Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Display Filter Reference: systemd Journal Entry

Protocol field name: systemd_journal

Versions: 3.0.0 to 4.2.4

Back to Display Filter Reference

Field name Description Type Versions
systemd_journal.audit_field_apparmorAudit field AppArmorCharacter string3.0.0 to 4.2.4
systemd_journal.audit_field_nameAudit field nameCharacter string3.0.0 to 4.2.4
systemd_journal.audit_field_operationAudit field operationCharacter string3.0.0 to 4.2.4
systemd_journal.audit_field_profileAudit field profileCharacter string3.0.0 to 4.2.4
systemd_journal.audit_idAudit IDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.audit_loginuidAudit login UIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.audit_sessionAudit sessionUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.audit_typeAudit typeUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.availableAvailableUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.available_prettyHuman readable availableCharacter string3.0.0 to 4.2.4
systemd_journal.binary_data_lenBinary data lengthUnsigned integer (64 bits)3.0.0 to 4.2.4
systemd_journal.boot_idBoot IDCharacter string3.0.0 to 4.2.4
systemd_journal.cap_effectiveEffective capabilityCharacter string3.0.0 to 4.2.4
systemd_journal.cmdlineCommand lineCharacter string3.0.0 to 4.2.4
systemd_journal.code_fileCode fileCharacter string3.0.0 to 4.2.4
systemd_journal.code_funcCode funcCharacter string3.0.0 to 4.2.4
systemd_journal.code_lineCode lineUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.commCommand nameCharacter string3.0.0 to 4.2.4
systemd_journal.coredump_unitCoredump unitCharacter string3.0.0 to 4.2.4
systemd_journal.coredump_user_unitCoredump user unitCharacter string3.0.0 to 4.2.4
systemd_journal.current_useCurrent useUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.current_use_prettyHuman readable current useCharacter string3.0.0 to 4.2.4
systemd_journal.cursorCursorCharacter string3.0.0 to 4.2.4
systemd_journal.disk_availableDisk availableUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.disk_available_prettyHuman readable disk availableCharacter string3.0.0 to 4.2.4
systemd_journal.disk_keep_freeDisk keep freeUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.disk_keep_free_prettyHuman readable disk keep freeCharacter string3.0.0 to 4.2.4
systemd_journal.errnoErrnoSigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.exeExecutable pathCharacter string3.0.0 to 4.2.4
systemd_journal.fieldUnknown fieldLabel3.0.0 to 4.2.4
systemd_journal.field.dataField dataCharacter string3.0.0 to 4.2.4
systemd_journal.field.nameField nameCharacter string3.0.0 to 4.2.4
systemd_journal.field.valueField valueCharacter string3.0.0 to 4.2.4
systemd_journal.gidGIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.hostnameHostnameCharacter string3.0.0 to 4.2.4
systemd_journal.job_resultJob resultCharacter string3.0.0 to 4.2.4
systemd_journal.job_typeJob typeCharacter string3.0.0 to 4.2.4
systemd_journal.journal_nameJournal nameCharacter string3.0.0 to 4.2.4
systemd_journal.journal_pathJournal pathCharacter string3.0.0 to 4.2.4
systemd_journal.kernel_deviceKernel deviceCharacter string3.0.0 to 4.2.4
systemd_journal.kernel_subsystemKernel subsystemCharacter string3.0.0 to 4.2.4
systemd_journal.kernel_usecKernel microsecondsTime offset3.0.0 to 4.2.4
systemd_journal.leaderLeaderUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.limitLimitUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.limit_prettyHuman readable limitCharacter string3.0.0 to 4.2.4
systemd_journal.line_breakLine breakCharacter string3.0.0 to 4.2.4
systemd_journal.machine_idMachine IDCharacter string3.0.0 to 4.2.4
systemd_journal.max_useMax useUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.max_use_prettyHuman readable max useCharacter string3.0.0 to 4.2.4
systemd_journal.messageMessageCharacter string3.0.0 to 4.2.4
systemd_journal.message_idMessage IDCharacter string3.0.0 to 4.2.4
systemd_journal.monotonic_timestampMonotonic TimestampTime offset3.0.0 to 4.2.4
