'\" t .\" Title: sdjournal .\" Author: [see the "AUTHOR(S)" section] .\" Generator: Asciidoctor 2.0.18 .\" Date: 2023-11-17 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "SDJOURNAL" "1" "2023-11-17" "\ \&" "\ \&" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 .nh .ad l .de URL \fI\\$2\fP <\\$1>\\$3 .. .als MTO URL .if \n[.g] \{\ . mso www.tmac . am URL . ad l . . . am MTO . ad l . . . LINKSTYLE blue R < > .\} .SH "NAME" sdjournal \- Provide an interface to capture systemd journal entries. .SH "SYNOPSIS" .sp \fBsdjournal\fP [\~\fB\-\-help\fP\~] [\~\fB\-\-version\fP\~] [\~\fB\-\-extcap\-interfaces\fP\~] [\~\fB\-\-extcap\-dlts\fP\~] [\~\fB\-\-extcap\-interface\fP=\~] [\~\fB\-\-extcap\-config\fP\~] [\~\fB\-\-capture\fP\~] [\~\fB\-\-fifo\fP=\~] [\~\fB\-\-start\-from\fP=\~] .SH "DESCRIPTION" .sp \fBsdjournal\fP is an extcap tool that allows one to capture systemd journal entries. It can be used to correlate system events with network traffic. .sp Supported interfaces: .sp .RS 4 .ie n \{\ \h'-04' 1.\h'+01'\c .\} .el \{\ . sp -1 . IP " 1." 4.2 .\} sdjournal .RE .SH "OPTIONS" .sp \-\-help .RS 4 .sp Print program arguments. .RE .sp \-\-version .RS 4 .sp Print program version. .RE .sp \-\-extcap\-interfaces .RS 4 .sp List available interfaces. .RE .sp \-\-extcap\-interface= .RS 4 .sp Use specified interfaces. .RE .sp \-\-extcap\-dlts .RS 4 .sp List DLTs of specified interface. .RE .sp \-\-extcap\-config .RS 4 .sp List configuration options of specified interface. .RE .sp \-\-capture .RS 4 .sp Start capturing from specified interface and write raw packet data to the location specified by \-\-fifo. .RE .sp \-\-fifo= .RS 4 .sp Save captured packet to file or send it through pipe. .RE .sp \-\-start\-from= .RS 4 .sp Start from the last entries, similar to the "\-n" or "\-\-lines" argument for the tail(1) command. Values prefixed with a \fB+\fP sign start from the beginning of the journal, otherwise the count starts from the end. The default value is 10. To include all entries use \fB+0\fP. .RE .SH "EXAMPLES" .sp To see program arguments: .sp .if n .RS 4 .nf .fam C sdjournal \-\-help .fam .fi .if n .RE .sp To see program version: .sp .if n .RS 4 .nf .fam C sdjournal \-\-version .fam .fi .if n .RE .sp To see interfaces: .sp .if n .RS 4 .nf .fam C sdjournal \-\-extcap\-interfaces .fam .fi .if n .RE .sp Only one interface (sdjournal) is supported. .sp .B Example output .br .sp .if n .RS 4 .nf .fam C interface {value=sdjournal}{display=systemd journal capture} .fam .fi .if n .RE .sp To see interface DLTs: .sp .if n .RS 4 .nf .fam C sdjournal \-\-extcap\-interface=sdjournal \-\-extcap\-dlts .fam .fi .if n .RE .sp .B Example output .br .sp .if n .RS 4 .nf .fam C dlt {number=147}{name=sdjournal}{display=USER0} .fam .fi .if n .RE .sp To see interface configuration options: .sp .if n .RS 4 .nf .fam C sdjournal \-\-extcap\-interface=sdjournal \-\-extcap\-config .fam .fi .if n .RE .sp .B Example output .br .sp .if n .RS 4 .nf .fam C arg {number=0}{call=\-\-start\-from}{display=Starting position}{type=string} {tooltip=The journal starting position. Values with a leading "+" start from the beginning, similar to the "tail" command} .fam .fi .if n .RE .sp To capture: .sp .if n .RS 4 .nf .fam C sdjournal \-\-extcap\-interface=sdjournal \-\-fifo=/tmp/sdjournal.pcap \-\-capture .fam .fi .if n .RE .sp To capture all entries since the system was booted: .sp .if n .RS 4 .nf .fam C sdjournal \-\-extcap\-interface=sdjournal \-\-fifo=/tmp/sdjournal.pcap \-\-capture \-\-start\-from +0 .fam .fi .if n .RE .if n .sp .RS 4 .it 1 an-trap .nr an-no-space-flag 1 .nr an-break-flag 1 .br .ps +1 .B Note .ps -1 .br .sp To stop capturing CTRL+C/kill/terminate the application. .sp .5v .RE .SH "SEE ALSO" .sp wireshark(1), tshark(1), dumpcap(1), extcap(4), tcpdump(1) .SH "NOTES" .sp \fBsdjournal\fP is part of the \fBWireshark\fP distribution. The latest version of \fBWireshark\fP can be found at \c .URL "https://www.wireshark.org" "" "." .sp HTML versions of the Wireshark project man pages are available at .URL "https://www.wireshark.org/docs/man\-pages" "" "." .SH "AUTHORS" .sp .B Original Author .br Gerald Combs