From 86ad413dfca31117fde5c53f4126b33ab886c174 Mon Sep 17 00:00:00 2001 From: Chris Mullins Date: Sat, 2 Jan 2021 23:05:35 +0000 Subject: Add some examples --- README.md | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/README.md b/README.md index 2beb373..2548550 100644 --- a/README.md +++ b/README.md @@ -76,6 +76,74 @@ The journald sendv call can also be accessed directly: The two examples should give the same results in the log. +Reading from the journal is often similar to using the `journalctl` utility. + +Show all entries since 20 minutes ago (`journalctl --since "20 minutes ago"`): + + from systemd import journal + from datetime import datetime, timedelta + j = journal.Reader() + j.seek_realtime(datetime.now() - timedelta(minutes=20)) + for entry in j: + print(entry['MESSAGE']) + +Show entries between two timestamps (`journalctl --since "50 minutes ago" --until "10 minutes ago"`): + + from systemd import journal + from datetime import datetime, timedelta + j = journal.Reader() + since = datetime.now() - timedelta(minutes=50) + until = datetime.now() - timedelta(minutes=10) + j.seek_realtime(since) + for entry in j: + if entry['__REALTIME_TIMESTAMP'] > until: + break + print(entry['MESSAGE']) + +Show explanations of log messages alongside entries (`journalctl -x`): + + from systemd import journal + j = journal.Reader() + for entry in j: + print("MESSAGE: ", entry['MESSAGE']) + try: + print("CATALOG: ", j.get_catalog()) + except: + pass + +Show entries by a specific executable (`journalctl /usr/bin/vim`): + + from systemd import journal + j = journal.Reader() + j.add_match('_EXE=/usr/bin/vim') + for entry in j: + print(entry['MESSAGE']) + +Show kernel ring buffer: + + from systemd import journal + j = journal.Reader() + j.add_match('_TRANSPORT=kernel') + for entry in j: + print(entry['MESSAGE']) + +Read entries in reverse (`journalctl _EXE=/usr/bin/vim -r`): + + from systemd import journal + class ReverseReader(journal.Reader): + def __next__(self): + ans = self.get_previous() + if ans: + return ans + raise StopIteration() + + j = ReverseReader() + j.add_match('_EXE=/usr/bin/vim') + j.seek_tail() + for entry in j: + print(entry['MESSAGE']) + + Notes ----- -- cgit v1.2.1 From 1532b67c5121ce4ca4c077542c52d136cf6537ba Mon Sep 17 00:00:00 2001 From: Chris Mullins Date: Sat, 2 Jan 2021 23:07:49 +0000 Subject: Add journalctl example for ring buffer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2548550..7e972a8 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ Show entries by a specific executable (`journalctl /usr/bin/vim`): for entry in j: print(entry['MESSAGE']) -Show kernel ring buffer: +Show kernel ring buffer (`journalctl -k`): from systemd import journal j = journal.Reader() -- cgit v1.2.1 From 1088520535b278037c58fe3bc185130315b2c851 Mon Sep 17 00:00:00 2001 From: Chris Mullins Date: Sat, 2 Jan 2021 23:12:15 +0000 Subject: Add link to journal fields docs --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 7e972a8..1bbcdd9 100644 --- a/README.md +++ b/README.md @@ -119,6 +119,8 @@ Show entries by a specific executable (`journalctl /usr/bin/vim`): for entry in j: print(entry['MESSAGE']) + - Note: matches can be added from many different fields, for example entries from a specific process ID can be matched with the `_PID` field, and entries from a specific unit (ie. `journalctl -u systemd-udevd.service`) can be matched with `_SYSTEMD_UNIT`. See all fields available at the [systemd.journal-fields docs](https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html). + Show kernel ring buffer (`journalctl -k`): from systemd import journal -- cgit v1.2.1