summaryrefslogtreecommitdiff
path: root/src/journal
AgeCommit message (Collapse)Author
2013-08-19journal: fix parsing of facility in syslog messagesZbigniew Jędrzejewski-Szmek
In 49998b383 (journald: do not overwrite syslog facility when parsing priority) journald started ignoring facility part when reading service stderr to convert to syslog messages. In this case it is fine, because only the priority is allowed. But the same codepath is used for syslog messages, where the facility should be used. Split the two codepaths by explicitly specyfing whether the facility should be ignored or not. https://bugzilla.redhat.com/show_bug.cgi?id=988814
2013-08-11systemctl: show hint about --full when lines don't fitZbigniew Jędrzejewski-Szmek
2013-08-06journald: remove unused variableZbigniew Jędrzejewski-Szmek
2013-08-06journal: handle multiline syslog messagesHarald Hoyer
Since the journal can handle multiple lines just well natively, and rsyslog can be configured to handle them as well, there is no need to truncate messages from syslog() after the first newline. Reproducer: 1. Add following four lines to /etc/rsyslog.conf ---------- $EscapeControlCharactersOnReceive off $ActionFileDefaultTemplate RSYSLOG_SysklogdFileFormat $SpaceLFOnReceive on $DropTrailingLFOnReception off ---------- 3. Restart rsyslog # service rsyslog restart 4. Compile and run the following program ---------- #include <stdio.h> #include <syslog.h> int main() { syslog(LOG_INFO, "aaa%caaa", '\n'); return 0; } ---------- Actual results: Below message appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa ---------- Expected results: Below message, which worked prior to systemd-journald appears in /var/log/messages. ----------    Sep 7 19:19:39 localhost test2: aaa aaa https://bugzilla.redhat.com/show_bug.cgi?id=855313
2013-08-04systemd-delta: Only print colors when on a ttyDaniel Schaal
This make systemd-delta follow the behaviour of systemctl and journalctl. https://bugs.freedesktop.org/show_bug.cgi?id=67656 [zj: unify color query methods between those three programs.]
2013-08-02journal: fix hashmap leak in mmap-cacheGeorge McCollister
hashmap_free() wasn't being called on m->contexts and m->fds resulting in a leak. To reproduce do: while(1) { sd_journal_open(&j, SD_JOURNAL_LOCAL_ONLY); sd_journal_close(j); } Memory usage will increase until OOM.
2013-08-02tests: add a program for repetitive opening and closing of the journalZbigniew Jędrzejewski-Szmek
Basically wraps an example provided by George McCollister. Should help with leaks in the future.
2013-08-02coredumpctl: add more debug outputZbigniew Jędrzejewski-Szmek
It can be quite useful when somebody confuses _PID with COREDUMP_PID :).
2013-07-26journalctl: use _COMM= match for scriptsZbigniew Jędrzejewski-Szmek
In case of scripts, _EXE is set to the interpreter name, and _COMM is set based on the file name. Add a match for _COMM, and _EXE if the interpreter is not a link (e.g. for yum, the interpreter is /usr/bin/python, but it is a link to /usr/bin/python2, which in turn is a link to /usr/bin/python2.7, at least on Fedora, so we end up with _EXE=/usr/bin/python2.7). I don't think that such link chasing makes sense, because the final _EXE name is more likely to change.
2013-07-24journal: immediately sync to disk as soon as we receieve an EMERG/ALERT/CRIT ↵Lennart Poettering
message
2013-07-19journald: after the cgroup rework processes may be in both user and system ↵Lennart Poettering
units at the same time
2013-07-18journal: Leave server_dispatch_message early when Storage is noneHolger Hans Peter Freyther
When using Storage=none there is no point in collecting all the information just to throw them away. After this change journald consumes a lot less CPU time when only forwarding messages.
2013-07-18journalctl: add ”short-iso” output format with verbose ISO8601 timestampsTomasz Torcz
Example: 2013-07-18T10:10:01+0200 sandworm CROND[20957]: (root) CMD (/usr/lib64/sa/sa1 1 1)
2013-07-18journalctl: fix signedness warning and boot-id syntax checkZbigniew Jędrzejewski-Szmek
2013-07-17journalctl: remove ":" from the --boot syntaxZbigniew Jędrzejewski-Szmek
Instead of :-0, :1, :5, etc., use -0, 1 or +1, 5, etc. For BOOT_ID+OFFSET, use BOOT_ID+offset or BOOT_ID-offset (either + or - is required). Also make error handling a bit more robust and verbose. Modify the man page to describe the most common case (-b) first, and the second most common case (-b -1) second.
2013-07-16journalctl,systemctl: fix tiny memleakZbigniew Jędrzejewski-Szmek
2013-07-16journalctl: augment short mode with a cursor at the endZbigniew Jędrzejewski-Szmek
Two options are added: --show-cursor to print the cursor at the end, and --after-cursor to resume logs on the next line after the previous one.
2013-07-16journal: return -ECHILD after a forkZbigniew Jędrzejewski-Szmek
A few asserts are replaced with 'return -EINVAL'. I think that assert should not be used to check argument in public functions. Fields in struct sd_journal are rearranged to make it less swiss-cheesy.
2013-07-16journalctl: Add support for showing messages from a previous bootJan Janssen
Hi, I redid the boot ID look up to use enumerate_unique. This is quite fast if the cache is warm but painfully slow if it isn't. It has a slight chance of returning the wrong order if realtime clock jumps around. This one has to do n searches for every boot ID there is plus a sort, so it depends heavily on cache hotness. This is in contrast to the other way of look-up through filtering by a MESSAGE_ID, which only needs about 1 seek + whatever amount of relative IDs you want to walk. I also have a linked-list + (in-place) mergesort version of this patch, which has pretty much the same runtime. But since this one is using libc sorting and armortized allocation, I prefer this one. To summarize: The MESSAGE_ID way is a *lot* faster but can be incomplete due to rotation, while the enumerate+sort will find every boot ID out there but will be painfully slow for large journals and cold caches. You choose :P Jan
2013-07-16journal: add logging of effective capabilities _CAP_EFFECTIVEShawn Landden
I think this is the most important of the capabilities bitmasks to log.
2013-07-14journalctl: add --force option to recreate FSSShawn Landden
2013-07-13journalctl: have a useful --setup-keys error message when using ↵Shawn Landden
non-persistant logging Generating seed... Generating key pair... Generating sealing key... Failed to open /var/log/journal/33f46101703a10c5fc6fa4f451840101/fss.tmp.k2wDDU: No such file or directory
2013-07-12journald-server: r should be checked after journal_file_open_reliablyLukas Nykryn
2013-06-27journal-verify: Use proper printf placeholderJan Janssen
2013-06-24journald: always vacuum empty offline filesZbigniew Jędrzejewski-Szmek
Corrupted empty files are relatively common. I think they are created when a coredump for a user who never logged anything before is attempted to be written, but the write does not succeed because the coredump is too big, but there are probably other ways to create those, especially if the machine crashes at the right time. Non-corrupted empty files can also happen, e.g. if a journal file is opened, but nothing is ever successfully written to it and it is rotated because of MaxFileSec=. Either way, each "empty" journal file costs around 3 MB, and there's little point in keeping them around.
2013-06-24journald: fix space limits reportingZbigniew Jędrzejewski-Szmek
Reporting of the free space was bogus, since the remaining space was compared with the maximum allowed, instead of the current use being compared with the maximum allowed. Simplify and fix by reporting limits directly at the point where they are calculated. Also, assign a UUID to the message.
2013-06-24journal/vacuum: cleanupZbigniew Jędrzejewski-Szmek
2013-06-22journal-verify: allow unlinked data entriesZbigniew Jędrzejewski-Szmek
Sometimes an entry is not successfully written, and we end up with data items which are "unlinked", not connected to, and not used by any entry. This will usually happen when we write to write a core dump, and the initial small data fields are written successfully, but the huge COREDUMP= field is not written. This situation is hard to avoid, but the results are mostly harmless. Thus only warn about unused data items. Also, be more verbose about why journal files failed verification. This should help diagnose journal failure modes without resorting to a hexadecimal editor. https://bugs.freedesktop.org/show_bug.cgi?id=65235 (esp. see system.journal attached to the bug report).
2013-06-21journald: bump the journal per-unit ratelimit defaultsLennart Poettering
Too many people kept hitting them, so let's increase the limits a bit. https://bugzilla.redhat.com/show_bug.cgi?id=965803
2013-06-20journal: allow callers to specify OBJECT_PID=Zbigniew Jędrzejewski-Szmek
When journald encounters a message with OBJECT_PID= set coming from a priviledged process (UID==0), additional fields will be added to the message: OBJECT_UID=, OBJECT_GID=, OBJECT_COMM=, OBJECT_EXE=, OBJECT_CMDLINE=, OBJECT_AUDIT_SESSION=, OBJECT_AUDIT_LOGINUID=, OBJECT_SYSTEMD_CGROUP=, OBJECT_SYSTEMD_SESSION=, OBJECT_SYSTEMD_OWNER_UID=, OBJECT_SYSTEMD_UNIT= or OBJECT_SYSTEMD_USER_UNIT=. This is for other logging daemons, like setroubleshoot, to be able to augment their logs with data about the process. https://bugzilla.redhat.com/show_bug.cgi?id=951627
2013-06-20Add hasprefix macro to check prefixes of fixed lengthZbigniew Jędrzejewski-Szmek
2013-06-18journal: add references to SSKG paper FSS is based onLennart Poettering
2013-06-18journalctl: properly print headers of empty journalsZbigniew Jędrzejewski-Szmek
2013-06-17journalctl,loginctl,systemctl,systemd-cgls: add -l as alias for --fullDaniel Albers
https://bugs.freedesktop.org/show_bug.cgi?id=65850
2013-06-13journald: do not calculate free space too earlyZbigniew Jędrzejewski-Szmek
Since the system journal wasn't open yet, available_space() returned 0. Before: systemd-journal[22170]: Allowing system journal files to grow to 4.0G. systemd-journal[22170]: Journal size currently limited to 0B due to SystemKeepFree. After: systemd-journal[22178]: Allowing system journal files to grow to 4.0G. systemd-journal[22178]: Journal size currently limited to 3.0G due to SystemKeepFree. Also, when failing to write a message, show how much space was needed: "Failed to write entry (26 items, 260123456 bytes) despite vacuuming, ignoring: ...".
2013-06-13journal: use initialization instead of zeroingZbigniew Jędrzejewski-Szmek
2013-06-10journald: do not overwrite syslog facility when parsing priorityZbigniew Jędrzejewski-Szmek
https://bugs.freedesktop.org/show_bug.cgi?id=65610
2013-06-10journal: letting (interleaved) seqnums goZbigniew Jędrzejewski-Szmek
In the following scenario: server creates system.journal server creates user-1000.journal both journals share the same seqnum_id. Then server writes to user-1000.journal first, and server writes to system.journal a bit later, and everything is fine. The server then terminates (crash, reboot, rsyslog testing, whatever), and user-1000.journal has entries which end with a lower seqnum than system.journal. Now server is restarted server opens user-1000.journal and writes entries to it... BAM! duplicate seqnums for the same seqnum_id. Now, we usually don't see that happen, because system.journal is closed last, and opened first. Since usually at least one message is written during boot and lands in the system.journal, the seqnum is initialized from it, and is set to a number higher than than anything found in user journals. Nevertheless, if system.journal is corrupted and is rotated, it can happen that an entry is written to the user journal with a seqnum that is a duplicate with an entry found in the corrupted system.journal~. When browsing the journal, journalctl can fall into a loop where it tries to follow the seqnums, and tries to go the next location by seqnum, and is transported back in time to to the older duplicate seqnum. There is not way to find out the maximum seqnum used in a multiple files, without actually looking at all of them. But we don't want to do that because it would be slow, and actually it isn't really possible, because a file might e.g. be temporarily unaccessible. Fix the problem by using different seqnum series for user journals. Using the same seqnum series for rotated journals is still fine, because we know that nothing will write to the rotated journal anymore. Likely related: https://bugs.freedesktop.org/show_bug.cgi?id=64566 https://bugs.freedesktop.org/show_bug.cgi?id=59856 https://bugs.freedesktop.org/show_bug.cgi?id=64296 https://bugs.archlinux.org/task/35581 https://bugzilla.novell.com/show_bug.cgi?id=817778 Possibly related: https://bugs.freedesktop.org/show_bug.cgi?id=64293
2013-06-10tests: add testcase for duplicate seqnumsZbigniew Jędrzejewski-Szmek
2013-06-10tests: add testcase for skipping-entries-on-direction-change-bugMarius Vollmer
This test case failed until a3e6f050de8. Taken from https://bugs.freedesktop.org/show_bug.cgi?id=65255.
2013-06-10journal: change direction tests to use the same convention (cp </> np)Zbigniew Jędrzejewski-Szmek
The order was different in various places, which makes it harder to read to code. Also consistently use ternany for all direction checks. Remove one free(NULL).
2013-06-10journal: remember last direction of search and keep offset cacheZbigniew Jędrzejewski-Szmek
The fields in JournalFile are moved around to avoid wasting 7 bytes because of alignment.
2013-06-10journalctl: allow the user to specify the file(s) to useZbigniew Jędrzejewski-Szmek
This is useful for debugging and feels pretty natural. For example answering the question "is this big .journal file worth keeping?" is made easier.
2013-06-10journal: add sd_journal_open_filesZbigniew Jędrzejewski-Szmek
This allows the caller to explicitly specify which journal files should be opened. The same functionality could be achieved before by creating a directory and playing around with symlinks. It is useful to debug stuff and explore the journal, and has been requested before. Waiting is supported, the journal will notice modifications on the files supplied when opening the journal, but will not add any new files.
2013-06-10tests: add test for empty journal filesZbigniew Jędrzejewski-Szmek
The headers are currently not printed properly: some "(null)"s appear.
2013-06-10journalctl: print monotonic timestamp in --headerZbigniew Jędrzejewski-Szmek
2013-06-10journalctl: print proper IDs with --headerZbigniew Jędrzejewski-Szmek
The same buffer was used for two different IDs, messing up the output.
2013-06-10Use stdint.h macros instead of casts to print uint64_t valuesZbigniew Jędrzejewski-Szmek
Casts are visually heavy, and can obscure unwanted truncations.
2013-06-10journalctl: no color for --reboot-- when not on ttyZbigniew Jędrzejewski-Szmek
2013-06-10journal: loop less in MATCH_AND_TERM conditionalsZbigniew Jędrzejewski-Szmek
AND term usually don't have many subterms (4 seems to be the maximum sensible number, e.g. _BOOT_ID && _SYSTEMD_UNIT && _PID && MESSAGE_ID). Nevertheless, the cost of checking each subterm can be relatively high, especially when the nested terms are compound, and it makes sense to minimize the number of checks. Instead of looping to the end and then again over the whole list once again after at least one term changed the offset, start the loop at the term which caused the change. This way ½ terms in the AND match are not checked unnecessarily again.