1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
Codex is GPLv3 licensed software
Copyright 2019 Vito Caputo <vcaputo@pengaru.com>
----
This blurb comes from the initial commit message:
!!! This code is a very quick hack I made in an evening of
!!! inspired curiosity, the code should be considered of junk
!!! quality.
Codex aspires to be a read-only FUSE interface to the journal
provided by systemd.
At this point it only implements simple reading of the journal
through a single match filter selected via filesystem path.
With codex mounting the journal @ /mnt, you can see what
fields are available for matching against via:
`ls /mnt/by-field`
This returns a list of fields as directories, which you can then
list the contents of to see all the unique values present for the
repsective field, returned as regular files:
`ls /mnt/by-field/UNIT`
Then by reading one of the returned files, you read the contents
of the journal filtered on the respective field and value, e.g.:
`cat /mnt/by-field/UNIT/apt-daily.timer`
and you'll get a stream of all the data in the journal with a
filter of UNIT=apt-daily.timer
With some work, this could be made more advanced supporting
combined filters, perhaps in the form of:
`cat /mnt/by-field/UNIT/apt-daily.timer/and/by-field/PRIORITY/3/all`
As-is, the path by-field/UNIT/apt-daily.timer is a regular file,
so no such constructions are possible. But if it were changed to
be another directory, where you can select further matches by
traversing yet another and/by-field subpath, where all the fields
are available (or maybe only the matching subset of fields if
feasible), then more complex uses could be satisfied. Imagine
or/by-field and and/by-field being available under every value's
directory.
Note this commit includes a barely functioning PoC. It is not
intended for production, but you can already use it to navigate
journals in a way I find more pleasant than journalctl.
I think it'd be great to have a tool like this built out with all
the bells and whistles. It may make sense to roll something
similar into journalctl like `journalctl --mount /mnt/point`.
----
To build simply run:
$ ./bootstrap
$ mkdir build
$ cd build
$ ../configure && make
Execution is easy, but does require root to access your system journals:
$ sudo src/codex -o direct_io -f -s /mnt
Now you should have your structured journal contents accessible @ /mnt, where
you can poke around them using your favorite shell or file browser.
If you find yourself with a leaked FUSE mount or something, this usually cleans
it up:
$ sudo fusermount -u /mnt
|
