journalctl.c revision 99271804172f6ac51be9556b2bdf37d6a7e952bc
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan This file is part of systemd.
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan Copyright 2011 Lennart Poettering
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan systemd is free software; you can redistribute it and/or modify it
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan under the terms of the GNU Lesser General Public License as published by
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan the Free Software Foundation; either version 2.1 of the License, or
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan (at your option) any later version.
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan systemd is distributed in the hope that it will be useful, but
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan WITHOUT ANY WARRANTY; without even the implied warranty of
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan Lesser General Public License for more details.
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan You should have received a copy of the GNU Lesser General Public License
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan along with systemd; If not, see <http://www.gnu.org/licenses/>.
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan#define DEFAULT_FSS_INTERVAL_USEC (15*USEC_PER_MINUTE)
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_pager_end = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_follow = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_full = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_all = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_no_pager = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_no_tail = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_quiet = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_merge = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_this_boot = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_dmesg = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic usec_t arg_interval = DEFAULT_FSS_INTERVAL_USEC;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_since_set = false, arg_until_set = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_catalog = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic bool arg_reverse = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic enum {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic int help(void) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "Query the journal.\n\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --since=DATE Start showing entries newer or of the specified date\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --until=DATE Stop showing entries older or of the specified date\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -c --cursor=CURSOR Start showing entries from specified cursor\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -b --this-boot Show data only from current boot\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -k --dmesg Show kmsg log from current boot\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -u --unit=UNIT Show data only from the specified unit\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --user-unit=UNIT Show data only from the specified user session unit\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -p --priority=RANGE Show only messages within the specified priority range\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -e --pager-end Immediately jump to end of the journal in the pager\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -f --follow Follow journal\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -n --lines[=INTEGER] Number of journal entries to show\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --no-tail Show all lines, even in follow mode\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -r --reverse Show the newest entries first\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -o --output=STRING Change journal output mode (short, short-monotonic,\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " verbose, export, json, json-pretty, json-sse, cat)\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -x --catalog Add message explanations where available\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --full Do not ellipsize fields\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -a --all Show all fields, including long and unprintable\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -q --quiet Don't show privilege warning\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --no-pager Do not pipe output into a pager\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -m --merge Show entries from all available journals\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -D --directory=PATH Show journal files from directory\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --root=ROOT Operate on catalog files underneath the root ROOT\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --interval=TIME Time interval for changing the FSS sealing key\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --verify-key=KEY Specify FSS verification key\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "\nCommands:\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -h --help Show this help\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --version Show package version\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --new-id128 Generate a new 128 Bit ID\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --header Show journal header information\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --disk-usage Show total disk usage\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " -F --field=FIELD List all values a certain field takes\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --list-catalog Show message IDs of all entries in the message catalog\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --dump-catalog Show entries in the message catalog\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --update-catalog Update the message catalog database\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --setup-keys Generate new FSS key pair\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " --verify Verify journal file consistency\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "new-id128", no_argument, NULL, ARG_NEW_ID128 },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "setup-keys", no_argument, NULL, ARG_SETUP_KEYS },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "interval", required_argument, NULL, ARG_INTERVAL },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "verify-key", required_argument, NULL, ARG_VERIFY_KEY },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "disk-usage", no_argument, NULL, ARG_DISK_USAGE },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "user-unit", required_argument, NULL, ARG_USER_UNIT },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "list-catalog", no_argument, NULL, ARG_LIST_CATALOG },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "dump-catalog", no_argument, NULL, ARG_DUMP_CATALOG },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan { "update-catalog",no_argument, NULL, ARG_UPDATE_CATALOG },
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan while ((c = getopt_long(argc, argv, "hefo:an::qmbkD:p:c:u:F:xr", options, NULL)) >= 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan switch (c) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Unknown output format '%s'.", optarg);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0 || arg_lines < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* Hmm, no argument? Maybe the next
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * word on the command line is
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * supposed to be the argument? Let's
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * see if there is one, and is
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * parsable as a positive
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * integer... */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0 || arg_interval <= 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to parse sealing key change interval: %s", optarg);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Forward-secure sealing not available.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan const char *dots;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* a range */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to parse log level range %s", optarg);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (p < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan for (i = 0; i <= p; i++)
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to parse timestamp: %s", optarg);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to parse timestamp: %s", optarg);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (arg_since_set && arg_until_set && arg_since > arg_until) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Please specify either --since= or --cursor=, not both.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Please specify either --reverse= or --follow=, not both.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic int generate_new_id128(void) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to generate ID: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "As UUID:\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x\n\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "As macro:\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "#define MESSAGE_XYZ SD_ID128_MAKE(",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan for (i = 0; i < 16; i++)
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan printf("%02x%s", id.bytes[i], i != 15 ? "," : "");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan ">>> import uuid\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan ">>> MESSAGE_XYZ = uuid.UUID('" SD_ID128_FORMAT_STR "')\n",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic int add_matches(sd_journal *j, char **args) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan else if (path_is_absolute(*i)) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan const char *path;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan path = p ? p : *i;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan asprintf(&t, "_KERNEL_DEVICE=c%u:%u", major(st.st_rdev), minor(st.st_rdev));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan asprintf(&t, "_KERNEL_DEVICE=b%u:%u", major(st.st_rdev), minor(st.st_rdev));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("File is neither a device node, nor regular file, nor executable: %s", *i);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to add match '%s': %s", *i, strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to get boot id: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_add_match(j, match, strlen(match));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to add match: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_add_match(j, "_TRANSPORT=kernel", strlen("_TRANSPORT=kernel"));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to add match: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_add_match(j, match, strlen(match));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to add match: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic int setup_keys(void) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to get machine ID: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to get boot ID: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (asprintf(&p, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Sealing key file %s exists already.", p);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (asprintf(&k, "/var/log/journal/" SD_ID128_FORMAT_STR "/fss.tmp.XXXXXX",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan mpk_size = FSPRG_mskinbytes(FSPRG_RECOMMENDED_SECPAR);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan state_size = FSPRG_stateinbytes(FSPRG_RECOMMENDED_SECPAR);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan fd = open("/dev/random", O_RDONLY|O_CLOEXEC|O_NOCTTY);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to read random seed: %s", strerror(EIO));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan FSPRG_GenMK(NULL, mpk, seed, seed_size, FSPRG_RECOMMENDED_SECPAR);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* Enable secure remove, exclusion from dump, synchronous
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * writing and in-place updating */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan attr |= FS_SECRM_FL|FS_NODUMP_FL|FS_SYNC_FL|FS_NOCOW_FL;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan h.fsprg_secpar = htole16(FSPRG_RECOMMENDED_SECPAR);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (l < 0 || (size_t) l != sizeof(h)) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to write header: %s", strerror(EIO));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to write state: %s", strerror(EIO));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (link(k, p) < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "The new key pair has been generated. The " ANSI_HIGHLIGHT_ON "secret sealing key" ANSI_HIGHLIGHT_OFF " has been written to\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "the following local file. This key file is automatically updated when the\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "sealing key is advanced. It should not be used on multiple hosts.\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "Please write down the following " ANSI_HIGHLIGHT_ON "secret verification key" ANSI_HIGHLIGHT_OFF ". It should be stored\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "at a safe location and should not be saved locally on disk.\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan for (i = 0; i < seed_size; i++) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (i > 0 && i % 3 == 0)
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan printf("/%llx-%llx\n", (unsigned long long) n, (unsigned long long) arg_interval);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "The sealing key is automatically changed every %s.\n",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan format_timespan(tsb, sizeof(tsb), arg_interval, 0));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan fprintf(stderr, "\nThe keys have been generated for host %s/" SD_ID128_FORMAT_STR ".\n", hn, SD_ID128_FORMAT_VAL(machine));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan fprintf(stderr, "\nThe keys have been generated for host " SD_ID128_FORMAT_STR ".\n", SD_ID128_FORMAT_VAL(machine));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* If this is not an UTF-8 system don't print any QR codes */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan fputs("\nTo transfer the verification key to your phone please scan the QR code below:\n\n", stderr);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan print_qr_code(stderr, seed, seed_size, n, arg_interval, hn, machine);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Forward-secure sealing not available.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (!arg_verify_key && JOURNAL_HEADER_SEALED(f->header))
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_notice("Journal file %s has sealing enabled but verification key has not been passed using --verify-key=.", f->path);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan k = journal_file_verify(f, arg_verify_key, &first, &validated, &last, true);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (k == -EINVAL) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* If the key was invalid give up right-away. */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan } else if (k < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_warning("FAIL: %s (%s)", f->path, strerror(-k));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX], c[FORMAT_TIMESPAN_MAX];
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (arg_verify_key && JOURNAL_HEADER_SEALED(f->header)) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_info("=> Validated from %s to %s, final %s entries not sealed.",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan format_timespan(c, sizeof(c), last > validated ? last - validated : 0, 0));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan } else if (last > 0)
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_info("=> No sealing yet, %s of entries not sealed.",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_info("=> No sealing yet, no entries in file.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Loganstatic int access_check_var_log_journal(sd_journal *j) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* Let's enumerate all groups from the default ACL of
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * the directory, which generally should allow access
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * to most journal files too */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = search_acl_groups(&g, "/var/log/journal/", &have_access);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " turn off this notice.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " Users in the groups '%s' can see all messages.\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan " Pass -q to turn off this notice.", s);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* If /var/log/journal doesn't even exist,
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan * unprivileged users have no access at all */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "enabled. Users in the 'systemd-journal' group may always access messages.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* If /var/log/journal exists, try to pring a nice
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan notice if the user lacks access to it */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan "group may access messages.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("No journal files were opened due to insufficient permissions.");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_warning("Error was encountered while opening journal files: %s",
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan bool need_seek = false;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan bool previous_boot_id_valid = false, first_line = true;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan copy = strjoin(arg_root, "/", CATALOG_DATABASE, NULL);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = catalog_update(database, arg_root, catalog_file_dirs);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to list catalog: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan bool oneline = arg_action == ACTION_LIST_CATALOG;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to list catalog: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_open_directory(&j, arg_directory, 0);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_open(&j, arg_merge ? 0 : SD_JOURNAL_LOCAL_ONLY);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to open journal: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan /* Opening the fd now means the first sd_journal_wait() will actually wait */
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan const void *data;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to unset data size threshold");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to query unique data objects: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan const void *eq;
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan printf("%.*s\n", (int) (size - ((const uint8_t*) eq - (const uint8_t*) data + 1)), (const char*) eq + 1);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan printf("%.*s\n", (int) size, (const char*) data);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to cursor: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to date: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to date: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan } else if (arg_lines >= 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to tail: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to tail: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to seek to head: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to iterate through journal: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan char start_buf[FORMAT_TIMESTAMP_MAX], end_buf[FORMAT_TIMESTAMP_MAX];
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_get_cutoff_realtime_usec(j, &start, &end);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to get cutoff: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r > 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan format_timestamp(start_buf, sizeof(start_buf), start));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan format_timestamp(start_buf, sizeof(start_buf), start),
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan format_timestamp(end_buf, sizeof(end_buf), end));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan while (arg_lines < 0 || n_shown < arg_lines || (arg_follow && !first_line)) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to iterate through journal: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to determine timestamp: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Failed to determine timestamp: %s", strerror(-r));
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = sd_journal_get_monotonic_usec(j, NULL, &boot_id);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r >= 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan printf(ANSI_HIGHLIGHT_ON "-- Reboot --" ANSI_HIGHLIGHT_OFF "\n");
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan (arg_full || !on_tty() || pager_have()) * OUTPUT_FULL_WIDTH |
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan r = output_journal(stdout, j, arg_output, 0, flags);
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan if (r < 0) {
617e2443dfc17fe44fd44c0675d6aad2ffc9df42Mark Logan log_error("Couldn't wait for journal event: %s", strerror(-r));