From c4e8a3222648fcf22ca207f1815ebbf7cd144eeb Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 19 Sep 2024 06:14:26 +0200 Subject: Adding upstream version 4.4.0. Signed-off-by: Daniel Baumann --- doc/man_pages/sdjournal.adoc | 132 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 doc/man_pages/sdjournal.adoc (limited to 'doc/man_pages/sdjournal.adoc') diff --git a/doc/man_pages/sdjournal.adoc b/doc/man_pages/sdjournal.adoc new file mode 100644 index 00000000..d8736704 --- /dev/null +++ b/doc/man_pages/sdjournal.adoc @@ -0,0 +1,132 @@ +include::../attributes.adoc[] += sdjournal(1) +:doctype: manpage +:stylesheet: ws.css +:linkcss: +:copycss: {css_dir}/{stylesheet} + +== NAME + +sdjournal - Provide an interface to capture systemd journal entries. + +== SYNOPSIS + +[manarg] +*sdjournal* +[ *--help* ] +[ *--version* ] +[ *--extcap-interfaces* ] +[ *--extcap-dlts* ] +[ *--extcap-interface*= ] +[ *--extcap-config* ] +[ *--capture* ] +[ *--fifo*= ] +[ *--start-from*= ] + +== DESCRIPTION + +*sdjournal* is an extcap tool that allows one to capture systemd +journal entries. It can be used to correlate system events with +network traffic. + +Supported interfaces: + +1. sdjournal + +== OPTIONS + +--help:: +Print program arguments. + +--version:: +Print program version. + +--extcap-interfaces:: +List available interfaces. + +--extcap-interface=:: +Use specified interfaces. + +--extcap-dlts:: +List DLTs of specified interface. + +--extcap-config:: +List configuration options of specified interface. + +--capture:: +Start capturing from specified interface and write raw packet data to the location specified by --fifo. + +--fifo=:: +Save captured packet to file or send it through pipe. + +--start-from=:: ++ +-- +Start from the last entries, similar to the +"-n" or "--lines" argument for the tail(1) command. Values prefixed +with a *+* sign start from the beginning of the journal, otherwise +the count starts from the end. The default value is 10. To include +all entries use *+0*. +-- + +== EXAMPLES + +To see program arguments: + + sdjournal --help + +To see program version: + + sdjournal --version + +To see interfaces: + + sdjournal --extcap-interfaces + +Only one interface (sdjournal) is supported. + +.Example output + interface {value=sdjournal}{display=systemd journal capture} + +To see interface DLTs: + + sdjournal --extcap-interface=sdjournal --extcap-dlts + +.Example output + dlt {number=147}{name=sdjournal}{display=USER0} + +To see interface configuration options: + + sdjournal --extcap-interface=sdjournal --extcap-config + +.Example output + arg {number=0}{call=--start-from}{display=Starting position}{type=string} + {tooltip=The journal starting position. Values with a leading "+" start from the beginning, similar to the "tail" command} + +To capture: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture + +To capture all entries since the system was booted: + + sdjournal --extcap-interface=sdjournal --fifo=/tmp/sdjournal.pcap --capture --start-from +0 + +NOTE: To stop capturing CTRL+C/kill/terminate the application. + +== SEE ALSO + +xref:wireshark.html[wireshark](1), xref:tshark.html[tshark](1), xref:dumpcap.html[dumpcap](1), xref:extcap.html[extcap](4), xref:https://www.tcpdump.org/manpages/tcpdump.1.html[tcpdump](1) + +== NOTES + +*sdjournal* is part of the *Wireshark* distribution. The latest version +of *Wireshark* can be found at https://www.wireshark.org. + +HTML versions of the Wireshark project man pages are available at +https://www.wireshark.org/docs/man-pages. + +== AUTHORS + +.Original Author +[%hardbreaks] +Gerald Combs -- cgit v1.2.3