proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2025-05-29 11:51:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e735f4d4ea
systemd/man/systemd.journal-fields.html
Martin Pitt e735f4d4ea Imported Upstream version 219
2015-02-17 11:22:16 +01:00

182 lines
22 KiB
HTML
Raw Blame History

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>systemd.journal-fields</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><style>
a.headerlink {
color: #c60f0f;
font-size: 0.8em;
padding: 0 4px 0 4px;
text-decoration: none;
visibility: hidden;
}
a.headerlink:hover {
background-color: #c60f0f;
color: white;
}
h1:hover > a.headerlink, h2:hover > a.headerlink, h3:hover > a.headerlink, dt:hover > a.headerlink {
visibility: visible;
}
</style><a href="index.html">Index </a>·
<a href="systemd.directives.html">Directives </a>·
<a href="../python-systemd/index.html">Python </a>·
<a href="../libudev/index.html">libudev </a>·
<a href="../libudev/index.html">gudev </a><span style="float:right">systemd 219</span><hr><div class="refentry"><a name="systemd.journal-fields"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>systemd.journal-fields — Special journal fields</p></div><div class="refsect1"><a name="idm139894911856720"></a><h2 id="Description">Description<a class="headerlink" title="Permalink to this headline" href="#Description"></a></h2><p>Entries in the journal resemble an environment block in
their syntax but with fields that can include binary data.
Primarily, fields are formatted UTF-8 text strings, and binary
formatting is used only where formatting as UTF-8 text strings
makes little sense. New fields may freely be defined by
applications, but a few fields have special meaning. All fields
with special meanings are optional. In some cases, fields may
appear more than once per entry.</p></div><div class="refsect1"><a name="idm139894908072976"></a><h2 id="User Journal Fields">User Journal Fields<a class="headerlink" title="Permalink to this headline" href="#User%20Journal%20Fields"></a></h2><p>User fields are fields that are directly passed from clients
and stored in the journal.</p><div class="variablelist"><dl class="variablelist"><dt id="MESSAGE="><span class="term"><code class="varname">MESSAGE=</code></span><a class="headerlink" title="Permalink to this term" href="#MESSAGE="></a></dt><dd><p>The human-readable message string for this entry. This
is supposed to be the primary text shown to the user. It is
usually not translated (but might be in some cases), and is
not supposed to be parsed for meta data.</p></dd><dt id="MESSAGE_ID="><span class="term"><code class="varname">MESSAGE_ID=</code></span><a class="headerlink" title="Permalink to this term" href="#MESSAGE_ID="></a></dt><dd><p>A 128-bit message identifier ID for recognizing
certain message types, if this is desirable. This should
contain a 128-bit ID formatted as a lower-case hexadecimal
string, without any separating dashes or suchlike. This is
recommended to be a UUID-compatible ID, but this is not
enforced, and formatted differently. Developers can generate
a new ID for this purpose with <span class="command"><strong>journalctl
<code class="option">--new-id</code></strong></span>.
</p></dd><dt id="PRIORITY="><span class="term"><code class="varname">PRIORITY=</code></span><a class="headerlink" title="Permalink to this term" href="#PRIORITY="></a></dt><dd><p>A priority value between 0 ("<code class="literal">emerg</code>")
and 7 ("<code class="literal">debug</code>") formatted as a decimal
string. This field is compatible with syslog's priority
concept.</p></dd><dt id="CODE_FILE="><span class="term"><code class="varname">CODE_FILE=</code>, </span><span class="term"><code class="varname">CODE_LINE=</code>, </span><span class="term"><code class="varname">CODE_FUNC=</code></span><a class="headerlink" title="Permalink to this term" href="#CODE_FILE="></a></dt><dd><p>The code location generating this message, if known.
Contains the source filename, the line number and the
function name.</p></dd><dt id="ERRNO="><span class="term"><code class="varname">ERRNO=</code></span><a class="headerlink" title="Permalink to this term" href="#ERRNO="></a></dt><dd><p>The low-level Unix error number causing this entry, if
any. Contains the numeric value of
<a href="http://man7.org/linux/man-pages/man3/errno.3.html"><span class="citerefentry"><span class="refentrytitle">errno</span>(3)</span></a>
formatted as a decimal string.</p></dd><dt id="SYSLOG_FACILITY="><span class="term"><code class="varname">SYSLOG_FACILITY=</code>, </span><span class="term"><code class="varname">SYSLOG_IDENTIFIER=</code>, </span><span class="term"><code class="varname">SYSLOG_PID=</code></span><a class="headerlink" title="Permalink to this term" href="#SYSLOG_FACILITY="></a></dt><dd><p>Syslog compatibility fields containing the facility
(formatted as decimal string), the identifier string (i.e.
"tag"), and the client PID. (Note that the tag is usually
derived from glibc's
<code class="varname">program_invocation_short_name</code> variable,
see
<a href="program_invocation_short_name.html"><span class="citerefentry"><span class="refentrytitle">program_invocation_short_name</span>(3)</span></a>.)</p></dd></dl></div></div><div class="refsect1"><a name="idm139894911953200"></a><h2 id="Trusted Journal Fields">Trusted Journal Fields<a class="headerlink" title="Permalink to this headline" href="#Trusted%20Journal%20Fields"></a></h2><p>Fields prefixed with an underscore are trusted fields, i.e.
fields that are implicitly added by the journal and cannot be
altered by client code.</p><div class="variablelist"><dl class="variablelist"><dt id="_PID="><span class="term"><code class="varname">_PID=</code>, </span><span class="term"><code class="varname">_UID=</code>, </span><span class="term"><code class="varname">_GID=</code></span><a class="headerlink" title="Permalink to this term" href="#_PID="></a></dt><dd><p>The process, user, and group ID of the process the
journal entry originates from formatted as a decimal
string.</p></dd><dt id="_COMM="><span class="term"><code class="varname">_COMM=</code>, </span><span class="term"><code class="varname">_EXE=</code>, </span><span class="term"><code class="varname">_CMDLINE=</code></span><a class="headerlink" title="Permalink to this term" href="#_COMM="></a></dt><dd><p>The name, the executable path, and the command line of
the process the journal entry originates from.</p></dd><dt id="_CAP_EFFECTIVE="><span class="term"><code class="varname">_CAP_EFFECTIVE=</code></span><a class="headerlink" title="Permalink to this term" href="#_CAP_EFFECTIVE="></a></dt><dd><p>The effective
<a href="http://man7.org/linux/man-pages/man7/capabilities.7.html"><span class="citerefentry"><span class="refentrytitle">capabilities</span>(7)</span></a>
of the process the journal entry originates from.</p></dd><dt id="_AUDIT_SESSION="><span class="term"><code class="varname">_AUDIT_SESSION=</code>, </span><span class="term"><code class="varname">_AUDIT_LOGINUID=</code></span><a class="headerlink" title="Permalink to this term" href="#_AUDIT_SESSION="></a></dt><dd><p>The session and login UID of the process the journal
entry originates from, as maintained by the kernel audit
subsystem.</p></dd><dt id="_SYSTEMD_CGROUP="><span class="term"><code class="varname">_SYSTEMD_CGROUP=</code>, </span><span class="term"><code class="varname">_SYSTEMD_SESSION=</code>, </span><span class="term"><code class="varname">_SYSTEMD_UNIT=</code>, </span><span class="term"><code class="varname">_SYSTEMD_USER_UNIT=</code>, </span><span class="term"><code class="varname">_SYSTEMD_OWNER_UID=</code>, </span><span class="term"><code class="varname">_SYSTEMD_SLICE=</code></span><a class="headerlink" title="Permalink to this term" href="#_SYSTEMD_CGROUP="></a></dt><dd><p>The control group path in the systemd hierarchy, the
systemd session ID (if any), the systemd unit name (if any),
the systemd user session unit name (if any), the owner UID
of the systemd session (if any) and the systemd slice unit
of the process the journal entry originates from.</p></dd><dt id="_SELINUX_CONTEXT="><span class="term"><code class="varname">_SELINUX_CONTEXT=</code></span><a class="headerlink" title="Permalink to this term" href="#_SELINUX_CONTEXT="></a></dt><dd><p>The SELinux security context (label) of the process
