1SDJOURNAL(1)            The Wireshark Network Analyzer            SDJOURNAL(1)
2
3
4

NAME

6       sdjournal - Provide an interface to capture systemd journal entries.
7

SYNOPSIS

9       sdjournal [ --help ] [ --version ] [ --extcap-interfaces ]
10       [ --extcap-dlts ] [ --extcap-interface=<interface> ]
11       [ --extcap-config ] [ --capture ] [ --fifo=<path to file or pipe> ]
12       [ --start-from=<entry count> ]
13

DESCRIPTION

15       sdjournal is an extcap tool that allows one to capture systemd journal
16       entries. It can be used to correlate system events with network
17       traffic.
18
19       Supported interfaces:
20
21       1. sdjournal
22

OPTIONS

24       --help
25           Print program arguments.
26
27       --version
28           Print program version.
29
30       --extcap-interfaces
31           List available interfaces.
32
33       --extcap-interface=<interface>
34           Use specified interfaces.
35
36       --extcap-dlts
37           List DLTs of specified interface.
38
39       --extcap-config
40           List configuration options of specified interface.
41
42       --capture
43           Start capturing from specified interface and write raw packet data
44           to the location specified by --fifo.
45
46       --fifo=<path to file or pipe>
47           Save captured packet to file or send it through pipe.
48
49       --start-from=<entry count>
50           Start from the last <entry count> entries, similar to the "-n" or
51           "--lines" argument for the tail(1) command. Values prefixed with a
52           + sign start from the beginning of the journal, otherwise the count
53           starts from the end. The default value is 10. To include all
54           entries use +0.
55

EXAMPLES

57       To see program arguments:
58
59           sdjournal --help
60
61       To see program version:
62
63           sdjournal --version
64
65       To see interfaces:
66
67           sdjournal --extcap-interfaces
68
69       Only one interface (sdjournal) is supported.
70
71         Output:
72           interface {value=sdjournal}{display=systemd journal capture}
73
74       To see interface DLTs:
75
76           sdjournal --extcap-interface=sdjournal --extcap-dlts
77
78         Output:
79           dlt {number=147}{name=sdjournal}{display=USER0}
80
81       To see interface configuration options:
82
83           sdjournal --extcap-interface=sdjournal --extcap-config
84
85         Output:
86
87           arg {number=0}{call=--start-from}{display=Starting position}{type=string}
88               {tooltip=The journal starting position. Values with a leading "+" start from the beginning, similar to the "tail" command}
89
90       To capture:
91
92           sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture
93
94       To capture all entries since the system was booted:
95
96           sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture --start-from +0
97
98       NOTE: To stop capturing CTRL+C/kill/terminate application.
99

SEE ALSO

101       wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1)
102

NOTES

104       sdjournal is part of the Wireshark distribution.  The latest version of
105       Wireshark can be found at <https://www.wireshark.org>.
106
107       HTML versions of the Wireshark project man pages are available at:
108       <https://www.wireshark.org/docs/man-pages>.
109

AUTHORS

111         Original Author
112         -------- ------
113         Gerald Combs             <gerald[AT]wireshark.org>
114
115
116
1173.4.4                             2021-03-16                      SDJOURNAL(1)
Impressum