg_file ? "files" : "journal");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
}
journalctl: improve hint about lack of access for --user-unit=... When running journalctl --user-unit=foo as an unprivileged user we could get the usual hint: Hint: You are currently not seeing messages from the system and other users. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. ... But with --user-unit our filter is: (((_UID=0 OR _UID=1000) AND OBJECT_SYSTEMD_USER_UNIT=foo.service) OR ((_UID=0 OR _UID=1000) AND COREDUMP_USER_UNIT=foo.service) OR (_UID=1000 AND USER_UNIT=foo.service) OR (_UID=1000 AND _SYSTEMD_USER_UNIT=foo.service)) so we would never see messages from other users. We could still see messages from the system. In fact, on my machine the only messages with OBJECT_SYSTEMD_USER_UNIT= are from the system: journalctl $(journalctl -F OBJECT_SYSTEMD_USER_UNIT|sed 's/.*/OBJECT_SYSTEMD_USER_UNIT=\0/') Thus, a more correct hint is that we cannot see messages from the system. Make it so. Fixes #7887.
2018-02-19 22:40:26 +01:00
r = journal_access_check_and_warn(j, arg_quiet,
!(arg_journal_type == SD_JOURNAL_CURRENT_USER || arg_user_units));
journalctl: be smarter about journal error checks There are many ways in which we can get those checks wrong, so it is better to warn and then error out on a real access failure. The error messages are wrapped to <80 lines, because their primary use is to be displayed in the terminal, and it is easier to read them this way. Reading them in the journal can be a bit trickier, but this is a bug in logs-show.c.
2013-03-11 23:03:13 +01:00
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: be smarter about journal error checks There are many ways in which we can get those checks wrong, so it is better to warn and then error out on a real access failure. The error messages are wrapped to <80 lines, because their primary use is to be displayed in the terminal, and it is easier to read them this way. Reading them in the journal can be a bit trickier, but this is a bug in logs-show.c.
2013-03-11 23:03:13 +01:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
switch (arg_action) {
journal: implement basic journal file verification logic
2012-08-15 01:54:09 +02:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_NEW_ID128:
case ACTION_SETUP_KEYS:
case ACTION_LIST_CATALOG:
case ACTION_DUMP_CATALOG:
case ACTION_UPDATE_CATALOG:
case ACTION_FLUSH:
case ACTION_SYNC:
case ACTION_ROTATE:
assert_not_reached("Unexpected action.");
case ACTION_PRINT_HEADER:
journal: automatically rotate journal files if the data hash table is full > 75% Previously, when the main data hash table grows too full the performance simply started to decrease drastically. Instead, now simply rotate to a new journal file as the hash table gets to full, so that we can start with a new fresh empty hash table.
2012-07-16 22:24:02 +02:00
journal_print_header(j);
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
r = 0;
goto finish;
journal: automatically rotate journal files if the data hash table is full > 75% Previously, when the main data hash table grows too full the performance simply started to decrease drastically. Instead, now simply rotate to a new journal file as the hash table gets to full, so that we can start with a new fresh empty hash table.
2012-07-16 22:24:02 +02:00
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_VERIFY:
r = verify(j);
goto finish;
case ACTION_DISK_USAGE: {
make gcc shut up If -flto is used then gcc will generate a lot more warnings than before, among them a number of use-without-initialization warnings. Most of them without are false positives, but let's make them go away, because it doesn't really matter.
2014-02-19 17:47:11 +01:00
uint64_t bytes = 0;
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
char sbytes[FORMAT_BYTES_MAX];
r = sd_journal_get_usage(j, &bytes);
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
journalctl: don't claim the journal was stored on disk Let's just say that the journal takes up space in the file system, not on disk, as tmpfs is definitely a file system, but not a disk. Fixes: #4059
2016-10-12 20:20:53 +02:00
printf("Archived and active journals take up %s in the file system.\n",
journal,shared: add _cleanup_journal_close_
2013-03-18 04:36:25 +01:00
format_bytes(sbytes, sizeof(sbytes), bytes));
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: add call to determine current journal file disk usage
2012-09-07 23:20:28 +02:00
}
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_LIST_BOOTS:
r = list_boots(j);
goto finish;
journalctl: add ability to vacuum and rotate in one step journalctl --vacuum-*= only vacuums archived files. To archive all active files the rotate operation is used. Let's add a new switch that combines both, so that the user a single command to first move all running journal files into archival and then vacuum them. See: #1017
2018-10-25 18:36:56 +02:00
case ACTION_ROTATE_AND_VACUUM:
r = rotate();
if (r < 0)
goto finish;
_fallthrough_;
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_VACUUM: {
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
Directory *d;
Iterator i;
HASHMAP_FOREACH(d, j->directories_by_path, i) {
int q;
journalctl: honor --quiet when vacuuming (#6771) 'journalctl --vacuum-*' does not suppress output message with --quiet. Let journal_directory_vacuum honors --quiet to fix the problem. BugLink: https://bugs.launchpad.net/bugs/1692188
2017-09-08 14:25:44 +02:00
q = journal_directory_vacuum(d->path, arg_vacuum_size, arg_vacuum_n_files, arg_vacuum_time, NULL, !arg_quiet);
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
if (q < 0) {
journal: rework vacuuming logic Implement a maximum limit on number of journal files to keep around. Enforcing a limit is useful on this since our performance when viewing pays a heavy penalty for each journal file to interleve. This setting is turned on now by default, and set to 100. Also, actully implement what 348ced909724a1331b85d57aede80a102a00e428 promised: use whatever we find on disk at startup as lower bound on how much disk space we can use. That commit introduced some provisions to implement this, but actually never did. This also adds "journalctl --vacuum-files=" to vacuum files on disk by their number explicitly.
2015-10-02 23:21:59 +02:00
log_error_errno(q, "Failed to vacuum %s: %m", d->path);
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
r = q;
}
}
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add new --vacuum-size= and --vacuum-time= commands to clean up journal files based on a size/time limit This is equivalent to the effect of SystemMaxUse= and RetentionSec=, however can be invoked directly instead of implicitly.
2014-11-03 23:08:33 +01:00
}
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
case ACTION_LIST_FIELD_NAMES: {
const char *field;
SD_JOURNAL_FOREACH_FIELD(j, field) {
printf("%s\n", field);
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
n_shown++;
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
}
r = 0;
goto finish;
}
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
case ACTION_SHOW:
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
case ACTION_LIST_FIELDS:
journalctl: change repeated if checks into switch blocks No functional changes.
2015-11-11 16:21:30 +01:00
break;
default:
assert_not_reached("Unknown action");
journalctl: add --list-boots to show boot IDs and times Suggested by David Wilkins <dwilkins@maths.tcd.ie> in https://bugzilla.redhat.com/show_bug.cgi?id=967521: > [Specific boot ID is a] bit of a palaver to obtain. I consulted the > verbose dump of the journal to discover the _BOOT_ID for the > timestamp, and then generated the journal dump for that boot using > journalctl _BOOT_ID=foo -o short-monotonic.
2013-10-29 04:43:57 +01:00
}
journalctl: show friendly info when using -b on runtime journal only Make it clear that specifing boot when there is actually only one has no effect. This cosmetic patch improves user experience a bit.
2016-02-01 09:25:22 +01:00
if (arg_boot_offset != 0 &&
sd_journal_has_runtime_files(j) > 0 &&
sd_journal_has_persistent_files(j) == 0) {
journalctl: improve wording in an errors message Fixes: #4660
2016-12-06 19:34:18 +01:00
log_info("Specifying boot ID or boot offset has no effect, no persistent journal was found.");
journalctl: show friendly info when using -b on runtime journal only Make it clear that specifing boot when there is actually only one has no effect. This cosmetic patch improves user experience a bit.
2016-02-01 09:25:22 +01:00
r = 0;
goto finish;
}
journalctl: Add support for showing messages from a previous boot Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-06-28 17:26:30 +02:00
/* add_boot() must be called first!
* It may need to seek the journal to find parent boot IDs. */
r = add_boot(j);
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
r = add_dmesg(j);
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add -k/--dmesg
2013-05-15 05:08:00 +02:00
journalctl: specify "--unit=" and "--user-unit" multiple times Previously only one "--unit=" or "--user-unit" could be specified. With this patch, journalcrtl can show multiple units. $ journalctl -u systemd-udevd.service -u sshd.service -u crond.service -b -- Logs begin at Sa 2013-03-23 11:08:45 CET, end at Fr 2013-04-12 09:10:22 CEST. -- Apr 12 08:41:37 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:37 lenovo systemd[1]: Stopped udev Kernel Device Manager. Apr 12 08:41:38 lenovo systemd[1]: Started udev Kernel Device Manager. Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (Syslog will be used instead of sendmail.) Apr 12 08:41:38 lenovo crond[291]: (CRON) INFO (running with inotify support) Apr 12 08:41:39 lenovo systemd[1]: Starting OpenSSH server daemon... Apr 12 08:41:39 lenovo systemd[1]: Started OpenSSH server daemon. Apr 12 08:41:39 lenovo sshd[355]: Server listening on 0.0.0.0 port 22. Apr 12 08:41:39 lenovo sshd[355]: Server listening on :: port 22. Apr 12 08:41:39 lenovo mtp-probe[373]: checking bus 1, device 8: "/sys/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.5/1-1.5.6/1-1.5.6.2/1-1.5.6.2.1"
2013-04-12 09:14:43 +02:00
r = add_units(j);
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to add filter for units: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: allow globbing in --unit and --user-unit This is a continuation of e3e0314b systemctl: allow globbing in commands which take multiple unit names. Multiple patterns can be specified, as separate arguments, or as one argument with patterns seperated by commas. If patterns are given, at least one unit must be matched (by any of the patterns). This is different behaviour than systemctl, but here it is necessary because otherwise anything would be matched, which is unlikely to be the intended behaviour. https://bugs.freedesktop.org/show_bug.cgi?id=59336
2013-12-29 01:47:36 +01:00
}
journalctl: add --unit=/-u to match by unit name This applies unit_name_mangle() to the specified unit names and hence can handle weird characters nicely and will add unit suffixes as necessary.
2012-10-16 02:59:27 +02:00
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
r = add_syslog_identifier(j);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to add filter for syslog identifiers: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add "-t --identifier=STRING" option This turns journalctl to the counterpart of systemd-cat. Messages sent with systemd-cat --identifier foo --prioritiy debug can now be shown with journalctl --identifier foo --prioritiy debug "--identifier" is not merged with "--unit" to make a clear distinction between syslog and systemd units. syslog identifiers can be chosen freely by anyone.
2014-08-19 11:27:34 +02:00
}
journal: add one more level on top with AND When using "-p" and "-b" in combination with "-u", the output is not what you would expect. The reason is the sd_journal_add_disjunction() call in add_matches_for_unit() and add_matches_for_user_unit(), which adds two ORs without taking the other conditions to every OR. Adding another level on top with AND and sd_journal_add_conjunction() solves the problem. Output before: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Reboot -- [ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon... -- Reboot -- [ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon... [ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon. [36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon... [ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon. [ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22. As we see, the output is from _every_ boot and priority 0 is not taken into account. Output after patch: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. -- Increasing the priority: $ journalctl -o short-monotonic -ab -p 6 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
2013-04-11 15:27:55 +02:00
r = add_priorities(j);
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: rework directory enumeration/watch logic There's now sd_journal_new_directory() for watching specific journal directories. This is exposed in journalctl -D. sd_journal_wait() and sd_journal_process() now return whether changes in the journal are invalidating or just appending. We now create inotify kernel watches only when we actually need them
2012-07-11 01:08:38 +02:00
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
r = add_facilities(j);
if (r < 0)
goto finish;
journal: add one more level on top with AND When using "-p" and "-b" in combination with "-u", the output is not what you would expect. The reason is the sd_journal_add_disjunction() call in add_matches_for_unit() and add_matches_for_user_unit(), which adds two ORs without taking the other conditions to every OR. Adding another level on top with AND and sd_journal_add_conjunction() solves the problem. Output before: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Reboot -- [ 3.216305] lenovo systemd[1]: Starting OpenSSH server daemon... -- Reboot -- [ 3.168666] lenovo systemd[1]: Starting OpenSSH server daemon... [ 3.169639] lenovo systemd[1]: Started OpenSSH server daemon. [36285.635389] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 10.838657] lenovo systemd[1]: Starting OpenSSH server daemon... [ 10.913698] lenovo systemd[1]: Started OpenSSH server daemon. [ 6881.035183] lenovo systemd[1]: Stopped OpenSSH server daemon. -- Reboot -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22. As we see, the output is from _every_ boot and priority 0 is not taken into account. Output after patch: $ journalctl -o short-monotonic -ab -p 0 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:58:21 CET. -- Increasing the priority: $ journalctl -o short-monotonic -ab -p 6 -u sshd.service -- Logs begin at Sun 2013-02-24 20:54:44 CET, end at Tue 2013-03-19 14:59:12 CET. -- [ 6.636228] lenovo systemd[1]: Starting OpenSSH server daemon... [ 6.662573] lenovo systemd[1]: Started OpenSSH server daemon. [ 6.681148] lenovo sshd[397]: Server listening on 0.0.0.0 port 22. [ 6.681379] lenovo sshd[397]: Server listening on :: port 22.
2013-04-11 15:27:55 +02:00
r = add_matches(j, argv + optind);
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
if (r < 0)
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add --priority= switch for filtering by priority
2012-07-27 10:31:33 +02:00
tree-wide: add DEBUG_LOGGING macro that checks whether debug logging is on (#7645) This makes things a bit easier to read I think, and also makes sure we always use the _unlikely_ wrapper around it, which so far we used sometimes and other times we didn't. Let's clean that up.
2017-12-15 11:09:00 +01:00
if (DEBUG_LOGGING) {
journalctl,systemctl: fix tiny memleak
2013-07-16 20:45:28 +02:00
_cleanup_free_ char *filter;
filter = journal_make_match_string(j);
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
if (!filter)
return log_oom();
journalctl,systemctl: fix tiny memleak
2013-07-16 20:45:28 +02:00
log_debug("Journal filter: %s", filter);
}
journalctl: allow --lines=0 i.e. only new Makes it easier to watch just for new entries. Once scenario is where the user starts 'journalctl -qfn0' to watch for changes during some operation.
2013-01-28 05:53:52 +01:00
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
if (arg_action == ACTION_LIST_FIELDS) {
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
const void *data;
size_t size;
journalctl: add new --fields switch to dump all currently used field names Fixes #2176
2016-01-27 19:01:42 +01:00
assert(arg_field);
journalctl: show fields requested with --field in full I see little point in silently truncating fields when they are explictly requested. With this change e.g. journalctl -b MESSAGE_ID=9f26aa562cf440c2b16c773d0479b518 --field=BOOTCHART works as expected.
2013-04-17 05:07:45 +02:00
r = sd_journal_set_data_threshold(j, 0);
if (r < 0) {
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
log_error_errno(r, "Failed to unset data size threshold: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: show fields requested with --field in full I see little point in silently truncating fields when they are explictly requested. With this change e.g. journalctl -b MESSAGE_ID=9f26aa562cf440c2b16c773d0479b518 --field=BOOTCHART works as expected.
2013-04-17 05:07:45 +02:00
}
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
r = sd_journal_query_unique(j, arg_field);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to query unique data objects: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
}
SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
const void *eq;
journalctl: allow --lines=0 i.e. only new Makes it easier to watch just for new entries. Once scenario is where the user starts 'journalctl -qfn0' to watch for changes during some operation.
