Skip to main content

Crate sdjournal

Crate sdjournal 

Source
Expand description

sdjournal is a pure Rust systemd journal reader and query engine.

It opens *.journal files directly and does not depend on libsystemd or invoke journalctl.

§Platform

This crate targets Linux journal files. Non-Linux builds are supported for compilation, but Journal::open_default is Linux-only because it depends on the standard journal locations.

§Feature Flags

  • mmap (default): use memory mapping when safe to do so for journal file reads.
  • lz4 (default): enable LZ4-compressed DATA payload decoding.
  • zstd (default): enable Zstandard-compressed DATA payload decoding.
  • xz: enable XZ-compressed DATA payload decoding.
  • tokio: enable [JournalQuery::follow_tokio] and [TokioFollow].
  • tracing: emit diagnostics via the tracing ecosystem.
  • verify-seal: enable [Journal::verify_seal] for Forward Secure Sealing verification.

§Main Types

  • Journal opens one or more journal roots and deduplicates journal files.
  • JournalQuery builds filters, time bounds, cursor resumes, and follow streams.
  • EntryRef exposes zero-copy entry views when possible.
  • EntryOwned detaches an entry for storage, async use, or cross-thread transfer.
  • Cursor provides checkpoint and resume tokens.
  • Follow blocks while tailing new matching entries.

§Quick Start

use sdjournal::Journal;

let journal = Journal::open_default()?;
let mut query = journal.query();
query.match_exact("_SYSTEMD_UNIT", b"sshd.service");
query.since_realtime(0);

for item in query.iter()? {
    let entry = item?;
    if let Some(message) = entry.get("MESSAGE") {
        println!("{}", String::from_utf8_lossy(message));
    }
}

Structs§

Cursor
Opaque cursor for checkpointing and resuming journal iteration.
EntryOwned
An owned journal entry, suitable for caching, cross-thread use, or async contexts.
EntryRef
A zero-copy entry view, backed by journal file storage (mmap) when possible.
Follow
A blocking follow/tail iterator.
Journal
An opened set of journal files.
JournalConfig
Runtime configuration for crate::Journal.
JournalQuery
A query builder for reading entries from a Journal.

Enums§

SdJournalError
A structured error type for journal operations.

Type Aliases§

Result
Result type used by this crate.