/* * Copyright (C) 2014 ABRT team * Copyright (C) 2014 RedHat Inc * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ #include "libabrt.h" #include "abrt-journal.h" #include "oops-utils.h" #define ABRT_JOURNAL_WATCH_STATE_FILE VAR_STATE"/abrt-dump-journal-oops.state" /* Limit number of buffered lines */ #define ABRT_JOURNAL_MAX_READ_LINES (1024 * 1024) #define ABRT_JOURNAL_KOOPS_ANALYZER "abrt-journal-koops" /* * Koops extractor */ static GList* abrt_journal_extract_kernel_oops(abrt_journal_t *journal) { size_t lines_info_count = 0; size_t lines_info_size = 32; struct abrt_koops_line_info *lines_info = xmalloc(lines_info_size * sizeof(lines_info[0])); do { char *line = abrt_journal_get_log_line(journal); if (line == NULL) error_msg_and_die(_("Cannot read journal data.")); if (lines_info_count == lines_info_size) { lines_info_size *= 2; lines_info = xrealloc(lines_info, lines_info_size * sizeof(lines_info[0])); } char *orig_line = line; lines_info[lines_info_count].level = koops_line_skip_level((const char **)&line); koops_line_skip_jiffies((const char **)&line); memmove(orig_line, line, strlen(line) + 1); lines_info[lines_info_count].ptr = orig_line; ++lines_info_count; } while (lines_info_count < ABRT_JOURNAL_MAX_READ_LINES && abrt_journal_next(journal) > 0); GList *oops_list = NULL; koops_extract_oopses_from_lines(&oops_list, lines_info, lines_info_count); log_debug("Extracted: %d oopses", g_list_length(oops_list)); for (size_t i = 0; i < lines_info_count; ++i) free(lines_info[i].ptr); free(lines_info); return oops_list; } /* * An adatapter of abrt_journal_extract_kernel_oops for abrt_journal_watch_callback */ struct watch_journald_settings { const char *dump_location; int oops_utils_flags; }; static void abrt_journal_watch_extract_kernel_oops(abrt_journal_watch_t *watch, void *data) { const struct watch_journald_settings *conf = (const struct watch_journald_settings *)data; abrt_journal_t *journal = abrt_journal_watch_get_journal(watch); /* Give systemd-journal one second to suck in all kernel's strings */ if (abrt_oops_signaled_sleep(1) > 0) { abrt_journal_watch_stop(watch); return; } GList *oopses = abrt_journal_extract_kernel_oops(journal); abrt_oops_process_list(oopses, conf->dump_location, ABRT_JOURNAL_KOOPS_ANALYZER, conf->oops_utils_flags); g_list_free_full(oopses, (GDestroyNotify)free); /* Skip stuff which appeared while processing oops as it is not necessary */ /* to catch all consecutive oopses (anyway such oopses are almost */ /* certainly duplicates of the already extracted ones) */ abrt_journal_seek_tail(journal); /* In case of disaster, lets make sure we won't read the journal messages */ /* again. */ abrt_journal_save_current_position(journal, ABRT_JOURNAL_WATCH_STATE_FILE); if (g_abrt_oops_sleep_woke_up_on_signal > 0) abrt_journal_watch_stop(watch); } /* * Koops extractor end */ static void watch_journald(abrt_journal_t *journal, const char *dump_location, int flags) { GList *koops_strings = koops_suspicious_strings_list(); char *oops_string_filter_regex = abrt_oops_string_filter_regex(); if (oops_string_filter_regex) { regex_t filter_re; if (regcomp(&filter_re, oops_string_filter_regex, REG_NOSUB) != 0) perror_msg_and_die(_("Failed to compile regex")); GList *iter = koops_strings; while(iter != NULL) { GList *next = g_list_next(iter); const int reti = regexec(&filter_re, (const char *)iter->data, 0, NULL, 0); if (reti == 0) koops_strings = g_list_delete_link(koops_strings, iter); else if (reti != REG_NOMATCH) { char msgbuf[100]; regerror(reti, &filter_re, msgbuf, sizeof(msgbuf)); error_msg_and_die("Regex match failed: %s", msgbuf); } iter = next; } regfree(&filter_re); free(oops_string_filter_regex); } GList *koops_strings_blacklist = koops_suspicious_strings_blacklist(); struct watch_journald_settings watch_conf = { .dump_location = dump_location, .oops_utils_flags = flags, }; struct abrt_journal_watch_notify_strings notify_strings_conf = { .decorated_cb = abrt_journal_watch_extract_kernel_oops, .decorated_cb_data = &watch_conf, .strings = koops_strings, .blacklisted_strings = koops_strings_blacklist, }; abrt_journal_watch_t *watch = NULL; if (abrt_journal_watch_new(&watch, journal, abrt_journal_watch_notify_strings, ¬ify_strings_conf) < 0) error_msg_and_die(_("Failed to initialize systemd-journal watch")); abrt_journal_watch_run_sync(watch); abrt_journal_watch_free(watch); g_list_free(koops_strings); } int main(int argc, char *argv[]) { /* I18n */ setlocale(LC_ALL, ""); #if ENABLE_NLS bindtextdomain(PACKAGE, LOCALEDIR); textdomain(PACKAGE); #endif abrt_init(argv); /* Can't keep these strings/structs static: _() doesn't support that */ const char *program_usage_string = _( "& [-vsoxtf] [-e]/[-c CURSOR] [-d DIR]/[-D]\n" "\n" "Extract oops from systemd-journal\n" "\n" "-c and -e options conflicts because both specifies the first read message.\n" "\n" "-e is useful only for -f because the following of journal starts by reading \n" "the entire journal if the last seen possition is not available.\n" "\n" "The last seen position is saved in "ABRT_JOURNAL_WATCH_STATE_FILE"\n" ); enum { OPT_v = 1 << 0, OPT_s = 1 << 1, OPT_o = 1 << 2, OPT_d = 1 << 3, OPT_D = 1 << 4, OPT_x = 1 << 5, OPT_t = 1 << 6, OPT_c = 1 << 7, OPT_e = 1 << 8, OPT_f = 1 << 9, OPT_a = 1 << 10, OPT_J = 1 << 11, }; char *cursor = NULL; char *dump_location = NULL; char *journal_dir = NULL; /* Keep enum above and order of options below in sync! */ struct options program_options[] = { OPT__VERBOSE(&g_verbose), OPT_BOOL( 's', NULL, NULL, _("Log to syslog")), OPT_BOOL( 'o', NULL, NULL, _("Print found oopses on standard output")), /* oopses don't contain any sensitive info, and even * the old koops app was showing the oopses to all users */ OPT_STRING('d', NULL, &dump_location, "DIR", _("Create new problem directory in DIR for every oops found")), OPT_BOOL( 'D', NULL, NULL, _("Same as -d DumpLocation, DumpLocation is specified in abrt.conf")), OPT_BOOL( 'x', NULL, NULL, _("Make the problem directory world readable")), OPT_BOOL( 't', NULL, NULL, _("Throttle problem directory creation to 1 per second")), OPT_STRING('c', NULL, &cursor, "CURSOR", _("Start reading systemd-journal from the CURSOR position")), OPT_BOOL( 'e', NULL, NULL, _("Start reading systemd-journal from the end")), OPT_BOOL( 'f', NULL, NULL, _("Follow systemd-journal from the last seen position (if available)")), OPT_BOOL( 'a', NULL, NULL, _("Read journal files from all machines")), OPT_STRING('J', NULL, &journal_dir, "PATH", _("Read all journal files from directory at PATH")), OPT_END() }; unsigned opts = parse_opts(argc, argv, program_options, program_usage_string); export_abrt_envvars(0); msg_prefix = g_progname; if ((opts & OPT_s) || getenv("ABRT_SYSLOG")) { logmode = LOGMODE_JOURNAL; } if ((opts & OPT_c) && (opts & OPT_e)) error_msg_and_die(_("You need to specify either -c CURSOR or -e")); if (opts & OPT_D) { if (opts & OPT_d) show_usage_and_die(program_usage_string, program_options); load_abrt_conf(); dump_location = g_settings_dump_location; g_settings_dump_location = NULL; free_abrt_conf_data(); } int oops_utils_flags = 0; if ((opts & OPT_x)) oops_utils_flags |= ABRT_OOPS_WORLD_READABLE; if ((opts & OPT_t)) oops_utils_flags |= ABRT_OOPS_THROTTLE_CREATION; if ((opts & OPT_o)) oops_utils_flags |= ABRT_OOPS_PRINT_STDOUT; const char *const env_journal_filter = getenv("ABRT_DUMP_JOURNAL_OOPS_DEBUG_FILTER"); GList *kernel_journal_filter = NULL; kernel_journal_filter = g_list_append(kernel_journal_filter, (env_journal_filter ? (gpointer)env_journal_filter : (gpointer)"SYSLOG_IDENTIFIER=kernel")); abrt_journal_t *journal = NULL; if ((opts & OPT_J)) { log_debug("Using journal files from directory '%s'", journal_dir); if (abrt_journal_open_directory(&journal, journal_dir)) error_msg_and_die(_("Cannot initialize systemd-journal in directory '%s'"), journal_dir); } else { if (((opts & OPT_a) ? abrt_journal_new_merged : abrt_journal_new)(&journal)) error_msg_and_die(_("Cannot open systemd-journal")); } if (abrt_journal_set_journal_filter(journal, kernel_journal_filter) < 0) error_msg_and_die(_("Cannot filter systemd-journal to kernel data only")); g_list_free(kernel_journal_filter); if ((opts & OPT_e) && abrt_journal_seek_tail(journal) < 0) error_msg_and_die(_("Cannot seek to the end of journal")); if ((opts & OPT_f)) { if (!cursor) abrt_journal_restore_position(journal, ABRT_JOURNAL_WATCH_STATE_FILE); else if(abrt_journal_set_cursor(journal, cursor)) error_msg_and_die(_("Failed to start watch from cursor '%s'"), cursor); watch_journald(journal, dump_location, oops_utils_flags); abrt_journal_save_current_position(journal, ABRT_JOURNAL_WATCH_STATE_FILE); } else { if (cursor && abrt_journal_set_cursor(journal, cursor)) error_msg_and_die(_("Failed to set systemd-journal cursor '%s'"), cursor); /* Compatibility hack, a watch's callback gets the journal already moved * to a next message.*/ abrt_journal_next(journal); GList *oopses = abrt_journal_extract_kernel_oops(journal); const int errors = abrt_oops_process_list(oopses, dump_location, ABRT_JOURNAL_KOOPS_ANALYZER, oops_utils_flags); g_list_free_full(oopses, (GDestroyNotify)free); return errors; } abrt_journal_free(journal); return EXIT_SUCCESS; }