the journal entry originates from.</p></dd><dt id="_SOURCE_REALTIME_TIMESTAMP="><span class="term"><code class="varname">_SOURCE_REALTIME_TIMESTAMP=</code></span><a class="headerlink" title="Permalink to this term" href="#_SOURCE_REALTIME_TIMESTAMP="></a></dt><dd><p>The earliest trusted timestamp of the message, if any
is known that is different from the reception time of the
journal. This is the time in microseconds since the epoch
UTC, formatted as a decimal string.</p></dd><dt id="_BOOT_ID="><span class="term"><code class="varname">_BOOT_ID=</code></span><a class="headerlink" title="Permalink to this term" href="#_BOOT_ID="></a></dt><dd><p>The kernel boot ID for the boot the message was
generated in, formatted as a 128-bit hexadecimal
string.</p></dd><dt id="_MACHINE_ID="><span class="term"><code class="varname">_MACHINE_ID=</code></span><a class="headerlink" title="Permalink to this term" href="#_MACHINE_ID="></a></dt><dd><p>The machine ID of the originating host, as available
in
<a href="machine-id.html"><span class="citerefentry"><span class="refentrytitle">machine-id</span>(5)</span></a>.</p></dd><dt id="_HOSTNAME="><span class="term"><code class="varname">_HOSTNAME=</code></span><a class="headerlink" title="Permalink to this term" href="#_HOSTNAME="></a></dt><dd><p>The name of the originating host.</p></dd><dt id="_TRANSPORT="><span class="term"><code class="varname">_TRANSPORT=</code></span><a class="headerlink" title="Permalink to this term" href="#_TRANSPORT="></a></dt><dd><p>How the entry was received by the journal service.
Valid transports are:
</p><div class="variablelist"><dl class="variablelist"><dt id="
driver
"><span class="term">
<code class="option">driver</code>
</span><a class="headerlink" title="Permalink to this term" href="#%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20driver%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20"></a></dt><dd><p>for internally generated messages
</p></dd><dt id="
syslog
"><span class="term">
<code class="option">syslog</code>
</span><a class="headerlink" title="Permalink to this term" href="#%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20syslog%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20"></a></dt><dd><p>for those received via the local syslog socket
with the syslog protocol
</p></dd><dt id="
journal
"><span class="term">
<code class="option">journal</code>
</span><a class="headerlink" title="Permalink to this term" href="#%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20journal%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20"></a></dt><dd><p>for those received via the native journal
protocol
</p></dd><dt id="
stdout
"><span class="term">
<code class="option">stdout</code>
</span><a class="headerlink" title="Permalink to this term" href="#%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20stdout%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20"></a></dt><dd><p>for those read from a service's standard output
or error output
</p></dd><dt id="
kernel
"><span class="term">
<code class="option">kernel</code>
</span><a class="headerlink" title="Permalink to this term" href="#%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20kernel%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20"></a></dt><dd><p>for those read from the kernel
</p></dd></dl></div></dd></dl></div></div><div class="refsect1"><a name="idm139894906994224"></a><h2 id="Kernel Journal Fields">Kernel Journal Fields<a class="headerlink" title="Permalink to this headline" href="#Kernel%20Journal%20Fields"></a></h2><p>Kernel fields are fields that are used by messages
originating in the kernel and stored in the journal.</p><div class="variablelist"><dl class="variablelist"><dt id="_KERNEL_DEVICE="><span class="term"><code class="varname">_KERNEL_DEVICE=</code></span><a class="headerlink" title="Permalink to this term" href="#_KERNEL_DEVICE="></a></dt><dd><p>The kernel device name. If the entry is associated to
a block device, the major and minor of the device node,
separated by "<code class="literal">:</code>" and prefixed by
"<code class="literal">b</code>". Similar for character devices but
prefixed by "<code class="literal">c</code>". For network devices, this
is the interface index prefixed by "<code class="literal">n</code>". For
all other devices, this is the subsystem name prefixed by
"<code class="literal">+</code>", followed by "<code class="literal">:</code>",
followed by the kernel device name.</p></dd><dt id="_KERNEL_SUBSYSTEM="><span class="term"><code class="varname">_KERNEL_SUBSYSTEM=</code></span><a class="headerlink" title="Permalink to this term" href="#_KERNEL_SUBSYSTEM="></a></dt><dd><p>The kernel subsystem name.</p></dd><dt id="_UDEV_SYSNAME="><span class="term"><code class="varname">_UDEV_SYSNAME=</code></span><a class="headerlink" title="Permalink to this term" href="#_UDEV_SYSNAME="></a></dt><dd><p>The kernel device name as it shows up in the device
tree below <code class="filename">/sys</code>.</p></dd><dt id="_UDEV_DEVNODE="><span class="term"><code class="varname">_UDEV_DEVNODE=</code></span><a class="headerlink" title="Permalink to this term" href="#_UDEV_DEVNODE="></a></dt><dd><p>The device node path of this device in
<code class="filename">/dev</code>.</p></dd><dt id="_UDEV_DEVLINK="><span class="term"><code class="varname">_UDEV_DEVLINK=</code></span><a class="headerlink" title="Permalink to this term" href="#_UDEV_DEVLINK="></a></dt><dd><p>Additional symlink names pointing to the device node
in <code class="filename">/dev</code>. This field is frequently set
more than once per entry.</p></dd></dl></div></div><div class="refsect1"><a name="idm139894906978032"></a><h2 id="Fields to log on behalf of a different program">Fields to log on behalf of a different program<a class="headerlink" title="Permalink to this headline" href="#Fields%20to%20log%20on%20behalf%20of%20a%20different%20program"></a></h2><p>Fields in this section are used by programs to specify that
they are logging on behalf of another program or unit.
</p><p>Fields used by the <span class="command"><strong>systemd-coredump</strong></span>
coredump kernel helper:
</p><div class="variablelist"><dl class="variablelist"><dt id="COREDUMP_UNIT="><span class="term"><code class="varname">COREDUMP_UNIT=</code>, </span><span class="term"><code class="varname">COREDUMP_USER_UNIT=</code></span><a class="headerlink" title="Permalink to this term" href="#COREDUMP_UNIT="></a></dt><dd><p>Used to annotate messages containing coredumps from
system and session units. See
<a href="coredumpctl.html"><span class="citerefentry"><span class="refentrytitle">coredumpctl</span>(1)</span></a>.
</p></dd></dl></div><p>Priviledged programs (currently UID 0) may attach
<code class="varname">OBJECT_PID=</code> to a message. This will instruct
<span class="command"><strong>systemd-journald</strong></span> to attach additional fields on
behalf of the caller:</p><div class="variablelist"><dl class="variablelist"><dt id="OBJECT_PID=PID"><span class="term"><code class="varname">OBJECT_PID=<em class="replaceable"><code>PID</code></em></code></span><a class="headerlink" title="Permalink to this term" href="#OBJECT_PID=PID"></a></dt><dd><p>PID of the program that this message pertains to.
</p></dd><dt id="OBJECT_UID="><span class="term"><code class="varname">OBJECT_UID=</code>, </span><span class="term"><code class="varname">OBJECT_GID=</code>, </span><span class="term"><code class="varname">OBJECT_COMM=</code>, </span><span class="term"><code class="varname">OBJECT_EXE=</code>, </span><span class="term"><code class="varname">OBJECT_CMDLINE=</code>, </span><span class="term"><code class="varname">OBJECT_AUDIT_SESSION=</code>, </span><span class="term"><code class="varname">OBJECT_AUDIT_LOGINUID=</code>, </span><span class="term"><code class="varname">OBJECT_SYSTEMD_CGROUP=</code>, </span><span class="term"><code class="varname">OBJECT_SYSTEMD_SESSION=</code>, </span><span class="term"><code class="varname">OBJECT_SYSTEMD_OWNER_UID=</code>, </span><span class="term"><code class="varname">OBJECT_SYSTEMD_UNIT=</code>, </span><span class="term"><code class="varname">OBJECT_SYSTEMD_USER_UNIT=</code></span><a class="headerlink" title="Permalink to this term" href="#OBJECT_UID="></a></dt><dd><p>These are additional fields added automatically by
<span class="command"><strong>systemd-journald</strong></span>. Their meaning is the
same as
<code class="varname">_UID=</code>,
<code class="varname">_GID=</code>,
<code class="varname">_COMM=</code>,
<code class="varname">_EXE=</code>,
<code class="varname">_CMDLINE=</code>,
<code class="varname">_AUDIT_SESSION=</code>,
<code class="varname">_AUDIT_LOGINUID=</code>,
<code class="varname">_SYSTEMD_CGROUP=</code>,
<code class="varname">_SYSTEMD_SESSION=</code>,
<code class="varname">_SYSTEMD_UNIT=</code>,
<code class="varname">_SYSTEMD_USER_UNIT=</code>, and
<code class="varname">_SYSTEMD_OWNER_UID=</code>
as described above, except that the process identified by
<em class="replaceable"><code>PID</code></em> is described, instead of the
process which logged the message.</p></dd></dl></div></div><div class="refsect1"><a name="idm139894906954848"></a><h2 id="Address Fields">Address Fields<a class="headerlink" title="Permalink to this headline" href="#Address%20Fields"></a></h2><p>During serialization into external formats, such as the
<a class="ulink" href="http://www.freedesktop.org/wiki/Software/systemd/export" target="_top">Journal
Export Format</a> or the <a class="ulink" href="http://www.freedesktop.org/wiki/Software/systemd/json" target="_top">Journal
JSON Format</a>, the addresses of journal entries are
serialized into fields prefixed with double underscores. Note that
these are not proper fields when stored in the journal but for
addressing metadata of entries. They cannot be written as part of
structured log entries via calls such as
<a href="sd_journal_send.html"><span class="citerefentry"><span class="refentrytitle">sd_journal_send</span>(3)</span></a>.
They may also not be used as matches for
<a href="sd_journal_add_match.html"><span class="citerefentry"><span class="refentrytitle">sd_journal_add_match</span>(3)</span></a></p><div class="variablelist"><dl class="variablelist"><dt id="__CURSOR="><span class="term"><code class="varname">__CURSOR=</code></span><a class="headerlink" title="Permalink to this term" href="#__CURSOR="></a></dt><dd><p>The cursor for the entry. A cursor is an opaque text
string that uniquely describes the position of an entry in
the journal and is portable across machines, platforms and
journal files.
</p></dd><dt id="__REALTIME_TIMESTAMP="><span class="term"><code class="varname">__REALTIME_TIMESTAMP=</code></span><a class="headerlink" title="Permalink to this term" href="#__REALTIME_TIMESTAMP="></a></dt><dd><p>The wallclock time
(<code class="constant">CLOCK_REALTIME</code>) at the point in time
the entry was received by the journal, in microseconds since
the epoch UTC, formatted as a decimal string. This has
different properties from
"<code class="literal">_SOURCE_REALTIME_TIMESTAMP=</code>", as it is
usually a bit later but more likely to be monotonic.
</p></dd><dt id="__MONOTONIC_TIMESTAMP="><span class="term"><code class="varname">__MONOTONIC_TIMESTAMP=</code></span><a class="headerlink" title="Permalink to this term" href="#__MONOTONIC_TIMESTAMP="></a></dt><dd><p>The monotonic time
(<code class="constant">CLOCK_MONOTONIC</code>) at the point in time
the entry was received by the journal in microseconds,
formatted as a decimal string. To be useful as an address
for the entry, this should be combined with the boot ID in
"<code class="literal">_BOOT_ID=</code>".
</p></dd></dl></div></div><div class="refsect1"><a name="idm139894906942192"></a><h2 id="See Also">See Also<a class="headerlink" title="Permalink to this headline" href="#See%20Also"></a></h2><p>
<a href="systemd.html"><span class="citerefentry"><span class="refentrytitle">systemd</span>(1)</span></a>,
<a href="journalctl.html"><span class="citerefentry"><span class="refentrytitle">journalctl</span>(1)</span></a>,
<a href="journald.conf.html"><span class="citerefentry"><span class="refentrytitle">journald.conf</span>(5)</span></a>,
<a href="sd-journal.html"><span class="citerefentry"><span class="refentrytitle">sd-journal</span>(3)</span></a>,
<a href="coredumpctl.html"><span class="citerefentry"><span class="refentrytitle">coredumpctl</span>(1)</span></a>,
<a href="systemd.directives.html"><span class="citerefentry"><span class="refentrytitle">systemd.directives</span>(7)</span></a>
</p></div></div></body></html>
Reference in New Issue View Git Blame Copy Permalink