[systemd-devel] Spec for journalctl log entry data structure
Mantas Mikulėnas
grawity at gmail.com
Wed Nov 29 14:03:13 UTC 2017
On Wed, Nov 29, 2017 at 2:18 PM, Thomas Güttler <
guettliml at thomas-guettler.de> wrote:
> Hi,
>
>
> is there a spec or docs about the datastructure of a log entry in
> journalctl?
>
The binary on-disk format is documented here:
https://www.freedesktop.org/wiki/Software/systemd/journal-files/
journalctl can also export to text format:
https://www.freedesktop.org/wiki/Software/systemd/export/
https://www.freedesktop.org/wiki/Software/systemd/json/
>
> Which fields does a log record have?
>
There's no fixed schema, although a base list can be found in `man
systemd.journal-fields
<https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html>`
[1], and you can generally expect journald to always add the same
"_trusted" fields.
Out of the "application" fields, you can only assume that MESSAGE= will be
present, but everything else is up to the application. IMHO, it is useful
to supply fields which are useful
a) for filtering, e.g. systemd uses MESSAGE_ID, NetworkManager sets
NM_DEVICE, recent GLib sets GLIB_DOMAIN;
or b) for substitution in "catalog" explanations/translations (see e.g.
`journalctl -x -u systemd-journald`).
Take a look at `journalctl --fields | sort` or `journalctl -o verbose`, and
you'll see what is being used on your system.
--
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20171129/4333f92d/attachment-0001.html>
More information about the systemd-devel
mailing list