summaryrefslogtreecommitdiff
path: root/man/systemd.journal-fields.xml
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-11-15 10:10:41 -0500
committerAnthony G. Basile <blueness@gentoo.org>2012-11-15 10:10:41 -0500
commit2944f347d087ff24ec808e4b70fe104a772a97a0 (patch)
treea5de4fbefe16ef359a526442fb41251f123399d5 /man/systemd.journal-fields.xml
parent678b0b89572768b21d8b74360d55b75b233799c4 (diff)
parentd025f1e4dca8fc1436aff76f9e6185fe3e728daa (diff)
Fork of Original Code Base: anongit.freedesktop.org/systemd
This is the initial fork of the code base from freedsktop.org. The code is provided here as a reference of the initial starting point and for possible future checkouts after a large portion of this code is removed. Merge git://anongit.freedesktop.org/systemd/systemd
Diffstat (limited to 'man/systemd.journal-fields.xml')
-rw-r--r--man/systemd.journal-fields.xml450
1 files changed, 450 insertions, 0 deletions
diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml
new file mode 100644
index 0000000000..76a436d650
--- /dev/null
+++ b/man/systemd.journal-fields.xml
@@ -0,0 +1,450 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+
+<!--
+ This file is part of systemd.
+
+ Copyright 2010 Lennart Poettering
+
+ systemd is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ systemd is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with systemd; If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<refentry id="systemd.journal-fields">
+
+ <refentryinfo>
+ <title>systemd.journal-fields</title>
+ <productname>systemd</productname>
+
+ <authorgroup>
+ <author>
+ <contrib>Developer</contrib>
+ <firstname>Lennart</firstname>
+ <surname>Poettering</surname>
+ <email>lennart@poettering.net</email>
+ </author>
+ </authorgroup>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd.journal-fields</refentrytitle>
+ <manvolnum>7</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd.journal-fields</refname>
+ <refpurpose>Special journal fields</refpurpose>
+ </refnamediv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para>Entries in the journal resemble an environment
+ block in their syntax, however with fields that can
+ include binary data. Primarily, fields are formatted
+ UTF-8 text strings, and binary formatting is used only
+ where formatting as UTF-8 text strings makes little
+ sense. New fields may freely be defined by
+ applications, but a few fields have special
+ meaning. All fields with special meanings are
+ optional. In some cases fields may appear more than
+ once per entry.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>User Journal Fields</title>
+
+ <para>User fields are fields that are directly passed
+ from clients and stored in the journal.</para>
+
+ <variablelist class='journal-directives'>
+ <varlistentry>
+ <term><varname>MESSAGE=</varname></term>
+ <listitem>
+ <para>The human readable
+ message string for this
+ entry. This is supposed to be
+ the primary text shown to the
+ user. It is usually not
+ translated (but might be in
+ some cases), and is not
+ supposed to be parsed for meta
+ data.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>MESSAGE_ID=</varname></term>
+ <listitem>
+ <para>A 128bit message
+ identifier ID for recognizing
+ certain message types, if this
+ is desirable. This should
+ contain a 128bit id formatted
+ as lower-case hexadecimal
+ string, without any separating
+ dashes or suchlike. This is
+ recommended to be a UUID
+ compatible ID, but this is not
+ enforced, and formatted
+ differently. Developers can
+ generate a new ID for this
+ purpose with
+ <command>journalctl
+ --new-id</command>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>PRIORITY=</varname></term>
+ <listitem>
+ <para>A priority value between
+ 0 (<literal>emerg</literal>)
+ and 7
+ (<literal>debug</literal>)
+ formatted as decimal
+ string. This field is
+ compatible with syslog's
+ priority concept.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>CODE_FILE=</varname></term>
+ <term><varname>CODE_LINE=</varname></term>
+ <term><varname>CODE_FUNC=</varname></term>
+ <listitem>
+ <para>The code location
+ generating this message, if
+ known. Contains the source
+ file name, the line number and
+ the function name.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>ERRNO=</varname></term>
+ <listitem>
+ <para>The low-level Unix error
+ number causing this entry, if
+ any. Contains the numeric
+ value of
+ <citerefentry><refentrytitle>errno</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ formatted as decimal
+ string.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>SYSLOG_FACILITY=</varname></term>
+ <term><varname>SYSLOG_IDENTIFIER=</varname></term>
+ <term><varname>SYSLOG_PID=</varname></term>
+ <listitem>
+ <para>Syslog compatibility
+ fields containing the facility
+ (formatted as decimal string),
+ the identifier string
+ (i.e. "tag"), and the client
+ PID.</para>
+ </listitem>
+
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Trusted Journal Fields</title>
+
+ <para>Fields prefixed with an underscore are trusted
+ fields, i.e. fields that are implicitly added by the
+ journal and cannot be altered by client code.</para>
+
+ <variablelist class='journal-directives'>
+ <varlistentry>
+ <term><varname>_PID=</varname></term>
+ <term><varname>_UID=</varname></term>
+ <term><varname>_GID=</varname></term>
+ <listitem>
+ <para>The process, user and
+ group ID of the process the
+ journal entry originates from
+ formatted as decimal
+ string.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_COMM=</varname></term>
+ <term><varname>_EXE=</varname></term>
+ <term><varname>_CMDLINE=</varname></term>
+ <listitem>
+ <para>The name, the executable
+ path and the command line of
+ the process the journal entry
+ originates from.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_AUDIT_SESSION=</varname></term>