systemd_journal.nonbinary_fieldField shouldn't be binaryLabel3.0.0 to 4.2.4
systemd_journal.object_audit_loginuidObject audit login UIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_audit_sessionObject audit sessionUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_cap_effectiveObject effective capabilityUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_cmdlineObject command lineCharacter string3.0.0 to 4.2.4
systemd_journal.object_commObject command nameCharacter string3.0.0 to 4.2.4
systemd_journal.object_exeObject executable pathCharacter string3.0.0 to 4.2.4
systemd_journal.object_gidObject GIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_pidObject PIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_selinux_contextObject SELinux contextCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_cgroupObject systemd cgroupCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_invocation_idObject systemd invocation IDCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_owner_uidObject systemd owner UIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_systemd_sessionObject systemd sessionUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.object_systemd_sliceObject systemd sliceCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_unitObject systemd unitCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_user_sliceObject systemd user sliceCharacter string3.0.0 to 4.2.4
systemd_journal.object_systemd_user_unitObject systemd user unitCharacter string3.0.0 to 4.2.4
systemd_journal.object_uidObject UIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.pidPIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.priorityPriorityUnsigned integer (8 bits)3.0.0 to 4.2.4
systemd_journal.realtime_timestampRealtime TimestampDate and time3.0.0 to 4.2.4
systemd_journal.resultResultCharacter string3.0.0 to 4.2.4
systemd_journal.seat_idSeat IDCharacter string3.0.0 to 4.2.4
systemd_journal.selinux_contextSELinux contextCharacter string3.0.0 to 4.2.4
systemd_journal.session_idSession IDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.source_monotonic_timestampSource monotonic timestampTime offset3.0.0 to 4.2.4
systemd_journal.source_realtime_timestampSource realtime timestampDate and time3.0.0 to 4.2.4
systemd_journal.stream_idStream IDCharacter string3.0.0 to 4.2.4
systemd_journal.syslog_facilitySyslog facilityUnsigned integer (8 bits)3.0.0 to 4.2.4
systemd_journal.syslog_idSyslog identifierCharacter string3.0.0 to 4.2.4
systemd_journal.syslog_pidSyslog PIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.systemd_cgroupSystemd cgroupCharacter string3.0.0 to 4.2.4
systemd_journal.systemd_invocation_idSystemd invocation IDCharacter string3.0.0 to 4.2.4
systemd_journal.systemd_owner_uidSystemd owner UIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.systemd_sessionSystemd sessionUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.systemd_sliceSystemd sliceCharacter string3.0.0 to 4.2.4
systemd_journal.systemd_unitSystemd unitCharacter string3.0.0 to 4.2.4
systemd_journal.systemd_user_sliceSystemd user sliceCharacter string3.0.0 to 4.2.4
systemd_journal.systemd_user_unitSystemd user unitCharacter string3.0.0 to 4.2.4
systemd_journal.transportTransportCharacter string3.0.0 to 4.2.4
systemd_journal.udev_devnodeDevice tree nodeCharacter string3.0.0 to 4.2.4
systemd_journal.udev_sysnameDevice tree nameCharacter string3.0.0 to 4.2.4
systemd_journal.uidUIDUnsigned integer (32 bits)3.0.0 to 4.2.4
systemd_journal.undecoded_fieldUnable to decode fieldLabel3.0.13 to 3.0.14, 3.2.6 to 4.2.4
systemd_journal.unhandled_field_typeField dataCharacter string3.0.0 to 4.2.4
systemd_journal.unhandled_field_type.undecodedUnhandled field typeLabel3.6.0 to 4.2.4
systemd_journal.user_idUser IDCharacter string3.0.0 to 4.2.4
systemd_journal.user_invocation_idUser invocation IDCharacter string3.0.0 to 4.2.4
systemd_journal.userspace_usecUserspace microsecondsTime offset3.0.0 to 4.2.4

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube