On Mon, Sep 4, 2023 at 5:35 PM Etienne Doms <etienne.doms@xxxxxxxxx> wrote:
Hi,
I have some embedded systems in the wild, not connected to anything,
on which you can push a button "something went wrong, create a dump".
Then later I can fetch the said dump and inspect it.
I'd like to include the whole journal, for the current boot, in a
binary format so that I can later do "journalctl --file
path/to/journal-dump.bin" from another machine. I understand that
internally everything is stored in /var/log/journal/<machine-id>, but
I guess that I cannot blindly tar/cp the .journal files, since this
would be racy.
So, is there an API to safely dump a big ".journal" file containing a
snapshot of "journalctl -b"? I could not find anything in the
documentation, sorry in advance if I missed something obvious.
Run `journalctl --rotate` (or send a SIGUSR2). All "rotated" .journal files (containing an '@' in their name) are offline and can be copied.
For now I just dump it with "-o json" which is fine, but then I cannot
feed another journalctl with the given json, and need to do manual
filtering.
If you dump with `-o export` instead (or convert the JSON to the export format), you can later feed the dump into systemd-journal-remote(8) (which is somewhere in /lib/systemd) to import it back into a .journal file.
--
Mantas Mikulėnas
