github.com/coreos/mantle@v0.13.0/network/journal/entry.go (about) 1 // Copyright 2017 CoreOS, Inc. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package journal 16 17 import ( 18 "strconv" 19 "time" 20 ) 21 22 // Journal entry field strings which correspond to: 23 // http://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html 24 const ( 25 // User Journal Fields 26 FIELD_MESSAGE = "MESSAGE" 27 FIELD_MESSAGE_ID = "MESSAGE_ID" 28 FIELD_PRIORITY = "PRIORITY" 29 FIELD_CODE_FILE = "CODE_FILE" 30 FIELD_CODE_LINE = "CODE_LINE" 31 FIELD_CODE_FUNC = "CODE_FUNC" 32 FIELD_ERRNO = "ERRNO" 33 FIELD_SYSLOG_FACILITY = "SYSLOG_FACILITY" 34 FIELD_SYSLOG_IDENTIFIER = "SYSLOG_IDENTIFIER" 35 FIELD_SYSLOG_PID = "SYSLOG_PID" 36 37 // Trusted Journal Fields 38 FIELD_PID = "_PID" 39 FIELD_UID = "_UID" 40 FIELD_GID = "_GID" 41 FIELD_COMM = "_COMM" 42 FIELD_EXE = "_EXE" 43 FIELD_CMDLINE = "_CMDLINE" 44 FIELD_CAP_EFFECTIVE = "_CAP_EFFECTIVE" 45 FIELD_AUDIT_SESSION = "_AUDIT_SESSION" 46 FIELD_AUDIT_LOGINUID = "_AUDIT_LOGINUID" 47 FIELD_SYSTEMD_CGROUP = "_SYSTEMD_CGROUP" 48 FIELD_SYSTEMD_SESSION = "_SYSTEMD_SESSION" 49 FIELD_SYSTEMD_UNIT = "_SYSTEMD_UNIT" 50 FIELD_SYSTEMD_USER_UNIT = "_SYSTEMD_USER_UNIT" 51 FIELD_SYSTEMD_OWNER_UID = "_SYSTEMD_OWNER_UID" 52 FIELD_SYSTEMD_SLICE = "_SYSTEMD_SLICE" 53 FIELD_SELINUX_CONTEXT = "_SELINUX_CONTEXT" 54 FIELD_SOURCE_REALTIME_TIMESTAMP = "_SOURCE_REALTIME_TIMESTAMP" 55 FIELD_BOOT_ID = "_BOOT_ID" 56 FIELD_MACHINE_ID = "_MACHINE_ID" 57 FIELD_HOSTNAME = "_HOSTNAME" 58 FIELD_TRANSPORT = "_TRANSPORT" 59 60 // Kernel Journal Fields 61 FIELD_KERNEL_DEVICE = "_KERNEL_DEVICE" 62 FIELD_KERNEL_SUBSYSTEM = "_KERNEL_SUBSYSTEM" 63 FIELD_UDEV_SYSNAME = "_UDEV_SYSNAME" 64 FIELD_UDEV_DEVNODE = "_UDEV_DEVNODE" 65 FIELD_UDEV_DEVLINK = "_UDEV_DEVLINK" 66 67 // Fields to log on behalf of a different program 68 FIELD_COREDUMP_UNIT = "COREDUMP_UNIT" 69 FIELD_COREDUMP_USER_UNIT = "COREDUMP_USER_UNIT" 70 FIELD_OBJECT_PID = "OBJECT_PID" 71 FIELD_OBJECT_UID = "OBJECT_UID" 72 FIELD_OBJECT_GID = "OBJECT_GID" 73 FIELD_OBJECT_COMM = "OBJECT_COMM" 74 FIELD_OBJECT_EXE = "OBJECT_EXE" 75 FIELD_OBJECT_CMDLINE = "OBJECT_CMDLINE" 76 FIELD_OBJECT_AUDIT_SESSION = "OBJECT_AUDIT_SESSION" 77 FIELD_OBJECT_AUDIT_LOGINUID = "OBJECT_AUDIT_LOGINUID" 78 FIELD_OBJECT_SYSTEMD_CGROUP = "OBJECT_SYSTEMD_CGROUP" 79 FIELD_OBJECT_SYSTEMD_SESSION = "OBJECT_SYSTEMD_SESSION" 80 FIELD_OBJECT_SYSTEMD_UNIT = "OBJECT_SYSTEMD_UNIT" 81 FIELD_OBJECT_SYSTEMD_USER_UNIT = "OBJECT_SYSTEMD_USER_UNIT" 82 FIELD_OBJECT_SYSTEMD_OWNER_UID = "OBJECT_SYSTEMD_OWNER_UID" 83 84 // Address Fields 85 FIELD_CURSOR = "__CURSOR" 86 FIELD_REALTIME_TIMESTAMP = "__REALTIME_TIMESTAMP" 87 FIELD_MONOTONIC_TIMESTAMP = "__MONOTONIC_TIMESTAMP" 88 ) 89 90 // Entry is a map of fields representing a single journal entry. 91 type Entry map[string][]byte 92 93 // Realtime parses the SOURCE_REALTIME_TIMESTAMP or REALTIME_TIMESTAMP 94 // field, preferring the former when available. 95 func (e Entry) Realtime() time.Time { 96 timestamp, ok := e[FIELD_SOURCE_REALTIME_TIMESTAMP] 97 if !ok { 98 timestamp, ok = e[FIELD_REALTIME_TIMESTAMP] 99 if !ok { 100 return time.Time{} 101 } 102 } 103 104 usec, err := strconv.ParseUint(string(timestamp), 10, 64) 105 if err != nil || usec < 1e6 { 106 return time.Time{} 107 } 108 sec := usec / 1e6 109 nsec := (usec - (sec * 1e6)) * 1000 110 return time.Unix(int64(sec), int64(nsec)) 111 }