Skip to main content

Crate sdjournal

Crate sdjournal 

Source
Expand description

sdjournal is a pure Rust systemd journal reader and query engine.

It opens *.journal files directly and does not depend on libsystemd or invoke journalctl.

§Platform

This crate targets Linux journal files. Non-Linux builds are supported for compilation, but Journal::open_default is Linux-only because it depends on the standard journal locations.

§Feature Flags

  • mmap (default): use memory mapping when safe to do so for journal file reads.
  • lz4 (default): enable LZ4-compressed DATA payload decoding.
  • zstd (default): enable Zstandard-compressed DATA payload decoding.
  • xz: enable XZ-compressed DATA payload decoding.
  • tokio: enable [LiveSubscription::into_tokio] and [TokioSubscription].
  • tracing: emit diagnostics via the tracing ecosystem.
  • verify-seal: enable [Journal::verify_seal] for Forward Secure Sealing verification.

§Main Types

  • Journal opens one or more journal roots and deduplicates journal files.
  • JournalQuery builds historical filters, time bounds, and cursor resumes.
  • EntryRef exposes zero-copy entry views when possible.
  • EntryOwned detaches an entry for storage, async use, or cross-thread transfer.
  • LiveEntry is the shared live-delivery wrapper used by subscriptions.
  • Cursor provides checkpoint and resume tokens.
  • LiveJournal shares one live tail engine across multiple subscriptions.
  • LiveSubscription receives shared live entries dispatched by the live engine.

§Quick Start

use sdjournal::Journal;

let journal = Journal::open_default()?;
let mut query = journal.query();
query.match_exact("_SYSTEMD_UNIT", b"sshd.service");
query.since_realtime(0);

for item in query.iter()? {
    let entry = item?;
    if let Some(message) = entry.get("MESSAGE") {
        println!("{}", String::from_utf8_lossy(message));
    }
}

Structs§

Cursor
Opaque cursor for checkpointing and resuming journal iteration.
EntryOwned
An owned journal entry, suitable for caching, cross-thread use, or async contexts.
EntryRef
A zero-copy entry view, backed by journal file storage (mmap) when possible.
Journal
An opened set of journal files.
JournalConfig
Runtime configuration for crate::Journal.
JournalQuery
A query builder for reading entries from a Journal.
LiveEntry
A shared live entry delivered by crate::LiveSubscription.
LiveFilter
In-memory filter builder for live subscriptions.
LiveJournal
Shared live journal engine for multi-subscription tailing.
LiveOrGroupBuilder
Builder used inside LiveFilter::or_group.
LiveSubscription
Receiving end of a live subscription.
SubscriptionOptions
Options for LiveJournal subscriptions.

Enums§

SdJournalError
A structured error type for journal operations.

Type Aliases§

Result
Result type used by this crate.