forked from artemist/blog
Fix some spelling mistakes
This commit is contained in:
parent
6d3f37f0a5
commit
3f6ac326cf
|
@ -47,14 +47,14 @@ CODE_FUNC=dump_states
|
||||||
MESSAGE=(PipeWire ALSA [.electron-wrapped]-110) client too slow! rate:256/48000 pos:4451017216 status:triggered
|
MESSAGE=(PipeWire ALSA [.electron-wrapped]-110) client too slow! rate:256/48000 pos:4451017216 status:triggered
|
||||||
```
|
```
|
||||||
|
|
||||||
An entry consists of freeform variables with binary (though generally ASCII/US english) values. Values starting with an underscore
|
An entry consists of freeform variables with binary (though generally ASCII/US English) values. Values starting with an underscore
|
||||||
are "trusted" and generated by journald while others are sent by the process along with the primary message. This helps provide
|
are "trusted" and generated by journald while others are sent by the process along with the primary message. This helps provide
|
||||||
context about what exact process failed and what state it was in during that failure. Unfortunately the [official descriptions](https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html) of what these fields mean can be a bit obtuse.
|
context about what exact process failed and what state it was in during that failure. Unfortunately the [official descriptions](https://www.freedesktop.org/software/systemd/man/systemd.journal-fields.html) of what these fields mean can be a bit obtuse.
|
||||||
|
|
||||||
While working on my prototype for a system-journald replacement, [rjournald](https://github.com/artemist/rjournald) I've discovered what many of these mean through context or reading the systemd code. You can categorize these into one of a few types
|
While working on my prototype for a system-journald replacement, [rjournald](https://github.com/artemist/rjournald) I've discovered what many of these mean through context or reading the systemd code. You can categorize these into one of a few types
|
||||||
### System context
|
### System context
|
||||||
These fields help you figure out if the error is coming from this computer, OS install, or boot.
|
These fields help you figure out if the error is coming from this computer, OS install, or boot.
|
||||||
- **_BOOT_ID** is a unique ID (UUID in this case) genrated at every startup. The kernel creates it and you can access the current one at `/proc/sys/kernel/random/boot_id`. I've found it useful to help figure out if I've rebooted my system since an error occured.
|
- **_BOOT_ID** is a unique ID (UUID in this case) generated at every startup. The kernel creates it and you can access the current one at `/proc/sys/kernel/random/boot_id`. I've found it useful to help figure out if I've rebooted my system since an error occurred.
|
||||||
- **_MACHINE_ID** is a unique ID to the system which you can find in `/etc/machine-id`. This should be set on the first boot of your system by systemd and helps you figure out if the logs could be from before a system was reinstalled.
|
- **_MACHINE_ID** is a unique ID to the system which you can find in `/etc/machine-id`. This should be set on the first boot of your system by systemd and helps you figure out if the logs could be from before a system was reinstalled.
|
||||||
- **_HOSTNAME** is the name of the system. You probably set this in install. There's a few places to get this but journald uses `/proc/sys/kernel/hostname` (what the kernel thinks your hostname is). You can also get the hostname from systemd-hostnamed (which lets you set non-ascii hostnames for some programs) or `/etc/hostname` (which is where systemd will read your hostname and tell it to the kernel), but these might be different.
|
- **_HOSTNAME** is the name of the system. You probably set this in install. There's a few places to get this but journald uses `/proc/sys/kernel/hostname` (what the kernel thinks your hostname is). You can also get the hostname from systemd-hostnamed (which lets you set non-ascii hostnames for some programs) or `/etc/hostname` (which is where systemd will read your hostname and tell it to the kernel), but these might be different.
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@ These fields help you figure out if the error is coming from this computer, OS i
|
||||||
These help you understand what kind of access a process has. You might get errors if a process has insufficient permission or runs as the wrong user
|
These help you understand what kind of access a process has. You might get errors if a process has insufficient permission or runs as the wrong user
|
||||||
- **_UID** tells you what user executed the process. You can get this for your user with the command `id`.
|
- **_UID** tells you what user executed the process. You can get this for your user with the command `id`.
|
||||||
- **_GID** tells you which group the process was using. While a user can have several groups, a process executes under one primary group ID
|
- **_GID** tells you which group the process was using. While a user can have several groups, a process executes under one primary group ID
|
||||||
- **_CAP_EFFECTIVE** provides what [capabilities](https://linux.die.net/man/7/capabilities) a process can use. Capabilities give fine-grained privelaged access to processes without requiring them to be the root user. For example, binding to port 80 or 443 requires the CAP_NET_BIND_SERVICE capability. If _CAP_EFFECTIVE=0 then you know you've missed that capability.
|
- **_CAP_EFFECTIVE** provides what [capabilities](https://linux.die.net/man/7/capabilities) a process can use. Capabilities give fine-grained privileged access to processes without requiring them to be the root user. For example, binding to port 80 or 443 requires the CAP_NET_BIND_SERVICE capability. If _CAP_EFFECTIVE=0 then you know you've missed that capability.
|
||||||
|
|
||||||
### systemd context
|
### systemd context
|
||||||
If you're using journald you're almost certainly using systemd to start all your processes. Systemd organizes processes into "units", such as OS services and user sessions, and "slices", a set of similar units.
|
If you're using journald you're almost certainly using systemd to start all your processes. Systemd organizes processes into "units", such as OS services and user sessions, and "slices", a set of similar units.
|
||||||
|
@ -76,7 +76,7 @@ These are represented to the rest of the OS as a hierarchical set of "cgroups" w
|
||||||
### Process context
|
### Process context
|
||||||
|
|
||||||
### Time
|
### Time
|
||||||
Time, as it turns out, is extremely complicated. You'll get 3 separate time fields. Two of them are the "wall clock" time in unix time (nominally microseconds since midnight at the beginning of 1 January 1970 UTC, though leap seconds make this a bit more complicated). Unfortunately, wall clock time can jump forwards or backwards if your computer's clock is too slow or fast, respectively. Therefore, systemd also includes the "monotonic time", a number of seconds since some point in the past. This is gauranteed to always move forward so this is what you'll want to discern ordering.
|
Time, as it turns out, is extremely complicated. You'll get 3 separate time fields. Two of them are the "wall clock" time in unix time (nominally microseconds since midnight at the beginning of 1 January 1970 UTC, though leap seconds make this a bit more complicated). Unfortunately, wall clock time can jump forwards or backwards if your computer's clock is too slow or fast, respectively. Therefore, systemd also includes the "monotonic time", a number of seconds since some point in the past. This is guaranteed to always move forward so this is what you'll want to discern ordering.
|
||||||
|
|
||||||
Unfortunately wall clock time is also more complicated than you might expect. Linux has 4 separate monotonic timers:
|
Unfortunately wall clock time is also more complicated than you might expect. Linux has 4 separate monotonic timers:
|
||||||
- **CLOCK_MONOTONIC_RAW** counts the amount of time that Linux has spent not asleep since last boot.
|
- **CLOCK_MONOTONIC_RAW** counts the amount of time that Linux has spent not asleep since last boot.
|
||||||
|
@ -96,12 +96,12 @@ Fields starting with two underscores are generated by `journalctl` while reading
|
||||||
Finally there's the untrusted message sent by the process.
|
Finally there's the untrusted message sent by the process.
|
||||||
- **MESSAGE** is the only required field and is what shows up in `journalctl` when you don't use `-o export`.
|
- **MESSAGE** is the only required field and is what shows up in `journalctl` when you don't use `-o export`.
|
||||||
- Some programs also send where the error comes from with **CODE_FILE**, **CODE_LINE**, and **CODE_FUNC**
|
- Some programs also send where the error comes from with **CODE_FILE**, **CODE_LINE**, and **CODE_FUNC**
|
||||||
- **PRIORITY** is how severe the issue is with 0 being the most importand and 7 being the least. In this example, 4 means "warning"
|
- **PRIORITY** is how severe the issue is with 0 being the most important and 7 being the least. In this example, 4 means "warning"
|
||||||
- **SYSLOG_IDENTIFIER** is the program identifier and is what you would get as the program source if you were using syslogd (as you would before systemd)
|
- **SYSLOG_IDENTIFIER** is the program identifier and is what you would get as the program source if you were using syslogd (as you would before systemd)
|
||||||
|
|
||||||
## Transports
|
## Transports
|
||||||
There's still one field I haven't described: **_TRANSPORT**. This requires a little more context.
|
There's still one field I haven't described: **_TRANSPORT**. This requires a little more context.
|
||||||
Journald can get messages from one of 6 separate sources: **journal** (using the native journald protocol), **stdout** (a process's standard output or error redirected to systemd), **syslog** (the legacy linux logging system), **kernel** (kernel messages you can get through the `dmesg` command), **audit** (logs the kernel generates about programs' activities), and **driver** (error messages from within journald). Each has their own peculariaties from both the journald side and the client side but I'll mostly be talking about journald, stdout, and syslog.
|
Journald can get messages from one of 6 separate sources: **journal** (using the native journald protocol), **stdout** (a process's standard output or error redirected to systemd), **syslog** (the legacy linux logging system), **kernel** (kernel messages you can get through the `dmesg` command), **audit** (logs the kernel generates about programs' activities), and **driver** (error messages from within journald). Each has their own peculiarities from both the journald side and the client side but I'll mostly be talking about journald, stdout, and syslog.
|
||||||
|
|
||||||
### Native (journal)
|
### Native (journal)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue