systemd-journal 0.0.2 → 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1c86b79ec4112caca8d17887e2b0fdea3096a470
+  data.tar.gz: 52e39912dc156aa0a7a75639b255f027b8c4b816
+SHA512:
+  metadata.gz: c2a59f402dd49f61cc8586cb743413f317c0e9f1852e7c6199a63aeacafabfce77f76039a58d1ec050f40196f3c79663c11882897586be71f9a1868adb1eb8f1
+  data.tar.gz: fb9c8f267606434664ce7e52a7822a72d4684b8f81646571a161c3bb14920c7a6b86dce08b0f67b7584ae7c541667ff3d48f7b6d744840290f7fbfad222dad1b

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,8 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in systemd-journal.gemspec
+gemspec
+
+gem 'pry'
+gem 'rake'
+gem 'yard'

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 John Ledbetter
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,51 @@
+# Systemd::Journal
+
+Ruby bindings for reading from the systemd journal.
+
+* [documentation](http://rubydoc.info/github/ledbettj/systemd-journal)
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'systemd-journal', git: 'https://github.com/ledbettj/systemd-journal.git'
+
+And then execute:
+
+    $ bundle
+
+## Usage
+
+For example, printing all messages:
+
+    require 'systemd/journal'
+    
+    j = Systemd::Journal.new
+    j.seek(:head)
+    
+    while j.move_next
+      puts j.read_field('MESSAGE')
+    end
+    
+Or to print all data in each entry:
+
+    require 'systemd/journal'
+    
+    j = Systemd::Journal.new
+    j.seek(:head)
+    
+    while j.move_next
+      j.current_entry do |key, value|
+        puts "#{key}: #{value}"
+      end
+      puts "\n"
+    end
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+6. Wipe hands on pants

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/gem_tasks"
+require "yard"
+
+task :console do
+  exec 'pry -I./lib -r systemd/journal'
+end
+
+YARD::Rake::YardocTask.new do |t|
+  t.files = ['lib/**/*.rb']
+  t.options = ['--no-private']
+end

data/examples/journal_directory.rb

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+require 'systemd/journal'
+
+if ARGV.length == 0
+  puts "usage: ./#{File.basename(__FILE__)} /var/log/journal/{machine-id}"
+  exit(1)
+end
+
+j = Systemd::Journal.new(path: ARGV[0])
+j.seek(:head)
+
+while j.move_next
+  entry = j.current_entry
+  puts "PID #{entry['_PID']}: #{entry['MESSAGE']}"
+end

data/examples/ssh_watcher.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+require 'systemd/journal'
+require 'date'
+
+class SSHWatcher
+  def initialize
+    @journal = Systemd::Journal.new(flags: Systemd::Journal::Flags::SYSTEM_ONLY)
+  end
+
+  def run
+    @journal.add_match('_EXE', '/usr/bin/sshd')
+    # skip all existing entries
+    while @journal.move_next ; end
+
+    while true
+      @journal.wait(1_000_000 * 5)
+      process_event(@journal.current_entry) while @journal.move_next
+    end
+    
+  end
+
+  private
+
+  LOGIN_REGEXP = /Accepted\s+(?<auth_method>[^\s]+)\s+for\s+(?<user>[^\s]+)\s+from\s+(?<address>[^\s]+)/
+
+  def process_event(entry)
+    if (m = entry['MESSAGE'].match(LOGIN_REGEXP))
+      timestamp = DateTime.strptime(
+        (entry['_SOURCE_REALTIME_TIMESTAMP'].to_i / 1_000_000).to_s,
+        "%s"
+      )
+      puts "login via #{m[:auth_method]} for #{m[:user]} from #{m[:address]} at #{timestamp.ctime}"
+    end
+  end
+end
+
+SSHWatcher.new.run

data/lib/systemd/journal/compat.rb

@@ -0,0 +1,49 @@
+require 'systemd/journal/native'
+require 'systemd/journal_error'
+
+module Systemd
+  class Journal
+    # This module provides compatibility with the systemd-journal.gem
+    # by Daniel Mack (https://github.com/zonque/systemd-journal.gem)
+    module Compat
+
+      LOG_EMERG   = 0 # system is unusable
+      LOG_ALERT   = 1 # action must be taken immediately
+      LOG_CRIT    = 2 # critical conditions
+      LOG_ERR     = 3 # error conditions
+      LOG_WARNING = 4 # warning conditions
+      LOG_NOTICE  = 5 # normal but significant condition
+      LOG_INFO    = 6 # informational
+      LOG_DEBUG   = 7 # debug-level messages
+
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+
+        # write a simple message to the systemd journal.
+        # @param [Integer] level one of the LOG_* constants defining the
+        #   severity of the event.
+        # @param [String] message the content of the message to write.
+        def print(level, message)
+          rc = Native::sd_journal_print(level, message)
+          raise JournalError.new(rc) if rc < 0
+        end
+
+        # write an event to the systemd journal.
+        # @param [Hash] contents the set of key-value pairs defining the event.
+        def message(contents)
+          items = contents.flat_map do |k,v|
+            [:string, "#{k.to_s.upcase}=#{v}"]
+          end
+          # add a null pointer to terminate the varargs
+          items += [:string, nil]
+          rc = Native::sd_journal_send(*items)
+          raise JournalError.new(rc) if rc < 0
+        end
+      end
+
+    end
+  end
+end

data/lib/systemd/journal/flags.rb

@@ -0,0 +1,15 @@
+module Systemd
+  class Journal
+    # contains a set of constants which maybe bitwise OR-ed together and passed
+    # to the Journal constructor:
+    #   `Journal.new(flags: Systemd::Journal::Flags::LOCAL_ONLY)`
+    module Flags
+      # Only open journal files generated on the local machine.
+      LOCAL_ONLY    = 1
+      # Only open non-persistent journal files.
+      RUNTIME_ONLY  = 2
+      # Only open kernel and system service journal files.
+      SYSTEM_ONLY   = 4
+    end
+  end
+end

data/lib/systemd/journal/native.rb

@@ -0,0 +1,46 @@
+module Systemd
+  class Journal
+    module Native
+      require 'ffi'
+      extend FFI::Library
+      ffi_lib %w[libsystemd-journal.so libsystemd-journal.so.0]
+
+      # setup/teardown
+      attach_function :sd_journal_open,           [:pointer, :int], :int
+      attach_function :sd_journal_open_directory, [:pointer, :string, :int], :int
+      attach_function :sd_journal_close,          [:pointer], :void
+
+      # navigation
+      attach_function :sd_journal_next,          [:pointer], :int
+      attach_function :sd_journal_next_skip,     [:pointer, :uint64], :int
+      attach_function :sd_journal_previous,      [:pointer], :int
+      attach_function :sd_journal_previous_skip, [:pointer, :uint64], :int
+
+      attach_function :sd_journal_seek_head,          [:pointer], :int
+      attach_function :sd_journal_seek_tail,          [:pointer], :int
+      attach_function :sd_journal_seek_realtime_usec, [:pointer, :uint64], :int
+
+      # data reading
+      attach_function :sd_journal_get_data,       [:pointer, :string, :pointer, :pointer], :int
+      attach_function :sd_journal_restart_data,   [:pointer], :void
+      attach_function :sd_journal_enumerate_data, [:pointer, :pointer, :pointer], :int
+
+      # event notification
+      attach_function :sd_journal_wait, [:pointer, :uint64], :int
+
+      # filtering
+      attach_function :sd_journal_add_match,       [:pointer, :string, :size_t], :int
+      attach_function :sd_journal_flush_matches,   [:pointer], :void
+      attach_function :sd_journal_add_disjunction, [:pointer], :int
+      attach_function :sd_journal_add_conjunction, [:pointer], :int
+
+      # writing
+      attach_function :sd_journal_print, [:int, :string], :int
+      attach_function :sd_journal_send,  [:varargs], :int
+
+      # misc
+      attach_function :sd_journal_get_usage, [:pointer, :pointer], :int
+    end
+
+  end
+end

data/lib/systemd/journal/version.rb

@@ -0,0 +1,5 @@
+module Systemd
+  class Journal
+    VERSION = '0.1.0'
+  end
+end

data/lib/systemd/journal.rb

@@ -0,0 +1,224 @@
+require 'systemd/journal/native'
+require 'systemd/journal/flags'
+require 'systemd/journal/compat'
+require 'systemd/journal_error'
+
+module Systemd
+  class Journal
+    include Systemd::Journal::Compat
+
+    # Returns a new instance of a Journal, opened with the provided options.
+    # @param [Hash] opts optional initialization parameters.
+    # @option opts [Integer] :flags a set of bitwise OR-ed `Journal::Flags`
+    #   which control what journal files are opened.  Defaults to 0 (all).
+    # @option opts [String]  :path if provided, open the journal files living
+    #   in the provided directory only.  Any provided flags will be ignored per
+    #   since sd_journal_open_directory does not currently accept any flags.
+    def initialize(opts = {})
+      flags = opts[:flags] || 0
+      path  = opts[:path]
+      ptr   = FFI::MemoryPointer.new(:pointer, 1)
+
+      rc = if path
+             Native::sd_journal_open_directory(ptr, path, 0)
+           else
+             Native::sd_journal_open(ptr, flags)
+           end
+
+      raise JournalError.new(rc) if rc < 0
+
+      @ptr = ptr.read_pointer
+      ObjectSpace.define_finalizer(self, self.class.finalize(@ptr))
+    end
+
+    # Move the read pointer to the next entry in the journal.
+    # @return [Boolean] True if moving to the next entry was successful.  False
+    #   indicates that we've reached the end of the journal.
+    def move_next
+      case (rc = Native::sd_journal_next(@ptr))
+      when 0 then false # EOF
+      when 1 then true
+      when rc < 0 then raise JournalError.new(rc)
+      end
+    end
+
+    # Move the read pointer forward by `amount` entries.
+    # @return the actual number of entries which the pointer was moved by. If
+    #   this number is less than the requested, we've reached the end of the
+    #   journal.
+    def move_next_skip(amount)
+      rc = Native::sd_journal_next_skip(@ptr, amount)
+      raise JournalError.new(rc) if rc < 0
+      rc
+    end
+
+    # Move the read pointer to the previous entry in the journal.
+    # @return [Boolean] True if moving to the previous entry was successful.
+    #   False indicates that we've reached the start of the journal.
+    def move_previous
+      case (rc = Native::sd_journal_previous(@ptr))
+      when 0 then false # EOF
+      when 1 then true
+      when rc < 0 then raise JournalError.new(rc)
+      end
+    end
+
+    # Move the read pointer backwards by `amount` entries.
+    # @return the actual number of entries which the pointer was moved by. If
+    #   this number is less than the requested, we've reached the start of the
+    #   journal.
+    def move_previous_skip(amount)
+      rc = Native::sd_journal_previous_skip(@ptr, amount)
+      raise JournalError.new(rc) if rc < 0
+      rc
+    end
+
+    # Seek to a position in the journal.
+    # Note: after seeking, you must call move_next or move_previous before
+    #   you can call read_field or current_entry
+    #
+    # @param [Symbol, Time] whence one of :head, :tail, or a Time instance.
+    #   :head (or :start) will seek to the beginning of the journal.
+    #   :tail (or :end) will seek to the end of the journal.
+    #   when a Time is provided, seek to the journal entry logged closest to
+    #   the provided time.
+    # @return [Boolean] True on success, otherwise an error is raised.
+    def seek(whence)
+      rc = case whence
+           when :head, :start
+             Native::sd_journal_seek_head(@ptr)
+           when :tail, :end
+             Native::sd_journal_seek_tail(@ptr)
+           when whence.is_a?(Time)
+             # TODO: is this right? who knows.
+             Native::sd_journal_seek_realtime_usec(@ptr, whence.to_i * 1_000_000)
+           else
+             raise ArgumentError.new("Unknown seek type: #{whence}")
+           end
+
+      raise JournalErrornew(rc) if rc < 0
+
+      true
+    end
+
+    # Read the contents of the provided field from the current journal entry.
+    #   move_next or move_previous must be called at least once after
+    #   initialization or seeking prior to attempting to read data.
+    # @param [String] field the name of the field to read -- e.g., 'MESSAGE'
+    # @return [String] the value of the requested field.
+    def read_field(field)
+      len_ptr = FFI::MemoryPointer.new(:size_t, 1)
+      out_ptr = FFI::MemoryPointer.new(:pointer, 1)
+
+      rc = Native::sd_journal_get_data(@ptr, field, out_ptr, len_ptr)
+
+      raise JournalError.new(rc) if rc < 0
+
+      len = read_size_t(len_ptr)
+      out_ptr.read_pointer.read_string_length(len).split('=', 2).last
+    end
+
+    # Read the contents of all fields from the current journal entry.
+    # If given a block, it will yield each field in the form of
+    # (fieldname, value).
+    #
+    # move_next or move_previous must be called at least once after
+    # initialization or seeking prior to calling current_entry
+    #
+    # @return [Hash] the contents of the current journal entry.
+    def current_entry
+      Native::sd_journal_restart_data(@ptr)
+
+      len_ptr = FFI::MemoryPointer.new(:size_t, 1)
+      out_ptr = FFI::MemoryPointer.new(:pointer, 1)
+      results = {}
+
+      while
+        rc = Native::sd_journal_enumerate_data(@ptr, out_ptr, len_ptr)
+        raise JournalError.new(rc) if rc < 0
+        break if rc == 0
+
+        len = read_size_t(len_ptr)
+        key, value = out_ptr.read_pointer.read_string_length(len).split('=', 2)
+        results[key] = value
+
+        yield(key, value) if block_given?
+      end
+
+      results
+    end
+
+    # Block until the journal is changed.
+    # @param timeout_usec [Integer] the maximum number of microseconds to wait
+    #   or -1 to wait indefinitely.
+    def wait(timeout_usec = -1)
+      rc = Native::sd_journal_wait(@ptr, timeout_usec)
+      raise JournalError.new(rc) if rc < 0
+    end
+
+    # Add a filter to journal, such that only entries where the given filter
+    # matches are returned.
+    # move_next or move_previous must be invoked after adding a match before
+    # attempting to read from the journal.
+    # @param [String] field the column to filter on, e.g. _PID, _EXE.
+    # @param [String] value the match to search for, e.g. '/usr/bin/sshd'
+    def add_match(field, value)
+      match = "#{field.to_s.upcase}=#{value}"
+      rc = Native::sd_journal_add_match(@ptr, match, match.length)
+      raise JournalError.new(rc) if rc < 0
+    end
+
+    # Add an OR condition to the filter.  All previously added matches
+    # and any matches added afterwards will be OR-ed together.
+    # move_next or move_previous must be invoked after adding a match before
+    # attempting to read from the journal.
+    def add_disjunction
+      rc = Native::sd_journal_add_disjunction(@ptr)
+      raise JournalError.new(rc) if rc < 0
+    end
+
+    # Add an AND condition to the filter.  All previously added matches
+    # and any matches added afterwards will be AND-ed together.
+    # move_next or move_previous must be invoked after adding a match before
+    # attempting to read from the journal.
+    def add_conjunction
+      rc = Native::sd_journal_add_conjunction(@ptr)
+      raise JournalError.new(rc) if rc < 0
+    end
+
+    # remove all matches and conjunctions/disjunctions.
+    def clear_matches
+      Native::sd_journal_flush_matches(@ptr)
+    end
+
+    # @return the amount of disk usage in bytes used for systemd journal
+    #  files.  If Systemd::Journal::Flags::LOCAL_ONLY was passed when
+    # opening the journal,  this value will only reflect the size of journal
+    #files of the local host, otherwise of all hosts.
+    def disk_usage
+      size_ptr = FFI::MemoryPointer.new(:uint64)
+      rc = Native::sd_journal_get_usage(@ptr, size_ptr)
+
+      raise JournalError.new(rc) if rc < 0
+      size_ptr.read_uint64
+    end
+
+    private
+
+    def self.finalize(ptr)
+      proc{ Native::sd_journal_close(@ptr) unless @ptr.nil? }
+    end
+
+    def read_size_t(ptr)
+      case ptr.size
+      when 8
+        ptr.read_uint64
+      when 4
+        ptr.read_uint32
+      else
+        raise StandardError.new("Unhandled size_t size: #{ptr.size}")
+      end
+    end
+
+  end
+end

data/lib/systemd/journal_error.rb

@@ -0,0 +1,27 @@
+module Systemd
+  # This execption is raised whenever a sd_journal_* call returns an error.
+  class JournalError < StandardError
+
+    # Returns the (negated) error number.
+    attr_reader :code
+
+    # Instantiate a new JournalError based on the specified return code.
+    # `message` will be filled in by calling `strerror()` with the provided
+    # return code.
+    def initialize(code)
+      @code = -code
+      super(LIBC::strerror(@code))
+    end
+
+    private
+
+    # @private
+    module LIBC
+      extend FFI::Library
+      ffi_lib FFI::Library::LIBC
+
+      attach_function :strerror, [:int], :string
+    end
+
+  end
+end

data/lib/systemd-journal.rb

@@ -1,46 +1,2 @@
-module Systemd
-  module Journal
-
-    module FFI
-      require 'ffi'
-      extend ::FFI::Library
-      ffi_lib %w[libsystemd-journal.so libsystemd-journal.so.0]
-
-      attach_function :sd_journal_print,  [:int, :string], :int
-      attach_function :sd_journal_send,   [:varargs],      :int
-
-      def self.to_string_varargs(arr)
-        varargs = []
-
-        arr.each do |entry|
-          varargs << :string
-          varargs << entry
-        end
-
-        varargs << :string
-        varargs << nil
-      end
-    end
-
-    # log levels
-    LOG_EMERG     = 0
-    LOG_ALERT     = 1
-    LOG_CRIT      = 2
-    LOG_ERR       = 3
-    LOG_WARNING   = 4
-    LOG_NOTICE    = 5
-    LOG_INFO      = 6
-    LOG_DEBUG     = 7
-
-    def self.print(level, message)
-      FFI::sd_journal_print(level, message)
-    end
-
-    def self.message(details = {})
-      arr = details.collect { |k,v| "#{k}=#{v}" }
-      varargs = FFI::to_string_varargs(arr)
-      FFI::sd_journal_send(*varargs)
-    end
-
-  end
-end
+# included for backwards compatibility with older versions
+require 'systemd/journal'

data/systemd-journal.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'systemd/journal/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "systemd-journal"
+  gem.version       = Systemd::Journal::VERSION
+  gem.authors       = ["John Ledbetter", "Daniel Mack"]
+  gem.email         = ["john@throttle.io"]
+  gem.description   = %q{Provides the ability to navigate and read entries from the systemd journal in ruby, as well as write events to the journal.}
+  gem.summary       = %q{Ruby bindings to libsystemd-journal}
+  gem.homepage      = "https://github.com/ledbettj/systemd-journal"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'ffi', '~>1.9.0'
+end

metadata

@@ -1,58 +1,75 @@
 --- !ruby/object:Gem::Specification
 name: systemd-journal
 version: !ruby/object:Gem::Version
-  version: 0.0.2
-  prerelease: 
+  version: 0.1.0
 platform: ruby
 authors:
+- John Ledbetter
 - Daniel Mack
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-11-13 00:00:00.000000000 Z
+date: 2013-07-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ffi
-  requirement: &17329440 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 1.0.11
+        version: 1.9.0
   type: :runtime
   prerelease: false
-  version_requirements: *17329440
-description: ! 'This gem allows Ruby programs to interface with the journal, the structured
-  logging system of systemd. '
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.9.0
+description: Provides the ability to navigate and read entries from the systemd journal
+  in ruby, as well as write events to the journal.
 email:
-- systemd@zonque.org
+- john@throttle.io
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- examples/journal_directory.rb
+- examples/ssh_watcher.rb
 - lib/systemd-journal.rb
-homepage: http://github.com/zonque/systemd-journal.gem
+- lib/systemd/journal.rb
+- lib/systemd/journal/compat.rb
+- lib/systemd/journal/flags.rb
+- lib/systemd/journal/native.rb
+- lib/systemd/journal/version.rb
+- lib/systemd/journal_error.rb
+- systemd-journal.gemspec
+homepage: https://github.com/ledbettj/systemd-journal
 licenses: []
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 2.0.5
 signing_key: 
-specification_version: 3
-summary: Ruby interface for systemds journal
+specification_version: 4
+summary: Ruby bindings to libsystemd-journal
 test_files: []
+has_rdoc: