traced_probes: Add linux.journald data source (1/3)#5796
Conversation
staticfloat
force-pushed
the
sf/journald-part-1
branch
2 times, most recently
from
ebf663a to
aaf3540
Compare
|
I also see that CI is unhappy with me because I added this |
staticfloat
force-pushed
the
sf/journald-part-1
branch
2 times, most recently
from
ea67497 to
ad3b71d
Compare
You just need to update the BUILD.gn to add a reference to the protos targbet. You're missing that right now. |
staticfloat
force-pushed
the
sf/journald-part-1
branch
from
ad3b71d to
8c81e6f
Compare
|
Hmmm, the anonymous namespace is fighting the fact that I have a persistent |
staticfloat
force-pushed
the
sf/journald-part-1
branch
from
8c81e6f to
560fc30
Compare
staticfloat
force-pushed
the
sf/journald-part-1
branch
from
560fc30 to
e93f2b9
Compare
Add a new `linux.journald` data source to `traced_probes` that reads log
entries from the systemd journal via `libsystemd`. The library is loaded
at runtime via dlopen("libsystemd.so.0") so there is no compile-time
dependency on libsystemd.
New protos:
- `JournaldConfig` in `protos/perfetto/config/linux/journald_config.proto`
- `JournaldEventPacket` in `protos/perfetto/trace/linux/journald_event.proto`
The data source opens the journal with sd_journal_open(), and emits one
JournaldEventPacket per entry containing: timestamp, pid, priority,
tag, message, uid, comm, systemd_unit, hostname and transport.
staticfloat
force-pushed
the
sf/journald-part-1
branch
from
e93f2b9 to
c13bac7
Compare
|
Still LGTM |
sashwinbalaji
left a comment
sashwinbalaji
left a comment
There was a problem hiding this comment.
I'm not that familiar with journald, so please use your best judgement on these.
Also feel free to resolve anything that doesn't make sense as just flagging things that looked a bit off to me.
| } | ||
| } | ||
|
|
||
| std::string JournaldDataSource::GetField(const char* field) { |
There was a problem hiding this comment.
maybe need to benchmark would a single sd_journal_enumerate_data be better than these many separate sd_journal_get_data calls ?
https://man7.org/linux/man-pages/man3/sd_journal_enumerate_data.3.html
|
|
||
| JournaldDataSource::~JournaldDataSource() { | ||
| if (journal_ && sd_) { | ||
| task_runner_->RemoveFileDescriptorWatch(sd_->get_fd(journal_)); |
There was a problem hiding this comment.
it's possibe AddFileDescriptotWatch was never invoked due to early return by SD_CHECKs which can on a debug build might result in crash as we have PERFETTO_DCHECK(watch_tasks_.count(fd));
| weak->OnJournalReadable(); | ||
| }); | ||
|
|
||
| // Drain once after seek_tail(). sd_journal_next() returns 0 immediately |
There was a problem hiding this comment.
I think there's a small race here worth a look.
If journald writes a new entry between previous() above and this loop, next() returns 1, the cursor moves onto that entry, and the empty loop body drops it.
OnJournalReadable can only run after this function is completed, so when it runs next() returns 0 because we're already past it, so that entry never makes it into the trace.
Probably rare but I dont have much info on journald so would ask you to consider once.
3 participants
Add a new linux.journald data source to traced_probes that reads log entries from the systemd journal via libsystemd. The library is loaded at runtime via dlopen("libsystemd.so.0") so there is no compile-time dependency on libsystemd.
This adds a few new protos to configure and store the journald events. It creates a data source registered under the name 'linux.journald', opens the journal with
sd_journal_open(), and emits oneJournaldEventPacketper entry containing: timestamp, pid, priority, tag (SYSLOG_IDENTIFIER), message (MESSAGE), uid, comm (_COMM), systemd_unit (_SYSTEMD_UNIT), hostname (_HOSTNAME), and transport (_TRANSPORT). It by default captures from every journal it has access to, so it will include both system and user journals if running asroot, for instance.This is part 1 of a split-up version of #5331 and will close #3288.
This PR was co-written by AI; while I iterated on it until the look and feel felt correct, there may be context or use cases that I am unaware of. I am open to all review comments, and will do my best to address them.