2013-01-28 05:53:52 +01:00
if (arg_lines >= 0 && n_shown >= arg_lines)
journalctl: honour -n if -F is used
2012-10-18 22:55:12 +02:00
break;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
eq = memchr(data, '=', size);
if (eq)
printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
else
printf("%.*s\n", (int) size, (const char*) data);
journalctl: honour -n if -F is used
2012-10-18 22:55:12 +02:00
tree-wide: make ++/-- usage consistent WRT spacing Throughout the tree there's spurious use of spaces separating ++ and -- operators from their respective operands. Make ++ and -- operator consistent with the majority of existing uses; discard the spaces.
2016-02-23 05:32:04 +01:00
n_shown++;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
}
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
r = 0;
goto finish;
journalctl: implement quering field values with new -F switch Example: journalctl -F _SYSTEMD_UNIT will list all units that ever logged to the journal.
2012-10-18 03:33:44 +02:00
}
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
/* Opening the fd now means the first sd_journal_wait() will actually wait */
if (arg_follow) {
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
poll_fd = sd_journal_get_fd(j);
if (poll_fd == -EMFILE) {
codespell: fix spelling errors
2019-04-27 02:22:40 +02:00
log_warning_errno(poll_fd, "Insufficient watch descriptors available. Reverting to -n.");
journalctl: handle inotify exhaustion nicer Instead of failing, log that inotify wds are exhausted and fallback to -n switch. Fixes #1296.
2018-06-19 22:56:36 +02:00
arg_follow = false;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
} else if (poll_fd == -EMEDIUMTYPE) {
log_error_errno(poll_fd, "The --follow switch is not supported in conjunction with reading from STDIN.");
sd-journal: add API for opening journal files or directories by fd Also, expose this via the "journalctl --file=-" syntax for STDIN. This feature remains undocumented though, as it is probably not too useful in real-life as this still requires fds that support mmaping and seeking, i.e. does not work for pipes, for which reading from STDIN is most commonly used.
2016-04-25 00:31:24 +02:00
goto finish;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
} else if (poll_fd < 0) {
log_error_errno(poll_fd, "Failed to get journal fd: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: clean up how we log errors All functions should either log the errors they run into, or only return them in which case the caller should log them. Make sure this rule is followed, so that each error is logged precisely once, and neither never, nor more than once.
2015-05-19 00:25:45 +02:00
}
journalctl: allow the user to specify the file(s) to use This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-06 01:30:17 +02:00
}
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
if (arg_cursor || arg_after_cursor || arg_cursor_file) {
_cleanup_free_ char *cursor_from_file = NULL;
const char *cursor = arg_cursor ?: arg_after_cursor;
if (arg_cursor_file) {
r = read_one_line_file(arg_cursor_file, &cursor_from_file);
if (r < 0 && r != -ENOENT) {
log_error_errno(r, "Failed to read cursor file %s: %m", arg_cursor_file);
goto finish;
}
if (r > 0) {
cursor = cursor_from_file;
after_cursor = true;
}
} else
after_cursor = !!arg_after_cursor;
if (cursor) {
r = sd_journal_seek_cursor(j, cursor);
if (r < 0) {
log_error_errno(r, "Failed to seek to cursor: %m");
goto finish;
}
use_cursor = true;
journal: expose and make use of cutoff times of journal This helps explaining when the log output of "systemctl status" is incomplete because the logs got rotated since the service was started.
2012-06-09 10:32:38 +02:00
}
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
}
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
if (use_cursor) {
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
if (!arg_reverse)
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
r = sd_journal_next_skip(j, 1 + after_cursor);
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
else
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
r = sd_journal_previous_skip(j, 1 + after_cursor);
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
journalctl: New option --cursor-file The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
2019-02-12 00:19:13 +01:00
if (after_cursor && r < 2) {
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
/* We couldn't find the next entry after the cursor. */
journalctl: respect --after-cursor semantics with --follow in all cases In the case where no entries have been added to the journal after the specified cursor, set need_seek before the main loop to prevent display of the entry at said cursor.
2014-12-01 08:27:00 +01:00
if (arg_follow)
need_seek = true;
else
arg_lines = 0;
}
journal: expose and make use of cutoff times of journal This helps explaining when the log output of "systemctl status" is incomplete because the logs got rotated since the service was started.
2012-06-09 10:32:38 +02:00
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
} else if (arg_since_set && !arg_reverse) {
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
r = sd_journal_seek_realtime_usec(j, arg_since);
journalctl: add --cursor switch
2012-09-27 23:25:23 +02:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to seek to date: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add --cursor switch
2012-09-27 23:25:23 +02:00
}
r = sd_journal_next(j);
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
} else if (arg_until_set && arg_reverse) {
r = sd_journal_seek_realtime_usec(j, arg_until);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to seek to date: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
}
r = sd_journal_previous(j);
journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)
2020-01-13 10:26:58 +01:00
} else if (arg_reverse) {
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
r = sd_journal_seek_tail(j);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to seek to tail: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
}
journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)
2020-01-13 10:26:58 +01:00
r = sd_journal_previous(j);
journalctl: add --cursor switch
2012-09-27 23:25:23 +02:00
journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)
2020-01-13 10:26:58 +01:00
} else if (arg_lines >= 0) {
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
r = sd_journal_seek_tail(j);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to seek to tail: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
}
journalctl: Correctly handle combination of --reverse and --lines (fixes #1596)
2020-01-13 10:26:58 +01:00
r = sd_journal_previous_skip(j, arg_lines);
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
} else {
r = sd_journal_seek_head(j);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to seek to head: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journalctl: add -n switch
2012-01-04 02:14:42 +01:00
}
journalctl: fix counting of -n parameter
2012-01-04 04:00:14 +01:00
r = sd_journal_next(j);
}
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to iterate through journal: %m");
journalctl: only have a single exit path from main() That way we can be sure we execute the destructors properly, and can be valgrind-clean.
2015-05-18 23:50:34 +02:00
goto finish;
journal: implement inotify-based live logging logic
2011-12-19 22:35:46 +01:00
}
journalctl: honor --show-cursor in more sitatuations Try to honor --show-cursor in more situations by never terminating early when we didn't read any logs. In particular, sd_journal_previous_skip() now returns 0 when it didn't actually skip anything (for example with --lines=0), which resulted in --show-cursor not working anymore.
2017-05-11 22:39:23 +02:00
if (r == 0)
need_seek = true;
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
journal: pipe journalctl help output into a pager journalctl help output might run off the screen, so be consistent as other systemd tools do and pipe it into a pager.
2013-12-12 00:22:48 +01:00
if (!arg_follow)
basic/pager: convert the pager options to a flags argument Pretty much everything uses just the first argument, and this doesn't make this common pattern more complicated, but makes it simpler to pass multiple options.
2018-11-11 12:56:29 +01:00
(void) pager_open(arg_pager_flags);
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
journalctl: honor --show-cursor in more sitatuations Try to honor --show-cursor in more situations by never terminating early when we didn't read any logs. In particular, sd_journal_previous_skip() now returns 0 when it didn't actually skip anything (for example with --lines=0), which resulted in --show-cursor not working anymore.
2017-05-11 22:39:23 +02:00
if (!arg_quiet && (arg_lines != 0 || arg_follow)) {
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
usec_t start, end;
char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to get cutoff: %m");
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
goto finish;
}
if (r > 0) {
if (arg_follow)
journalctl: harmonise in-stream comments From now on, always use ANSI-SQL-style comments in log streams, i.e. prefix with --. We also suffix things with this, just to be nice...
2012-10-16 01:09:09 +02:00
printf("-- Logs begin at %s. --\n",
time: functions named "internal" really shouldn't be exported Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08 22:37:45 +02:00
format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start));
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
else
journalctl: harmonise in-stream comments From now on, always use ANSI-SQL-style comments in log streams, i.e. prefix with --. We also suffix things with this, just to be nice...
2012-10-16 01:09:09 +02:00
printf("-- Logs begin at %s, end at %s. --\n",
time: functions named "internal" really shouldn't be exported Also, let's try to make function names descriptive, instead of using bools for flags.
2014-10-08 22:37:45 +02:00
format_timestamp_maybe_utc(start_buf, sizeof(start_buf), start),
format_timestamp_maybe_utc(end_buf, sizeof(end_buf), end));
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
}
}
journal: implement inotify-based live logging logic
2011-12-19 22:35:46 +01:00
for (;;) {
journalctl: allow --lines=0 i.e. only new Makes it easier to watch just for new entries. Once scenario is where the user starts 'journalctl -qfn0' to watch for changes during some operation.
2013-01-28 05:53:52 +01:00
while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
int flags;
journalctl: add highlighting for matched substring Red is used for highligting, the same as grep does. Except when the line is highlighted red already, because it has high priority, in which case plain ansi highlight is used for the matched substring. Coloring is implemented for short and cat outputs, and not for other types. I guess we could also add it for verbose output in the future.
2018-01-27 13:00:09 +01:00
size_t highlight[2] = {};
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
journalctl: fix counting of -n parameter
2012-01-04 04:00:14 +01:00
if (need_seek) {
libsystemd-journal: return 0 on success in get_data() The man page says so. Right now 0 would be returned if the data was encrypted, 1 otherwise.
2013-03-07 06:40:30 +01:00
if (!arg_reverse)
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
r = sd_journal_next(j);
else
r = sd_journal_previous(j);
journalctl: fix counting of -n parameter
2012-01-04 04:00:14 +01:00
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to iterate through journal: %m");
journalctl: fix counting of -n parameter
2012-01-04 04:00:14 +01:00
goto finish;
}
journalctl: fix verbose output when no logs are found $ journalctl -o verbose _EXE=/quiet/binary -f -- Logs begin at Sun 2013-03-17 17:28:22 EDT. -- Failed to get realtime timestamp: Cannot assign requested address JOURNAL_FOREACH_DATA_RETVAL is added, which allows the caller to get the return value from sd_journal_enumerate_data. I think we might want to expose this macro like SD_JOURNAL_FOREACH_DATA, but for now it is in journal-internal.h. There's a change in behaviour for output_*, not only in output_verbose, that errors in sd_j_enumerate_data are not silently ignored anymore. https://bugs.freedesktop.org/show_bug.cgi?id=56459
2013-06-10 03:50:56 +02:00
if (r == 0)
break;
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
}
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
if (arg_until_set && !arg_reverse) {
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
usec_t usec;
r = sd_journal_get_realtime_usec(j, &usec);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to determine timestamp: %m");
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
goto finish;
}
journal: fix --until https://bugs.freedesktop.org/show_bug.cgi?id=58946
2013-02-24 15:27:51 +01:00
if (usec > arg_until)
journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse
2020-01-13 10:09:45 +01:00
break;
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
}
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
if (arg_since_set && arg_reverse) {
usec_t usec;
r = sd_journal_get_realtime_usec(j, &usec);
if (r < 0) {
treewide: no need to negate errno for log_*_errno() It corrrectly handles both positive and negative errno values.
2014-11-28 13:19:16 +01:00
log_error_errno(r, "Failed to determine timestamp: %m");
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
goto finish;
}
if (usec < arg_since)
journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse
2020-01-13 10:09:45 +01:00
break;
journalctl: add --reverse option to show the newest lines first
2013-03-01 10:27:10 +01:00
}
journalctl: do not output --reboot-- markers when running non-interactively They are not legal in the export format.
2014-09-26 16:49:55 +02:00
if (!arg_merge && !arg_quiet) {
journalctl: show "Reboot" markers in output only when showing local-only entries
2012-09-06 01:52:46 +02:00
sd_id128_t boot_id;
journalctl: add a marker to log output for reboots With this we'll print a marker "----- Reboot -----" between two subsequent lines with different boot IDs.
2012-07-11 01:36:55 +02:00
journalctl: show "Reboot" markers in output only when showing local-only entries
2012-09-06 01:52:46 +02:00
r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
if (r >= 0) {
if (previous_boot_id_valid &&
!sd_id128_equal(boot_id, previous_boot_id))
systemd-delta: Only print colors when on a tty This make systemd-delta follow the behaviour of systemctl and journalctl. https://bugs.freedesktop.org/show_bug.cgi?id=67656 [zj: unify color query methods between those three programs.]
2013-08-02 07:59:02 +02:00
printf("%s-- Reboot --%s\n",
cgtop: underline table header Let's underline the header line of the table shown by cgtop, how it is customary for tables. In order to do this, let's introduce new ANSI underline macros, and clean up the existing ones as side effect.
2015-09-19 00:45:05 +02:00
ansi_highlight(), ansi_normal());
journalctl: show "Reboot" markers in output only when showing local-only entries
2012-09-06 01:52:46 +02:00
previous_boot_id = boot_id;
previous_boot_id_valid = true;
}
journalctl: add a marker to log output for reboots With this we'll print a marker "----- Reboot -----" between two subsequent lines with different boot IDs.
2012-07-11 01:36:55 +02:00
}
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#if HAVE_PCRE2
journalctl: make matching optionally case sensitive Case sensitive or case insensitive matching can be requested using --case-sensitive[=yes|no]. Unless specified, matching is case sensitive if the pattern contains any uppercase letters, and case insensitive otherwise. This matches what forward-search does in emacs, and recently also --ignore-case in less. This works surprisingly well, because usually when one is wants to do case-sensitive matching, the pattern is usually camel-cased. In the less frequent case when case-sensitive matching is required with an all-lowercase pattern, --case-sensitive can be used to override the automatic logic.
2018-01-12 14:31:49 +01:00
if (arg_compiled_pattern) {
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
_cleanup_(sym_pcre2_match_data_freep) pcre2_match_data *md = NULL;
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
const void *message;
size_t len;
journalctl: add highlighting for matched substring Red is used for highligting, the same as grep does. Except when the line is highlighted red already, because it has high priority, in which case plain ansi highlight is used for the matched substring. Coloring is implemented for short and cat outputs, and not for other types. I guess we could also add it for verbose output in the future.
2018-01-27 13:00:09 +01:00
PCRE2_SIZE *ovec;
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
md = sym_pcre2_match_data_create(1, NULL);
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
if (!md)
return log_oom();
r = sd_journal_get_data(j, "MESSAGE", &message, &len);
if (r < 0) {
if (r == -ENOENT) {
need_seek = true;
continue;
}
log_error_errno(r, "Failed to get MESSAGE field: %m");
goto finish;
}
assert_se(message = startswith(message, "MESSAGE="));
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
r = sym_pcre2_match(arg_compiled_pattern,
message,
len - strlen("MESSAGE="),
0, /* start at offset 0 in the subject */
0, /* default options */
md,
NULL);
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
if (r == PCRE2_ERROR_NOMATCH) {
need_seek = true;
continue;
}
if (r < 0) {
unsigned char buf[LINE_MAX];
int r2;
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
r2 = sym_pcre2_get_error_message(r, buf, sizeof buf);
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
log_error("Pattern matching failed: %s",
r2 < 0 ? "unknown error" : (char*) buf);
r = -EINVAL;
goto finish;
}
journalctl: add highlighting for matched substring Red is used for highligting, the same as grep does. Except when the line is highlighted red already, because it has high priority, in which case plain ansi highlight is used for the matched substring. Coloring is implemented for short and cat outputs, and not for other types. I guess we could also add it for verbose output in the future.
2018-01-27 13:00:09 +01:00
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
ovec = sym_pcre2_get_ovector_pointer(md);
journalctl: add highlighting for matched substring Red is used for highligting, the same as grep does. Except when the line is highlighted red already, because it has high priority, in which case plain ansi highlight is used for the matched substring. Coloring is implemented for short and cat outputs, and not for other types. I guess we could also add it for verbose output in the future.
2018-01-27 13:00:09 +01:00
highlight[0] = ovec[0];
highlight[1] = ovec[1];
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
}
#endif
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
flags =
journalctl: don't ellipsize unless on a tty
2012-10-18 23:22:56 +02:00
arg_all * OUTPUT_SHOW_ALL |
journalctl: flip to --full by default We already shew lines in full when using a pager or not on a tty. The commit disables ellipsization in the sole remaining case, namely when --follow is used. This has been a popular request for a long time, and indeed, full output seems much more useful. Old behaviour can still be requested by using --no-full. Old options retain their behaviour for compatiblity, but aren't advertised as much. This change applies only to jornalctl, not to systemctl, when ellipsization is useful to keep the layout. https://bugzilla.redhat.com/show_bug.cgi?id=984758
2013-10-07 03:55:18 +02:00
arg_full * OUTPUT_FULL_WIDTH |
basic/terminal-util: introduce SYSTEMD_COLORS environment variable ... to determine if color output should be enabled. If the variable is not set, fall back to using on_tty(). Also, rewrite existing code to use colors_enabled() where appropriate.
2016-01-19 10:17:19 +01:00
colors_enabled() * OUTPUT_COLOR |
journalctl: add --utc option Introduce option to display time in UTC.
2014-10-02 14:39:29 +02:00
arg_catalog * OUTPUT_CATALOG |
journalctl: add --no-hostname switch This suppresses output of the hostname for messages from the local system. Fixes: #2342
2016-04-20 20:09:57 +02:00
arg_utc * OUTPUT_UTC |
arg_no_hostname * OUTPUT_NO_HOSTNAME;
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
journal: rename output_journal to show_journal_entry We have show_journal, and output_journal, and it's not immediately clear how they related. Rename the first to show that it just prints one entry.
2018-05-16 17:12:53 +02:00
r = show_journal_entry(stdout, j, arg_output, 0, flags,
arg_output_fields, highlight, &ellipsized);
journalctl: fix verbose output when no logs are found $ journalctl -o verbose _EXE=/quiet/binary -f -- Logs begin at Sun 2013-03-17 17:28:22 EDT. -- Failed to get realtime timestamp: Cannot assign requested address JOURNAL_FOREACH_DATA_RETVAL is added, which allows the caller to get the return value from sd_journal_enumerate_data. I think we might want to expose this macro like SD_JOURNAL_FOREACH_DATA, but for now it is in journal-internal.h. There's a change in behaviour for output_*, not only in output_verbose, that errors in sd_j_enumerate_data are not silently ignored anymore. https://bugs.freedesktop.org/show_bug.cgi?id=56459
2013-06-10 03:50:56 +02:00
need_seek = true;
if (r == -EADDRNOTAVAIL)
break;
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
else if (r < 0)
journalctl: add json, export, short and verbose output modes
2011-12-21 18:17:22 +01:00
goto finish;
journalctl: fix counting of -n parameter
2012-01-04 04:00:14 +01:00
journalctl: implement --since= and --until for filtering by time
2012-10-11 16:42:46 +02:00
n_shown++;
journalctl: Periodically call sd_journal_process in journalctl If `journalctl` take a long time to process messages, and during that time journal file rotation occurs, a `journalctl` client will keep those rotated files open until it calls `sd_journal_process()`, which typically happens as a result of calling `sd_journal_wait()` below in the "following" case. By periodically calling `sd_journal_process()` during the processing loop we shrink the window of time a client instance has open file descriptors for rotated (deleted) journal files. (Lennart: slightly reworked version, that dropped some of the commenting which was solved otherwise)
2018-01-28 22:48:04 +01:00
/* If journalctl take a long time to process messages, and during that time journal file
* rotation occurs, a journalctl client will keep those rotated files open until it calls
* sd_journal_process(), which typically happens as a result of calling sd_journal_wait() below
* in the "following" case. By periodically calling sd_journal_process() during the processing
* loop we shrink the window of time a client instance has open file descriptors for rotated
* (deleted) journal files. */
if ((n_shown % PROCESS_INOTIFY_INTERVAL) == 0) {
r = sd_journal_process(j);
if (r < 0) {
log_error_errno(r, "Failed to process inotify events: %m");
goto finish;
}
}
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
}
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
if (!arg_follow) {
journalctl: honor --show-cursor in more sitatuations Try to honor --show-cursor in more situations by never terminating early when we didn't read any logs. In particular, sd_journal_previous_skip() now returns 0 when it didn't actually skip anything (for example with --lines=0), which resulted in --show-cursor not working anymore.
2017-05-11 22:39:23 +02:00
if (n_shown == 0 && !arg_quiet)
printf("-- No entries --\n");
journal: implement inotify-based live logging logic
2011-12-19 22:35:46 +01:00
break;
journalctl: augment short mode with a cursor at the end Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16 16:21:18 +02:00
}
journal: implement inotify-based live logging logic
2011-12-19 22:35:46 +01:00
shared: leave output_journal() output in buffer (#6304) e268b81e moved an fflush() from output_json() to the generic output_journal(), when it probably should have deleted all fflush() calls from logs-show.c altogether. The caller supplies the FILE * to these functions, and should be in charge of flushing as needed. The current implementation essentially defeats any buffering stdio was bringing to the table, resulting in extraneous tiny write() calls in commands like `journalctl -b`. This commit removes the fflush() call from output_journal(), and adds them to journalctl before waiting for more entries and at completion. This way in the hot path when journalctl loops on entries stdio can combine multiple entries into bulkier write() calls.
2017-07-07 20:32:21 +02:00
fflush(stdout);
journalctl: in --follow mode watch stdout for POLLHUP/POLLERR and exit Fixes: #9374
2018-10-24 21:49:52 +02:00
r = wait_for_change(j, poll_fd);
if (r < 0)
journal: implement inotify-based live logging logic
2011-12-19 22:35:46 +01:00
goto finish;
journalctl: allow --lines=0 i.e. only new Makes it easier to watch just for new entries. Once scenario is where the user starts 'journalctl -qfn0' to watch for changes during some operation.
2013-01-28 05:53:52 +01:00
first_line = false;
journal: implement multiple field matches
2011-11-08 18:20:03 +01:00
}
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
journalctl: Correctly handle --show-cursor in combination with --until or --since and --reverse
2020-01-13 10:09:45 +01:00
if (arg_show_cursor || arg_cursor_file) {
_cleanup_free_ char *cursor = NULL;
r = sd_journal_get_cursor(j, &cursor);
if (r < 0 && r != -EADDRNOTAVAIL)
log_error_errno(r, "Failed to get cursor: %m");
else if (r >= 0) {
if (arg_show_cursor)
printf("-- cursor: %s\n", cursor);
if (arg_cursor_file) {
r = write_string_file(arg_cursor_file, cursor,
WRITE_STRING_FILE_CREATE |
WRITE_STRING_FILE_ATOMIC);
if (r < 0)
log_error_errno(r,
"Failed to write new cursor to %s: %m",
arg_cursor_file);
}
}
}
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
finish:
journalctl: add command line parsing
2011-12-21 18:59:56 +01:00
pager_close();
journalctl: free arg_file on exit
2014-03-29 16:58:32 +01:00
strv_free(arg_file);
journalctl: implement --facility=foo Fixes #9716.
2020-02-27 21:36:42 +01:00
set_free(arg_facilities);
journalctl: free all command line argument objects let's try to be valgrind clean
2015-05-18 23:54:05 +02:00
strv_free(arg_syslog_identifier);
strv_free(arg_system_units);
strv_free(arg_user_units);
journalctl: add --output-fields= (#7181) This option allows restricting the shown fields in the output modes that would normally show all fields. It allows clients that are only interested in a subset of the fields to access those more efficiently. Also, it makes the resulting size of the output more predictable. It has no effect on the various `short` output modes, because those already only show a subset of the fields.
2017-10-27 05:10:47 +02:00
strv_free(arg_output_fields);
journalctl: free all command line argument objects let's try to be valgrind clean
2015-05-18 23:54:05 +02:00
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
free(arg_root);
journalctl: expunge verification key from argv (#5081) After parsing the --verify-key argument, overwrite it with null bytes. This minimizes (but does not completely eliminate) the time frame within which another process on the system can extract the verification key from the journalctl command line.
2017-01-15 05:03:00 +01:00
free(arg_verify_key);
path-util: unify how we process paths specified on the command line Let's introduce a common function that makes relative paths absolute and warns about any errors while doing so.
2015-10-22 19:54:29 +02:00
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#if HAVE_PCRE2
journalctl: return a non-zero EC when --grep returns no matches When journalctl is compiled with PCRE2 support, let's return a non-zero exit code when --grep is used and no match for given pattern is found. This should allow users to use journalctl --grep in scripts instead of piping journalctl into grep Fixes #8152
2019-05-15 19:28:09 +02:00
if (arg_compiled_pattern) {
journalctl: make pcre2 a dlopen() dependency Let's make use of the library if it is installed, but otherwise just generate a nice error and provide all other functionality.
2020-06-24 14:56:28 +02:00
sym_pcre2_code_free(arg_compiled_pattern);
journalctl: return a non-zero EC when --grep returns no matches When journalctl is compiled with PCRE2 support, let's return a non-zero exit code when --grep is used and no match for given pattern is found. This should allow users to use journalctl --grep in scripts instead of piping journalctl into grep Fixes #8152
2019-05-15 19:28:09 +02:00
/* --grep was used, no error was thrown, but the pattern didn't
* match anything. Let's mimic grep's behavior here and return
* a non-zero exit code, so journalctl --grep can be used
* in scripts and such */
if (r == 0 && n_shown == 0)
r = -ENOENT;
}
journalctl: regexp matching
2018-01-12 07:55:45 +01:00
#endif
journal: implement parallel file traversal
2011-10-14 04:44:50 +02:00
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
journal: add preliminary incomplete implementation
2011-10-07 21:06:39 +02:00
}