diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:34:10 +0000 |
commit | e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc (patch) | |
tree | 68cb5ef9081156392f1dd62a00c6ccc1451b93df /doc/sdjournal.adoc | |
parent | Initial commit. (diff) | |
download | wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.tar.xz wireshark-e4ba6dbc3f1e76890b22773807ea37fe8fa2b1bc.zip |
Adding upstream version 4.2.2.upstream/4.2.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/sdjournal.adoc')
-rw-r--r-- | doc/sdjournal.adoc | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/doc/sdjournal.adoc b/doc/sdjournal.adoc new file mode 100644 index 00000000..bf9a3689 --- /dev/null +++ b/doc/sdjournal.adoc @@ -0,0 +1,132 @@ +include::../docbook/attributes.adoc[] += sdjournal(1) +:doctype: manpage +:stylesheet: ws.css +:linkcss: +:copycss: ../docbook/{stylesheet} + +== NAME + +sdjournal - Provide an interface to capture systemd journal entries. + +== SYNOPSIS + +[manarg] +*sdjournal* +[ *--help* ] +[ *--version* ] +[ *--extcap-interfaces* ] +[ *--extcap-dlts* ] +[ *--extcap-interface*=<interface> ] +[ *--extcap-config* ] +[ *--capture* ] +[ *--fifo*=<path to file or pipe> ] +[ *--start-from*=<entry count> ] + +== DESCRIPTION + +*sdjournal* is an extcap tool that allows one to capture systemd +journal entries. It can be used to correlate system events with +network traffic. + +Supported interfaces: + +1. sdjournal + +== OPTIONS + +--help:: +Print program arguments. + +--version:: +Print program version. + +--extcap-interfaces:: +List available interfaces. + +--extcap-interface=<interface>:: +Use specified interfaces. + +--extcap-dlts:: +List DLTs of specified interface. + +--extcap-config:: +List configuration options of specified interface. + +--capture:: +Start capturing from specified interface and write raw packet data to the location specified by --fifo. + +--fifo=<path to file or pipe>:: +Save captured packet to file or send it through pipe. + +--start-from=<entry count>:: ++ +-- +Start from the last <entry count> entries, similar to the +"-n" or "--lines" argument for the tail(1) command. Values prefixed +with a *+* sign start from the beginning of the journal, otherwise +the count starts from the end. The default value is 10. To include +all entries use *+0*. +-- + +== EXAMPLES + +To see program arguments: + + sdjournal --help + +To see program version: + + sdjournal --version + +To see interfaces: + + sdjournal --extcap-interfaces + +Only one interface (sdjournal) is supported. + +.Example output + interface {value=sdjournal}{display=systemd journal capture} + +To see interface DLTs: + + sdjournal --extcap-interface=sdjournal --extcap-dlts + +.Example output + dlt {number=147}{name=sdjournal}{display=USER0} + +To see interface configuration options: + + sdjournal --extcap-interface=sdjournal --extcap-config + +.Example output + arg {number=0}{call=--start-from}{display=Starting position}{type=string} + {tooltip=The journal starting position. Values with a leading "+" start from the beginning, similar to the "tail" command} + +To capture: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture + +To capture all entries since the system was booted: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture --start-from +0 + +NOTE: To stop capturing CTRL+C/kill/terminate the application. + +== SEE ALSO + +xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1) + +== NOTES + +*sdjournal* is part of the *Wireshark* distribution. The latest version +of *Wireshark* can be found at https://www.wireshark.org. + +HTML versions of the Wireshark project man pages are available at +https://www.wireshark.org/docs/man-pages. + +== AUTHORS + +.Original Author +[%hardbreaks] +Gerald Combs <gerald[AT]wireshark.org> |