[systemd-devel] [EXT] Re: Q: journalctl -b -g logrotate
Mantas Mikulėnas
grawity at gmail.com
Tue Apr 5 13:25:16 UTC 2022
On Tue, Apr 5, 2022 at 3:22 PM Ulrich Windl <
Ulrich.Windl at rz.uni-regensburg.de> wrote:
> >>> Mantas Mikulenas <grawity at gmail.com> schrieb am 05.04.2022 um 11:08 in
> Nachricht
> <CAPWNY8WgSRW2ewb3Fu+_XVdo7=C1m8YobWELsF3OE62pJ6vHhA at mail.gmail.com>:
> > On Tue, Apr 5, 2022 at 9:36 AM Ulrich Windl <
> > Ulrich.Windl at rz.uni-regensburg.de> wrote:
> >
> >> Hi!
> >>
> >> I have two questions for "journalctl -b -g logrotate":
> >>
> >> 1) I'm unsure what the exact rules for matching a "-g expression" are:
> >> Some kernel messages are matched, others not.
> >>
> >
> > All entries with a MESSAGE= are matched (after doing until/since/boot-id
> > checks). They might still be hidden for other reasons though, e.g.
> messages
> > containing weird escape characters (or accidental binary data) will be
> > hidden unless you use -a.
>
> And how do I find out whether a kernel message has a MESSAGE=?
>
Messages from kernel (kmsg) or from syslog always do, it's only userspace
messages from sd_journal_send() that might not have one. (Though if it
shows up in journalctl, then obviously it has a message.) Try different
`-o` modes though to see what fields each log entry actually has.
>
> As soon as I add _MESSAGE= I get no output any more (even with MESSAGE=.*).
>
It's MESSAGE, not _MESSAGE, and there's no regex support for this kind of
match. Journalctl can't search for "all entries that contain this key"
unfortunately. (Would be useful though.)
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220405/a3e99231/attachment.htm>
More information about the systemd-devel
mailing list