/systemd

document UNIT field in journal (easily confused with _SYSTEMD_UNIT) #1106

Closed
chipaca opened this Issue Sep 1, 2015 · 9 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@chipaca @michich @martinpitt
@chipaca

chipaca commented Sep 1, 2015

This is visible in json, json-pretty, and verbose output formats (and probably others): for any system service I try the first result returned has the unit under UNIT instead of _SYSTEMD_UNIT; the next ones have it under _SYSTEMD_UNIT as documented in systemd.journal-fields(7).

This is on Ubuntu Wily with systemd 224-2ubuntu2.
@michich
Contributor

michich commented Sep 1, 2015

That's a message from systemd itself about the unit, isn't it?
@chipaca

chipaca commented Sep 1, 2015

I don't know. Here's an example:

{
        "__CURSOR" : "s=ecbbe6a4a06248d59c267032f2d2d650;i=369;b=0e1868cdfaaf462d9646ff2cf771f538;m=b9b550;t=51e4a5402e2a9;x=febe91a38cda01eb",
        "__REALTIME_TIMESTAMP" : "1440679469441705",
        "__MONOTONIC_TIMESTAMP" : "12170576",
        "_BOOT_ID" : "0e1868cdfaaf462d9646ff2cf771f538",
        "_UID" : "0",
        "_GID" : "0",
        "_MACHINE_ID" : "c52fccb501d24a060a358f78535d561f",
        "_HOSTNAME" : "fogey",
        "PRIORITY" : "5",
        "SYSLOG_FACILITY" : "3",
        "SYSLOG_IDENTIFIER" : "systemd",
        "_TRANSPORT" : "journal",
        "_PID" : "1",
        "_COMM" : "systemd",
        "_EXE" : "/lib/systemd/systemd",
        "_CMDLINE" : "/sbin/init splash",
        "_CAP_EFFECTIVE" : "3fffffffff",
        "_SYSTEMD_CGROUP" : "/",
        "_SYSTEMD_SLICE" : "-.slice",
        "CODE_FILE" : "../src/core/unit.c",
        "CODE_LINE" : "3676",
        "CODE_FUNCTION" : "unit_warn_if_dir_nonempty",
        "MESSAGE_ID" : "1dee0369c7fc4736b7099b38ecb46ee7",
        "UNIT" : "tmp.mount",
        "MESSAGE" : "tmp.mount: Directory /tmp to mount over is not empty, mounting anyway.",
        "WHERE" : "/tmp",
        "_SOURCE_REALTIME_TIMESTAMP" : "1440679469441396"
}
@michich
Contributor

michich commented Sep 1, 2015

Yes, it is a message from PID 1 systemd. In this case UNIT as opposed to _SYSTEMD_UNIT is correct. Note that "journalctl -u ..." knows to look for both UNIT and _SYSTEMD_UNIT (and a couple of other keys).
Not a bug.

@michich michich closed this Sep 1, 2015

@chipaca

chipaca commented Sep 1, 2015

Are the “couple of other keys” documented, such that if I needed to emulate -u I could do so? Right now UNIT is not documented, for example.
@martinpitt
Contributor

martinpitt commented Sep 1, 2015

I see the difference ("about unit foo" vs. "from unit foo"), but this looks confusing. I think this should at least be documented in systemd.journal-fields(7) then?

@martinpitt martinpitt changed the title from journalctl outputs UNIT instead of _SYSTEMD_UNIT for first result to document UNIT field in journal (easily confused with _SYSTEMD_UNIT) Sep 1, 2015

@martinpitt
Contributor

martinpitt commented Sep 1, 2015

I updated the title accordingly, and reopen if you don't mind?

@martinpitt martinpitt reopened this Sep 1, 2015

@michich
Contributor

michich commented Sep 1, 2015

"UNIT" is not a trusted field. It makes sense to trust it only if it's emitted by systemd or a trusted service.
You'll find what "journalctl -u" does in src/journal/journalctl.c:add_matches_for_unit().
@chipaca

chipaca commented Sep 1, 2015

Ta.
@martinpitt
Contributor

martinpitt commented Sep 1, 2015

Ack, thanks @michich !

@martinpitt martinpitt closed this Sep 1, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment