systemd-journald support ? - Githubissues

snovvcrash / usbrip

Tracking history of USB events on GNU/Linux

https://habr.com/ru/post/352254/

GNU General Public License v3.0

1.15k stars 109 forks source link

systemd-journald support ? #15

Closed solsticedhiver closed 5 years ago

solsticedhiver commented 5 years ago

That seems a nce piece of software.

But all my machine are using systemd-journald nowayday, like some of us.

snovvcrash commented 5 years ago

Thanks for the kind words. I am afraid I'm not able to provide full compatibility with journald for now, but I have updated README.md where you could find some tricks how to deal with journalctl output in terms of usbrip support.

snovvcrash commented 5 years ago

Well, actually I decided to add slight out-of-the-box support for journalctl users. You could take a look at the update.

solsticedhiver commented 5 years ago

May be you want to use the -o short-iso-precise option of journalctl ? There is no need to use a locale then.

I tried usbrip with your change and the year is printed as ????.

snovvcrash commented 5 years ago

That's because journalctl gives non-precise timestamps by default. Thanks, I'll try these options and upload a fix tonight.

solsticedhiver commented 5 years ago

something like this:

diff --git a/usbrip/lib/core/usbevents.py b/usbrip/lib/core/usbevents.py
index 75032cf..91e51e9 100644
--- a/usbrip/lib/core/usbevents.py
+++ b/usbrip/lib/core/usbevents.py
@@ -83,7 +83,7 @@ class USBEvents:
                try:
                        child_env = os.environ.copy()
                        child_env['LANG'] = 'en_US.utf-8'
-                       journalctl_out = check_output(['journalctl'], env=child_env).decode('utf-8')
+                       journalctl_out = check_output(['journalctl', '-o', 'short-iso-precise'], env=child_env).decode('utf-8')

                        if '-- Logs begin at' in journalctl_out:
                                filtered_history = _read_log_file(None, log=StringIO(journalctl_out))
@@ -347,7 +347,7 @@ def _read_log_file(filename, log=None):
                if regex.search(line):
                        # Case 1 -- Modified Timestamp ("%Y-%m-%dT%H:%M:%S.%f%z")

-                       date = line[:32]
+                       date = line[:32].strip()
                        if date.count(':') > 2:
                                date = ''.join(line[:32].rsplit(':', 1))  # rreplace(':', '', 1) to remove the last ':' from "2019-08-09T06:15:49.655261-04:00" timestamp if there is one

snovvcrash commented 5 years ago

Fixed it.

solsticedhiver commented 5 years ago

may be update the readme.md again ?

snovvcrash commented 5 years ago

Did it yesterday, thanks.

solsticedhiver commented 5 years ago

I mean, how the tip to use the blog instructions of the russian hacker relevant, now ? given, it's working out-of-the-box ....

Beside, that russian hacker did not read the man page of journalctl because you don't need to do what is saying when simply using -o short-iso-precise is enough, right ?

I would say:

So far, I have provided slight compatibility with the journald demon out-of-the-box. If you need to export the journalctl log to a file, use the-o short-iso-preciseoption to get precise timestamp for complete usbrip compatibility. More tips in russian at [blog url]