I work with systemd logs to create a special log processing program. I am trying to work with the sd_journal APIs, but I have a few questions:
- Is it possible to listen to the runtime logs (SD_JOURNAL_RUNTIME_ONLY) without polling? SD_JOURNAL_FOREACH_DATA and sd_journal_get_data do not talk about this .
- In your opinion, is this a good design ?
- Is there any way to understand where runtime logs are forwarded at runtime ? I did "systemctl status systemd-journald.service" and the status of the service is running. However, when I try to read magazines using sd_journal_open, it does not show any entries. I see entries through journalctl. I want to do this without reading the log files (sniffing / run / log / journal, which is the juice of the unix domain) to avoid the io drive.
Here is an example of the code I'm using:
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <systemd/sd-journal.h>
#include <systemd/sd-daemon.h>
int main(int argc, char *argv[]) {
int ret_val = 0;
int count = 0;
sd_journal *jd;
sd_journal_print(LOG_INFO, "Hello World, this is PID %lu!", (unsigned long) getpid());
do {
ret_val = sd_journal_open (&jd, SD_JOURNAL_SYSTEM | SD_JOURNAL_RUNTIME_ONLY | SD_JOURNAL_LOCAL_ONLY);
if (ret_val != 0) {
fprintf(stderr, "Failed to open journal: %s\n", strerror(-ret_val));
break;
}
printf ("Current Journal was loaded successfully!\n");
const void *d;
size_t l;
SD_JOURNAL_FOREACH_DATA (jd, d, l) {
printf("%.*s\n", (int)l, (const char*) d);
count++;
}
sd_journal_close(jd);
printf ("# of Journal entries read: %d\n", count);
} while (0);
return 0;
}
source
share