+ <term><varname>_AUDIT_LOGINUID=</varname></term>
+ <listitem>
+ <para>The session and login
+ UID of the process the journal
+ entry originates from, as
+ maintained by the kernel audit
+ subsystem.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_SYSTEMD_CGROUP=</varname></term>
+ <term><varname>_SYSTEMD_SESSION=</varname></term>
+ <term><varname>_SYSTEMD_UNIT=</varname></term>
+ <term><varname>_SYSTEMD_OWNER_UID=</varname></term>
+
+ <listitem>
+ <para>The control group path in
+ the systemd hierarchy, the
+ systemd session ID (if any),
+ the systemd unit name (if any)
+ and the owner UID of the
+ systemd session (if any) of
+ the process the journal entry
+ originates from.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_SELINUX_CONTEXT=</varname></term>
+ <listitem>
+ <para>The SELinux security
+ context of the process the
+ journal entry originates
+ from.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_SOURCE_REALTIME_TIMESTAMP=</varname></term>
+ <listitem>
+ <para>The earliest trusted
+ timestamp of the message, if
+ any is known that is different
+ from the reception time of the
+ journal. This is the time in
+ usec since the epoch UTC
+ formatted as decimal
+ string.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_BOOT_ID=</varname></term>
+ <listitem>
+ <para>The kernel boot ID for
+ the boot the message was
+ generated in, formatted as
+ 128bit hexadecimal
+ string.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_MACHINE_ID=</varname></term>
+ <listitem>
+ <para>The machine ID of the
+ originating host, as available
+ in
+ <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_HOSTNAME=</varname></term>
+ <listitem>
+ <para>The name of the
+ originating host.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>_TRANSPORT=</varname></term>
+ <listitem>
+ <para>How the entry was
+ received by the journal
+ service. One of
+ <literal>driver</literal>,
+ <literal>syslog</literal>,
+ <literal>journal</literal>,
+ <literal>stdout</literal>,
+ <literal>kernel</literal> for
+ internally generated messages,
+ for those received via the
+ local syslog socket with the
+ syslog protocol, for those
+ received via the native
+ journal protocol, for the
+ those read from a services'
+ standard output or error
+ output, or for those read
+ from the kernel, respectively.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Kernel Journal Fields</title>
+
+ <para>Kernel fields are fields that are used by
+ messages originating in the kernel and stored in the
+ journal.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term>_KERNEL_DEVICE=</term>
+ <listitem>
+ <para>The kernel device
+ name. If the entry is
+ associated to a block device,
+ the major and minor of the
+ device node, separated by ':'
+ and prefixed by 'b'. Similar
+ for character devices, but
+ prefixed by 'c'. For network
+ devices the interface index,
+ prefixed by 'n'. For all other
+ devices '+' followed by the
+ subsystem name, followed by
+ ':', followed by the kernel
+ device name.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>_KERNEL_SUBSYSTEM=</term>
+ <listitem>
+ <para>The kernel subsystem name.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>_UDEV_SYSNAME=</term>
+ <listitem>
+ <para>The kernel device name
+ as it shows up in the device
+ tree below
+ <filename>/sys</filename>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>_UDEV_DEVNODE=</term>
+ <listitem>
+ <para>The device node path of
+ this device in
+ <filename>/dev</filename>.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>_UDEV_DEVLINK=</term>
+ <listitem>
+ <para>Additional symlink names
+ pointing to the device node in
+ <filename>/dev</filename>. This
+ field is frequently set more
+ than once per entry.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Address Fields</title>
+
+ <para>During serialization into external formats, such
+ as the <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal
+ Export Format</ulink> or the <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/json">Journal
+ JSON Format</ulink>, the addresses of journal entries
+ are serialized into fields prefixed with double
+ underscores. Note that these aren't proper fields when
+ stored in the journal, but addressing meta data of
+ entries. They cannot be written as part of structured
+ log entries via calls such as
+ <citerefentry><refentrytitle>sd_journal_send</refentrytitle><manvolnum>3</manvolnum></citerefentry>. They
+ may also not be used as matches for
+ <citerefentry><refentrytitle>sd_journal_add_match</refentrytitle><manvolnum>3</manvolnum></citerefentry></para>
+
+ <variablelist class='journal-directives'>
+ <varlistentry>
+ <term><varname>__CURSOR=</varname></term>
+ <listitem>
+ <para>The cursor for the
+ entry. A cursor is an opaque
+ text string that uniquely
+ describes the position of an
+ entry in the journal and is
+ portable across machines,
+ platforms and journal
+ files.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>__REALTIME_TIMESTAMP=</varname></term>
+ <listitem>
+ <para>The wallclock time
+ (CLOCK_REALTIME) at the point
+ in time the entry was received
+ by the journal, in usec since
+ the epoch UTC formatted as
+ decimal string. This has
+ different properties from
+ <literal>_SOURCE_REALTIME_TIMESTAMP=</literal>
+ as it is usually a bit later
+ but more likely to be
+ monotonic.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>__MONOTONIC_TIMESTAMP=</varname></term>
+ <listitem>
+ <para>The monotonic time
+ (CLOCK_MONOTONIC) at the point
+ in time the entry was received
+ by the journal in usec
+ formatted as decimal
+ string. To be useful as an
+ address for the entry this
+ should be combined with with
+ boot ID in
+ <literal>_BOOT_ID=</literal>.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>sd-journal</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+
+</refentry>