systemd-journal 0.1.4 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eb534e3c9f9996d4a6364655a349306492464e69
-  data.tar.gz: 27bea2ecb30d9a9fef2767050ba1df2c2bd01e46
+  metadata.gz: 871a098e73eadfe6cd53fc8066537c37e1a1681b
+  data.tar.gz: cb944399a1624c724b469ca41b13a3ccb4bddcb0
 SHA512:
-  metadata.gz: b4443ed8d9c9820483dbab619a5616d896bb5d4de1722894f0d840800a29ac32c07036f396ba9eb8fa5ade33ff633203a55a483fb238a68f6a67351ce3b532dd
-  data.tar.gz: 5d491da1ce955d6ac9ac2ffbdda95af9e633404d0db9282705cb84138c8cbf66099f27dee17ab63964231cb1609b9667f986b64a6b8b4e3af2098a18f56550cf
+  metadata.gz: a399b0ddb5e9eb60bb305b631bb531588352f0015a1ac0b64880fa289877a716c44eaa34d887461a17144af21f5c520a6d759c8030c315538c117160ead48724
+  data.tar.gz: af798df9d31d0cc9e742104de505964bf1e07f94dfb74918407cdce0996cde716a96b440482614c57050afabc56c62aa82d218edc53fb20f3685e29ec5c1d719

data/README.md

@@ -1,14 +1,14 @@
-# Systemd::Journal
+# Systemd::Journal [![Gem Version](https://badge.fury.io/rb/systemd-journal.png)](http://badge.fury.io/rb/systemd-journal)  [![Build Status](https://travis-ci.org/ledbettj/systemd-journal.png?branch=master)](https://travis-ci.org/ledbettj/systemd-journal)
 
 Ruby bindings for reading from the systemd journal.
 
-* [documentation](http://rubydoc.info/github/ledbettj/systemd-journal/Systemd/Journal)
+* [documentation](http://rubydoc.info/gems/systemd-journal)
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'systemd-journal', '~> 0.1.0'
+    gem 'systemd-journal', '~> 1.0.0'
 
 And then execute:
 
@@ -16,29 +16,33 @@ And then execute:
 
 ## Usage
 
-For example, printing all messages:
+Print all messages as they occur:
 
     require 'systemd/journal'
     
     j = Systemd::Journal.new
-    
-    while j.move_next
-      puts j.read_field('MESSAGE')
+    j.seek(:tail)
+
+    j.watch do |entry|
+      puts entry.message
     end
-    
-Or to print all data in each entry:
+
+Filter messages included in the journal:
 
     require 'systemd/journal'
-    
+
     j = Systemd::Journal.new
-    
+
+    # only display entries from SSHD with priority 6.
+    j.add_match(:priority, 6)
+    j.add_match(:_exe, '/usr/bin/sshd')
+
     while j.move_next
-      j.current_entry do |key, value|
-        puts "#{key}: #{value}"
-      end
-      puts "\n"
+      puts j.current_entry.message
     end
 
+See the documentation for more examples.
+
 ## Contributing
 
 1. Fork it

data/Rakefile

@@ -13,5 +13,9 @@ YARD::Rake::YardocTask.new do |t|
 end
 
 RSpec::Core::RakeTask.new(:spec) do |t|
-  t.rspec_opts = "--color"
+  opts = ['--color']
+  opts << '--require ./spec/no_ffi.rb' if ENV['TRAVIS']
+  t.rspec_opts = opts.join(' ')
 end
+
+task default: :spec

data/examples/journal_directory.rb

@@ -8,9 +8,7 @@ if ARGV.length == 0
 end
 
 j = Systemd::Journal.new(path: ARGV[0])
-j.seek(:head)
 
-while j.move_next
-  entry = j.current_entry
-  puts "PID #{entry['_PID']}: #{entry['MESSAGE']}"
+j.each do |entry|
+  puts entry
 end

data/examples/ssh_watcher.rb

@@ -8,16 +8,11 @@ class SSHWatcher
   end
 
   def run
-    @journal.add_match('_EXE', '/usr/bin/sshd')
+    @journal.add_match(:_exe, '/usr/bin/sshd')
     # skip all existing entries -- sd_journal_seek_tail() is currently broken.
     while @journal.move_next ; end
 
-    while true
-      if @journal.wait(1_000_000 * 5) != :nop
-        process_event(@journal.current_entry) while @journal.move_next
-      end
-    end
-    
+    @journal.watch{ |entry| process_event(entry) }
   end
 
   private
@@ -25,9 +20,9 @@ class SSHWatcher
   LOGIN_REGEXP = /Accepted\s+(?<auth_method>[^\s]+)\s+for\s+(?<user>[^\s]+)\s+from\s+(?<address>[^\s]+)/
 
   def process_event(entry)
-    if (m = entry['MESSAGE'].match(LOGIN_REGEXP))
+    if (m = entry.message.match(LOGIN_REGEXP))
       timestamp = DateTime.strptime(
-        (entry['_SOURCE_REALTIME_TIMESTAMP'].to_i / 1_000_000).to_s,
+        (entry._source_realtime_timestamp.to_i / 1_000_000).to_s,
         "%s"
       )
       puts "login via #{m[:auth_method]} for #{m[:user]} from #{m[:address]} at #{timestamp.ctime}"

data/lib/systemd/ffi_size_t.rb

@@ -0,0 +1,19 @@
+require 'ffi'
+
+# @private
+class FFI::MemoryPointer
+
+  # monkey patch a read_size_t and write_size_t method onto
+  # FFI::MemoryPointer if necessary.
+  case (p = FFI::MemoryPointer.new(:size_t, 1)).size
+  when 4
+    alias_method(:read_size_t,  :read_uint32)  unless p.respond_to?(:read_size_t)
+    alias_method(:write_size_t, :write_uint32) unless p.respond_to?(:write_size_t)
+  when 8
+    alias_method(:read_size_t,  :read_uint64)  unless p.respond_to?(:read_size_t)
+    alias_method(:write_size_t, :write_uint64) unless p.respond_to?(:write_size_t)
+  else
+    raise RuntimeError.new("unsupported size_t width: #{p.size}")
+  end
+  
+end

data/lib/systemd/id128.rb

@@ -46,9 +46,15 @@ module Systemd
 
     # providing bindings to the systemd-id128 library.
     module Native
-      require 'ffi'
-      extend FFI::Library
-      ffi_lib %w[libsystemd-id128.so libsystemd-id128.so.0]
+      unless $NO_FFI_SPEC
+        require 'ffi'
+        extend FFI::Library
+        ffi_lib %w[libsystemd-id128.so libsystemd-id128.so.0]
+
+        attach_function :sd_id128_get_machine, [:pointer], :int
+        attach_function :sd_id128_get_boot,    [:pointer], :int
+        attach_function :sd_id128_randomize,   [:pointer], :int
+      end
 
       class Id128 < FFI::Union
         layout :bytes,  [:uint8, 16],
@@ -59,9 +65,6 @@ module Systemd
           ("%02x" * 16) % self[:bytes].to_a
         end
       end
-      attach_function :sd_id128_get_machine, [:pointer], :int
-      attach_function :sd_id128_get_boot,    [:pointer], :int
-      attach_function :sd_id128_randomize,   [:pointer], :int
     end
   end
 end

data/lib/systemd/journal/compat.rb

@@ -33,6 +33,14 @@ module Systemd
       #  {Systemd::Journal}
       module ClassMethods
 
+        # write the value of the c errno constant to the systemd journal in the
+        # style of the perror() function.
+        # @param [String] message the text to prefix the error message with.
+        def perror(message)
+          rc = Native::sd_journal_perror(message)
+          raise JournalError.new(rc) if rc < 0
+        end
+
         # write a simple message to the systemd journal.
         # @param [Integer] level one of the LOG_* constants defining the
         #   severity of the event.

data/lib/systemd/journal/flags.rb

@@ -1,8 +1,9 @@
 module Systemd
   class Journal
     # contains a set of constants which maybe bitwise OR-ed together and passed
-    # to the Journal constructor:
-    #   `Journal.new(flags: Systemd::Journal::Flags::LOCAL_ONLY)`
+    # to the Journal constructor.
+    # @example
+    #   Systemd::Journal.new(flags: Systemd::Journal::Flags::LOCAL_ONLY)
     module Flags
       # Only open journal files generated on the local machine.
       LOCAL_ONLY    = 1

data/lib/systemd/journal/native.rb

@@ -22,11 +22,18 @@ module Systemd
       attach_function :sd_journal_seek_tail,          [:pointer], :int
       attach_function :sd_journal_seek_realtime_usec, [:pointer, :uint64], :int
 
+      attach_function :sd_journal_get_cursor,  [:pointer, :pointer], :int
+      attach_function :sd_journal_seek_cursor, [:pointer, :string],  :int
+      attach_function :sd_journal_test_cursor, [:pointer, :string],  :int
+
       # data reading
       attach_function :sd_journal_get_data,       [:pointer, :string, :pointer, :pointer], :int
       attach_function :sd_journal_restart_data,   [:pointer], :void
       attach_function :sd_journal_enumerate_data, [:pointer, :pointer, :pointer], :int
 
+      attach_function :sd_journal_get_data_threshold, [:pointer, :pointer], :int
+      attach_function :sd_journal_set_data_threshold, [:pointer, :size_t],  :int
+
       # querying
       attach_function :sd_journal_query_unique,     [:pointer, :string], :int
       attach_function :sd_journal_enumerate_unique, [:pointer, :pointer, :pointer], :int
@@ -38,7 +45,7 @@ module Systemd
         :append,
         :invalidate
       ]
-      attach_function :sd_journal_wait, [:pointer, :uint64], :wake_reason
+      attach_function :sd_journal_wait, [:pointer, :uint64], :wake_reason, blocking: true
 
       # filtering
       attach_function :sd_journal_add_match,       [:pointer, :string, :size_t], :int
@@ -47,12 +54,12 @@ module Systemd
       attach_function :sd_journal_add_conjunction, [:pointer], :int
 
       # writing
-      attach_function :sd_journal_print, [:int, :string], :int
-      attach_function :sd_journal_send,  [:varargs], :int
-
+      attach_function :sd_journal_print,  [:int, :string], :int
+      attach_function :sd_journal_send,   [:varargs], :int
+      attach_function :sd_journal_perror, [:string], :int
       # misc
       attach_function :sd_journal_get_usage, [:pointer, :pointer], :int
     end
 
-  end
+  end unless $NO_FFI_SPEC
 end

data/lib/systemd/journal/version.rb

@@ -1,6 +1,6 @@
 module Systemd
   class Journal
     # The version of the systemd-journal gem.
-    VERSION = '0.1.4'
+    VERSION = '1.0.0'
   end
 end

data/lib/systemd/journal.rb

@@ -3,8 +3,11 @@ require 'systemd/journal/flags'
 require 'systemd/journal/compat'
 require 'systemd/journal/fields'
 require 'systemd/journal_error'
+require 'systemd/journal_entry'
 require 'systemd/id128'
 
+require 'systemd/ffi_size_t'
+
 module Systemd
   # Class to allow interacting with the systemd journal.
   # To read from the journal, instantiate a new {Systemd::Journal}; to write to
@@ -12,6 +15,7 @@ module Systemd
   # {Systemd::Journal::Compat::ClassMethods#message Journal.message} or
   # {Systemd::Journal::Compat::ClassMethods#print Journal.print}.
   class Journal
+    include Enumerable
     include Systemd::Journal::Compat
 
     # Returns a new instance of a Journal, opened with the provided options.
@@ -45,17 +49,62 @@ module Systemd
       ObjectSpace.define_finalizer(self, self.class.finalize(@ptr))
     end
 
+    # Iterate over each entry in the journal, respecting the applied
+    # conjunctions/disjunctions.
+    # If a block is given, it is called with each entry until no more
+    # entries remain.  Otherwise, returns an enumerator which can be chained.
+    def each
+      return to_enum(:each) unless block_given?
+
+      seek(:head)
+      yield current_entry while move_next
+    end
+
+    # Move the read pointer by `offset` entries.
+    # @param [Integer] offset how many entries to move the read pointer by. If
+    #   this value is positive, the read pointer moves forward.  Otherwise, it
+    #   moves backwards.
+    # @return [Integer] the number of entries the read pointer actually moved.
+    def move(offset)
+      offset > 0 ? move_next_skip(offset) : move_previous_skip(-offset)
+    end
+
+    # Filter the journal at a high level.
+    # Takes any number of arguments; each argument should be a hash representing
+    # a condition to filter based on.  Fields inside the hash will be ANDed
+    # together.  Each hash will be ORed with the others.  Fields in hashes with
+    # Arrays as values are treated as an OR statement, since otherwise they
+    # would never match.
+    # @example
+    #   j = Systemd::Journal.filter(
+    #     {_systemd_unit: 'session-4.scope'},
+    #     {priority: [4, 6]},
+    #     {_exe: '/usr/bin/sshd', priority: 1}
+    #   )
+    #   # equivalent to
+    #   (_systemd_unit == 'session-4.scope') ||
+    #   (priority == 4 || priority == 6)     ||
+    #   (_exe == '/usr/bin/sshd' && priority == 1)
+    def filter(*conditions)
+      clear_filters
+
+      last_index = conditions.length - 1
+
+      conditions.each_with_index do |condition, index|
+        add_filters(condition)
+        add_disjunction unless index == last_index
+      end
+    end
+
     # Move the read pointer to the next entry in the journal.
     # @return [Boolean] True if moving to the next entry was successful.
     # @return [Boolean] False if unable to move to the next entry, indicating
     #   that the pointer has reached the end of the journal.
     def move_next
-      case (rc = Native::sd_journal_next(@ptr))
-      when 0 then false
-      when 1 then true
-      else
+      if (rc = Native::sd_journal_next(@ptr)) < 0
         raise JournalError.new(rc) if rc < 0
       end
+      rc > 0
     end
 
     # Move the read pointer forward by `amount` entries.
@@ -73,12 +122,10 @@ module Systemd
     # @return [Boolean] False if unable to move to the previous entry,
     #   indicating that the pointer has reached the beginning of the journal.
     def move_previous
-      case (rc = Native::sd_journal_previous(@ptr))
-      when 0 then false # EOF
-      when 1 then true
-      else
+      if (rc = Native::sd_journal_previous(@ptr)) < 0
         raise JournalError.new(rc) if rc < 0
       end
+      rc > 0
     end
 
     # Move the read pointer backwards by `amount` entries.
@@ -98,7 +145,9 @@ module Systemd
     # @param [Symbol, Time] whence one of :head, :tail, or a Time instance.
     #   `:head` (or `:start`) will seek to the beginning of the journal.
     #   `:tail` (or `:end`) will seek to the end of the journal. When a `Time`
-    #   is provided, seek to the journal entry logged closest to that time.
+    #   is provided, seek to the journal entry logged closest to that time. When
+    #   a String is provided, assume it is a cursor from {#cursor} and seek to
+    #   that entry.
     # @return [True]
     def seek(whence)
       rc = case whence
@@ -110,6 +159,8 @@ module Systemd
              if whence.is_a?(Time)
                # TODO: is this right? who knows.
                Native::sd_journal_seek_realtime_usec(@ptr, whence.to_i * 1_000_000)
+             elsif whence.is_a?(String)
+               Native::sd_journal_seek_cursor(@ptr, whence)
              else
                raise ArgumentError.new("Unknown seek type: #{whence.class}")
              end
@@ -133,11 +184,11 @@ module Systemd
       len_ptr = FFI::MemoryPointer.new(:size_t, 1)
       out_ptr = FFI::MemoryPointer.new(:pointer, 1)
 
-      rc = Native::sd_journal_get_data(@ptr, field, out_ptr, len_ptr)
+      rc = Native::sd_journal_get_data(@ptr, field.to_s.upcase, out_ptr, len_ptr)
 
       raise JournalError.new(rc) if rc < 0
 
-      len = read_size_t(len_ptr)
+      len = len_ptr.read_size_t
       out_ptr.read_pointer.read_string_length(len).split('=', 2).last
     end
 
@@ -161,7 +212,7 @@ module Systemd
       results = {}
 
       while (rc = Native::sd_journal_enumerate_data(@ptr, out_ptr, len_ptr)) > 0
-        len = read_size_t(len_ptr)
+        len = len_ptr.read_size_t
         key, value = out_ptr.read_pointer.read_string_length(len).split('=', 2)
         results[key] = value
 
@@ -170,7 +221,7 @@ module Systemd
 
       raise JournalError.new(rc) if rc < 0
 
-      results
+      JournalEntry.new(results)
     end
 
     # Get the list of unique values stored in the journal for the given field.
@@ -186,18 +237,17 @@ module Systemd
     #   end
     def query_unique(field)
       results = []
-      field   = field.to_s.upcase
       out_ptr = FFI::MemoryPointer.new(:pointer, 1)
       len_ptr = FFI::MemoryPointer.new(:size_t,  1)
 
       Native::sd_journal_restart_unique(@ptr)
 
-      if (rc = Native::sd_journal_query_unique(@ptr, field)) < 0
+      if (rc = Native::sd_journal_query_unique(@ptr, field.to_s.upcase)) < 0
         raise JournalError.new(rc)
       end
 
       while (rc = Native::sd_journal_enumerate_unique(@ptr, out_ptr, len_ptr)) > 0
-        len = read_size_t(len_ptr)
+        len = len_ptr.read_size_t
         results << out_ptr.read_pointer.read_string_length(len).split('=', 2).last
 
         yield results.last if block_given?
@@ -214,41 +264,73 @@ module Systemd
     # @example Wait for an event for a maximum of 3 seconds
     #   j = Systemd::Journal.new
     #   j.seek(:tail)
-    #   if j.wait(3 * 1_000_000) != :nop
+    #   if j.wait(3 * 1_000_000)
     #     # event occurred
     #   end
-    # @return [Symbol] :nop if the wait time was reached (no events occured).
+    # @return [Nil] if the wait time was reached (no events occured).
     # @return [Symbol] :append if new entries were appened to the journal.
     # @return [Symbol] :invalidate if journal files were added/removed/rotated.
     def wait(timeout_usec = -1)
       rc = Native::sd_journal_wait(@ptr, timeout_usec)
       raise JournalError.new(rc) if rc.is_a?(Fixnum) && rc < 0
-      rc
+      rc == :nop ? nil : rc
+    end
+
+    # Blocks and waits for new entries to be appended to the journal. When new
+    # entries are written, yields them in turn.  Note that this function does
+    # not automatically seek to the end of the journal prior to waiting.
+    # This method Does not return.
+    # @example Print out events as they happen
+    #   j = Systemd::Journal.new
+    #   j.seek(:tail)
+    #   j.watch do |event|
+    #     puts event.message
+    #   end
+    def watch
+      while true
+        if wait
+          yield current_entry while move_next
+        end
+      end
     end
 
     # Add a filter to journal, such that only entries where the given filter
     # matches are returned.
-    # {#move_next} or {#move_previous} must be invoked after adding a match
+    # {#move_next} or {#move_previous} must be invoked after adding a filter
     # before attempting to read from the journal.
     # @param [String] field the column to filter on, e.g. _PID, _EXE.
     # @param [String] value the match to search for, e.g. '/usr/bin/sshd'
     # @return [nil]
-    def add_match(field, value)
+    def add_filter(field, value)
       match = "#{field.to_s.upcase}=#{value}"
       rc = Native::sd_journal_add_match(@ptr, match, match.length)
       raise JournalError.new(rc) if rc < 0
     end
 
+    # Add a set of filters to the journal, such that only entries where the
+    # given filters match are returned.
+    # @param [Hash] filters a set of field/filter value pairs.
+    #   If the filter value is an array, each value in the array is added
+    #   and entries where the specified field matches any of the values is
+    #   returned.
+    # @example Filter by PID and EXE
+    #   j.add_filters(_pid: 6700, _exe: '/usr/bin/sshd')
+    def add_filters(filters)
+      filters.each do |field, value|
+        Array(value).each{ |v| add_filter(field, v) }
+      end
+    end
+
     # Add an OR condition to the filter.  All previously added matches
-    # and any matches added afterwards will be OR-ed together.
+    # will be ORed with the terms following the disjunction.
     # {#move_next} or {#move_previous} must be invoked after adding a match
     # before attempting to read from the journal.
     # @return [nil]
     # @example Filter entries returned using an OR condition
     #   j = Systemd::Journal.new
-    #   j.add_match('PRIORITY', 5)
-    #   j.add_match('_EXE', '/usr/bin/sshd')
+    #   j.add_filter('PRIORITY', 5)
     #   j.add_disjunction
+    #   j.add_filter('_EXE', '/usr/bin/sshd')
     #   while j.move_next
     #     # current_entry is either an sshd event or
     #     # has priority 5
@@ -258,16 +340,16 @@ module Systemd
       raise JournalError.new(rc) if rc < 0
     end
 
-    # Add an AND condition to the filter.  All previously added matches
-    # and any matches added afterwards will be AND-ed together.
+    # Add an AND condition to the filter.  All previously added terms will be
+    # ANDed together with terms following the conjunction.
     # {#move_next} or {#move_previous} must be invoked after adding a match
     # before attempting to read from the journal.
     # @return [nil]
     # @example Filter entries returned using an AND condition
     #   j = Systemd::Journal.new
-    #   j.add_match('PRIORITY', 5)
-    #   j.add_match('_EXE', '/usr/bin/sshd')
+    #   j.add_filter('PRIORITY', 5)
     #   j.add_conjunction
+    #   j.add_filter('_EXE', '/usr/bin/sshd')
     #   while j.move_next
     #     # current_entry is an sshd event with priority 5
     #   end
@@ -276,9 +358,9 @@ module Systemd
       raise JournalError.new(rc) if rc < 0
     end
 
-    # Remove all matches and conjunctions/disjunctions.
+    # Remove all filters and conjunctions/disjunctions.
     # @return [nil]
-    def clear_matches
+    def clear_filters
       Native::sd_journal_flush_matches(@ptr)
     end
 
@@ -295,21 +377,55 @@ module Systemd
       size_ptr.read_uint64
     end
 
-    private
+    # Get the maximum length of a data field that will be returned.
+    # Fields longer than this will be truncated.  Default is 64K.
+    # @return [Integer] size in bytes.
+    def data_threshold
+      size_ptr = FFI::MemoryPointer.new(:size_t, 1)
+      if (rc = Native::sd_journal_get_data_threshold(@ptr, size_ptr)) < 0
+        raise JournalError.new(rc)
+      end
 
-    def self.finalize(ptr)
-      proc{ Native::sd_journal_close(ptr) unless ptr.nil? }
+      size_ptr.read_size_t
+    end
+
+    # Set the maximum length of a data field that will be returned.
+    # Fields longer than this will be truncated.
+    def data_threshold=(threshold)
+      if (rc = Native::sd_journal_set_data_threshold(@ptr, threshold)) < 0
+        raise JournalError.new(rc)
+      end
+    end
+
+    # returns a string representing the current read position.
+    # This string can be passed to {#seek} or {#cursor?}.
+    # @return [String] a cursor token.
+    def cursor
+      out_ptr = FFI::MemoryPointer.new(:pointer, 1)
+      if (rc = Native.sd_journal_get_cursor(@ptr, out_ptr)) < 0
+        raise JournalError.new(rc)
+      end
+
+      out_ptr.read_pointer.read_string
     end
 
-    def read_size_t(ptr)
-      case ptr.size
-      when 8
-        ptr.read_uint64
-      when 4
-        ptr.read_uint32
-      else
-        raise StandardError.new("Unhandled size_t size: #{ptr.size}")
+    # Check if the read position is currently at the entry represented by the
+    # provided cursor value.
+    # @param c [String] a cursor token returned from {#cursor}.
+    # @return [Boolean] True if the current entry is the one represented by the
+    # provided cursor, False otherwise.
+    def cursor?(c)
+      if (rc = Native.sd_journal_test_cursor(@ptr, c)) < 0
+        raise JournalError.new(rc)
       end
+
+      rc > 0
+    end
+
+    private
+
+    def self.finalize(ptr)
+      proc{ Native::sd_journal_close(ptr) unless ptr.nil? }
     end
 
   end

data/lib/systemd/journal_entry.rb

@@ -0,0 +1,28 @@
+module Systemd
+  class JournalEntry
+    include Enumerable
+
+    attr_reader :fields
+
+    def initialize(entry)
+      @entry  = entry
+      @fields = entry.map do |key, value|
+        name = key.downcase.to_sym
+        define_singleton_method(name){ value } unless respond_to?(name)
+        name
+      end
+
+    end
+
+    def [](key)
+      @entry[key] || @entry[key.to_s.upcase]
+    end
+
+    def each
+      return to_enum(:each) unless block_given?
+
+      @entry.each{ |key, value| yield [key, value] }
+    end
+
+  end
+end

data/lib/systemd/journal_error.rb

@@ -1,3 +1,5 @@
+require 'ffi'
+
 module Systemd
   # This execption is raised whenever a sd_journal_* call returns an error.
   class JournalError < StandardError

data/spec/no_ffi.rb

@@ -0,0 +1,4 @@
+$NO_FFI_SPEC = true
+module Systemd::Journal::Native ; end
+
+puts "Warning: running specs without libsystemd-journal and libsystemd-id128"

data/spec/spec_helper.rb

@@ -3,3 +3,37 @@ require 'simplecov'
 
 SimpleCov.start
 require 'systemd/journal'
+
+RSpec.configure do |config|
+  config.before(:each) do
+
+    # Stub open and close calls
+    dummy_open = ->(ptr, flags, path=nil) do
+      ptr.write_pointer(nil)
+      0
+    end
+
+    Systemd::Journal::Native.stub(:sd_journal_open, &dummy_open)
+    Systemd::Journal::Native.stub(:sd_journal_open_directory, &dummy_open)
+    Systemd::Journal::Native.stub(:sd_journal_close).and_return(0)
+
+    # Raise an exception if any native calls are actually called
+    native_calls = Systemd::Journal::Native.methods.select do |m|
+      m.to_s.start_with?("sd_")
+    end
+
+    native_calls -= [
+      :sd_journal_open, :sd_journal_open_directory, :sd_journal_close
+    ]
+
+    build_err_proc = ->(method_name) do
+      return ->(*params) do
+        raise RuntimeError.new("#{method_name} called without being stubbed.")
+      end
+    end
+
+    native_calls.each do |meth|
+      Systemd::Journal::Native.stub(meth, &build_err_proc.call(meth))
+    end
+  end
+end

data/spec/systemd/journal_entry_spec.rb

@@ -0,0 +1,43 @@
+require 'spec_helper'
+
+describe Systemd::JournalEntry do
+  subject do
+    Systemd::JournalEntry.new(
+      '_PID'     => '125',
+      '_EXE'     => '/usr/bin/sshd',
+      'PRIORITY' => '4',
+      'OBJECT_ID'=> ':)'
+    )
+  end
+
+  it 'allows enumerating entries' do
+    expect{ |b| subject.each(&b) }.to yield_successive_args(
+      ['_PID', '125'],
+      ['_EXE', '/usr/bin/sshd'],
+      ['PRIORITY', '4'],
+      ['OBJECT_ID', ':)']
+    )
+  end
+
+  it 'responds to field names as methods' do
+    subject._pid.should     eq('125')
+    subject.priority.should eq('4')
+  end
+
+  it 'doesnt overwrite existing methods' do
+    subject.object_id.should_not eq(':)')
+  end
+
+  it 'allows accessing via [string]' do
+    subject['OBJECT_ID'].should eq(':)')
+  end
+
+  it 'allows accessing via [symbol]' do
+    subject[:object_id].should eq(':)')
+  end
+
+  it 'lists all fields it contains' do
+    subject.fields.should eq([:_pid, :_exe, :priority, :object_id])
+  end
+
+end

data/spec/systemd/journal_spec.rb

@@ -1,18 +1,6 @@
 require 'spec_helper'
 
 describe Systemd::Journal do
-  
-  before(:each) do
-    # don't actually make native API calls.
-    dummy_open = ->(ptr, flags, path=nil) do
-      ptr.write_pointer(nil)
-      0
-    end
-
-    Systemd::Journal::Native.stub(:sd_journal_open, &dummy_open)
-    Systemd::Journal::Native.stub(:sd_journal_open_directory, &dummy_open)
-    Systemd::Journal::Native.stub(:sd_journal_close).and_return(0)
-  end
 
   describe '#initialize' do
     it 'opens a directory if a path is passed' do
@@ -34,6 +22,20 @@ describe Systemd::Journal do
     end
   end
 
+  describe '#move' do
+    it 'calls move_next_skip if the value is positive' do
+      j = Systemd::Journal.new
+      j.should_receive(:move_next_skip).with(5)
+      j.move(5)
+    end
+
+    it 'calls move_next_previous otherwise' do
+      j = Systemd::Journal.new
+      j.should_receive(:move_previous_skip).with(5)
+      j.move(-5)
+    end
+  end
+
   ['next', 'previous'].each do |direction|
     describe "#move_#{direction}" do
       it 'returns true on a successful move' do
@@ -76,6 +78,33 @@ describe Systemd::Journal do
     end
   end
 
+  describe '#each' do
+    it 'should reposition to the head of the journal' do
+      j = Systemd::Journal.new
+      j.should_receive(:seek).with(:head).and_return(0)
+      j.stub(:move_next).and_return(nil)
+      j.each{|e| nil }
+    end
+
+    it 'should return an enumerator if no block is given' do
+      j = Systemd::Journal.new
+      j.each.class.should eq(Enumerator)
+    end
+
+    it 'should return each entry in the journal' do
+      entries = [{'_PID' => 1}, {'_PID' => 2}]
+      entry   = nil
+
+      j = Systemd::Journal.new
+      j.stub(:seek).and_return(0)
+      j.stub(:current_entry) { entry }
+      j.stub(:move_next)     { entry = entries.shift }
+
+      j.map{|e| e['_PID'] }.should eq([1, 2])
+    end
+
+  end
+
   describe '#seek' do
     it 'moves to the first entry of the file' do
       j = Systemd::Journal.new
@@ -94,44 +123,226 @@ describe Systemd::Journal do
       Systemd::Journal::Native.should_receive(:sd_journal_seek_realtime_usec).and_return(0)
       j.seek(Time.now).should eq(true)
     end
+
+    it 'seeks based on a cursor when a string is provided' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_seek_cursor).
+        with(anything, "123").and_return(0)
+
+      j.seek("123")
+    end
+
+    it 'throws an exception if it doesnt understand the type' do
+      j = Systemd::Journal.new
+      expect { j.seek(Object.new) }.to raise_error(ArgumentError)
+    end
   end
 
   describe '#read_field' do
-    pending
+    it 'raises an exception if the call fails' do
+      Systemd::Journal::Native.should_receive(:sd_journal_get_data).and_return(-1)
+
+      j = Systemd::Journal.new
+      expect{ j.read_field(:message) }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'parses the returned value correctly.' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_get_data) do |ptr, field, out_ptr, len_ptr|
+        dummy = "MESSAGE=hello world"
+        out_ptr.write_pointer(FFI::MemoryPointer.from_string(dummy))
+        len_ptr.write_size_t(dummy.size)
+        0
+      end
+
+      j.read_field(:message).should eq("hello world")
+    end
   end
 
   describe '#current_entry' do
-    pending
+    before(:each) do
+      Systemd::Journal::Native.should_receive(:sd_journal_restart_data).and_return(nil)
+    end
+
+    it 'raises an exception if the call fails' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_enumerate_data).and_return(-1)
+      expect { j.current_entry }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'returns the correct data' do
+      j = Systemd::Journal.new
+      results = ['_PID=100', 'MESSAGE=hello world']
+
+      Systemd::Journal::Native.should_receive(:sd_journal_enumerate_data).exactly(3).times do |ptr, out_ptr, len_ptr|
+        if results.any?
+          x = results.shift
+          out_ptr.write_pointer(FFI::MemoryPointer.from_string(x))
+          len_ptr.write_size_t(x.length)
+          1
+        else
+          0
+        end
+      end
+
+      entry = j.current_entry
+
+      entry._pid.should     eq('100')
+      entry.message.should eq('hello world')
+
+    end
   end
 
   describe '#query_unique' do
-    pending
+    before(:each) do
+      Systemd::Journal::Native.should_receive(:sd_journal_restart_unique).and_return(nil)
+    end
+
+    it 'raises an exception if the call fails' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_query_unique).and_return(-1)
+      expect { j.query_unique(:_pid) }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'raises an exception if the call fails (2)' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_query_unique).and_return(0)
+      Systemd::Journal::Native.should_receive(:sd_journal_enumerate_unique).and_return(-1)
+      expect { j.query_unique(:_pid) }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'returns the correct data' do
+      j = Systemd::Journal.new
+      results = ['_PID=100', '_PID=200', '_PID=300']
+
+      Systemd::Journal::Native.should_receive(:sd_journal_query_unique).and_return(0)
+
+      Systemd::Journal::Native.should_receive(:sd_journal_enumerate_unique).exactly(4).times do |ptr, out_ptr, len_ptr|
+        if results.any?
+          x = results.shift
+          out_ptr.write_pointer(FFI::MemoryPointer.from_string(x))
+          len_ptr.write_size_t(x.length)
+          1
+        else
+          0
+        end
+      end
+
+      j.query_unique(:_pid).should eq(['100', '200', '300'])
+    end
+
   end
 
   describe '#wait' do
-    pending
+    it 'raises an exception if the call fails' do
+      Systemd::Journal::Native.should_receive(:sd_journal_wait).and_return(-1)
+
+      j = Systemd::Journal.new
+      expect{ j.wait(100) }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'returns the reason we were woken up' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_wait).and_return(:append)
+      j.wait(100).should eq(:append)
+    end
+
+    it 'returns nil if we reached the timeout.' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_wait).and_return(:nop)
+      j.wait(100).should eq(nil)
+    end
+  end
+
+  describe '#add_filter' do
+    it 'raises an exception if the call fails' do
+      Systemd::Journal::Native.should_receive(:sd_journal_add_match).and_return(-1)
+
+      j = Systemd::Journal.new
+      expect{ j.add_filter(:message, "test") }.to raise_error(Systemd::JournalError)
+    end
+
+    it 'formats the arguments appropriately' do
+      Systemd::Journal::Native.should_receive(:sd_journal_add_match).
+        with(anything, "MESSAGE=test", "MESSAGE=test".length).
+        and_return(0)
+
+      Systemd::Journal.new.add_filter(:message, "test")
+    end
   end
 
-  describe '#add_match' do
-    pending
+  describe '#add_filters' do
+    it 'calls add_filter for each parameter' do
+      j = Systemd::Journal.new
+      j.should_receive(:add_filter).with(:priority, 1)
+      j.should_receive(:add_filter).with(:_exe, '/usr/bin/sshd')
+
+      j.add_filters(priority: 1, _exe: '/usr/bin/sshd')
+    end
+
+    it 'expands array arguments to multiple add_filter calls' do
+      j = Systemd::Journal.new
+      j.should_receive(:add_filter).with(:priority, 1)
+      j.should_receive(:add_filter).with(:priority, 2)
+      j.should_receive(:add_filter).with(:priority, 3)
+
+      j.add_filters(priority: [1,2,3])
+    end
+  end
+
+  describe '#filter' do
+    it 'clears the existing filters' do
+      j = Systemd::Journal.new
+      j.should_receive(:clear_filters)
+
+      j.filter({})
+    end
+
+    it 'adds disjunctions between terms' do
+      j = Systemd::Journal.new
+      j.stub(:clear_filters).and_return(nil)
+
+      j.should_receive(:add_filter).with(:priority, 1).ordered
+      j.should_receive(:add_disjunction).ordered
+      j.should_receive(:add_filter).with(:message, 'hello').ordered
+
+      j.filter({priority: 1}, {message: 'hello'})
+
+    end
   end
 
   describe '#add_conjunction' do
-    pending
+    it 'raises an exception if the call fails' do
+      Systemd::Journal::Native.should_receive(:sd_journal_add_conjunction).and_return(-1)
+
+      j = Systemd::Journal.new
+      expect{ j.add_conjunction }.to raise_error(Systemd::JournalError)
+    end
   end
 
   describe '#add_disjunction' do
-    pending
+    it 'raises an exception if the call fails' do
+      Systemd::Journal::Native.should_receive(:sd_journal_add_disjunction).and_return(-1)
+
+      j = Systemd::Journal.new
+      expect{ j.add_disjunction }.to raise_error(Systemd::JournalError)
+    end
   end
 
-  describe '#clear_matches' do
-    pending
+  describe '#clear_filters' do
+    it 'flushes the matches' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_flush_matches).and_return(nil)
+      j.clear_filters
+    end
   end
 
   describe '#disk_usage' do
     it 'returns the size used on disk' do
       Systemd::Journal::Native.should_receive(:sd_journal_get_usage) do |ptr, size_ptr|
-        size_ptr.size == 8 ? size_ptr.write_uint64(12) : size_ptr.write_uint32(12)
+        size_ptr.write_size_t(12)
         0
       end
       j = Systemd::Journal.new
@@ -145,4 +356,95 @@ describe Systemd::Journal do
     end
   end
 
+  describe '#data_threshold=' do
+    it 'sets the data threshold' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_set_data_threshold).
+        with(anything, 0x1234).and_return(0)
+
+      j.data_threshold = 0x1234
+    end
+
+    it 'raises a JournalError on failure' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_set_data_threshold).
+        with(anything, 0x1234).and_return(-1)
+
+      expect { j.data_threshold = 0x1234 }.to raise_error(Systemd::JournalError)
+    end
+  end
+
+  describe '#data_threshold' do
+    it 'gets the data threshold' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_get_data_threshold) do |ptr, size_ptr|
+        size_ptr.write_size_t(0x1234)
+        0
+      end
+      j.data_threshold.should eq(0x1234)
+    end
+
+    it 'raises a JournalError on failure' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_get_data_threshold).
+        and_return(-3)
+
+      expect{ j.data_threshold }.to raise_error(Systemd::JournalError)
+    end
+
+  end
+
+  describe '#cursor?' do
+    it 'returns true if the current cursor is the provided value' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_test_cursor).
+        with(anything, "1234").and_return(1)
+
+      j.cursor?("1234").should eq(true)
+    end
+
+    it 'returns false otherwise' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_test_cursor).
+        with(anything, "1234").and_return(0)
+
+      j.cursor?("1234").should eq(false)
+    end
+
+    it 'raises a JournalError on failure' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_test_cursor).
+        and_return(-3)
+
+      expect{ j.cursor?('123') }.to raise_error(Systemd::JournalError)
+    end
+
+  end
+
+  describe '#cursor' do
+    it 'returns the current cursor' do
+      j = Systemd::Journal.new
+      Systemd::Journal::Native.should_receive(:sd_journal_get_cursor) do |ptr, out_ptr|
+        out_ptr.write_pointer(FFI::MemoryPointer.from_string("5678"))
+        0
+      end
+      j.cursor.should eq("5678")
+    end
+
+    it 'raises a JournalError on failure' do
+      j = Systemd::Journal.new
+
+      Systemd::Journal::Native.should_receive(:sd_journal_get_cursor).
+        and_return(-3)
+
+      expect{ j.cursor }.to raise_error(Systemd::JournalError)
+    end
+
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: systemd-journal
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 1.0.0
 platform: ruby
 authors:
 - John Ledbetter
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-01 00:00:00.000000000 Z
+date: 2013-11-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
@@ -69,6 +69,7 @@ files:
 - examples/journal_directory.rb
 - examples/ssh_watcher.rb
 - lib/systemd-journal.rb
+- lib/systemd/ffi_size_t.rb
 - lib/systemd/id128.rb
 - lib/systemd/journal.rb
 - lib/systemd/journal/compat.rb
@@ -76,9 +77,12 @@ files:
 - lib/systemd/journal/flags.rb
 - lib/systemd/journal/native.rb
 - lib/systemd/journal/version.rb
+- lib/systemd/journal_entry.rb
 - lib/systemd/journal_error.rb
+- spec/no_ffi.rb
 - spec/spec_helper.rb
 - spec/systemd/id128_spec.rb
+- spec/systemd/journal_entry_spec.rb
 - spec/systemd/journal_spec.rb
 - systemd-journal.gemspec
 homepage: https://github.com/ledbettj/systemd-journal
@@ -106,7 +110,9 @@ signing_key:
 specification_version: 4
 summary: Ruby bindings to libsystemd-journal
 test_files:
+- spec/no_ffi.rb
 - spec/spec_helper.rb
 - spec/systemd/id128_spec.rb
+- spec/systemd/journal_entry_spec.rb
 - spec/systemd/journal_spec.rb
 has_rdoc: