Wireshark • Display Filter Reference: systemd Journal Entry

Display Filter Reference: systemd Journal Entry

Protocol field name: systemd_journal

Versions: 3.0.0 to 4.6.0

Field name	Description	Type	Versions
systemd_journal.audit_field_apparmor	Audit field AppArmor	Character string	3.0.0 to 4.6.0
systemd_journal.audit_field_name	Audit field name	Character string	3.0.0 to 4.6.0
systemd_journal.audit_field_operation	Audit field operation	Character string	3.0.0 to 4.6.0
systemd_journal.audit_field_profile	Audit field profile	Character string	3.0.0 to 4.6.0
systemd_journal.audit_id	Audit ID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.audit_loginuid	Audit login UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.audit_session	Audit session	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.audit_type	Audit type	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.available	Available	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.available_pretty	Human readable available	Character string	3.0.0 to 4.6.0
systemd_journal.binary_data_len	Binary data length	Unsigned integer (64 bits)	3.0.0 to 4.6.0
systemd_journal.boot_id	Boot ID	Character string	3.0.0 to 4.6.0
systemd_journal.cap_effective	Effective capability	Character string	3.0.0 to 4.6.0
systemd_journal.cmdline	Command line	Character string	3.0.0 to 4.6.0
systemd_journal.code_file	Code file	Character string	3.0.0 to 4.6.0
systemd_journal.code_func	Code func	Character string	3.0.0 to 4.6.0
systemd_journal.code_line	Code line	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.comm	Command name	Character string	3.0.0 to 4.6.0
systemd_journal.coredump_unit	Coredump unit	Character string	3.0.0 to 4.6.0
systemd_journal.coredump_user_unit	Coredump user unit	Character string	3.0.0 to 4.6.0
systemd_journal.current_use	Current use	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.current_use_pretty	Human readable current use	Character string	3.0.0 to 4.6.0
systemd_journal.cursor	Cursor	Character string	3.0.0 to 4.6.0
systemd_journal.disk_available	Disk available	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.disk_available_pretty	Human readable disk available	Character string	3.0.0 to 4.6.0
systemd_journal.disk_keep_free	Disk keep free	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.disk_keep_free_pretty	Human readable disk keep free	Character string	3.0.0 to 4.6.0
systemd_journal.errno	Errno	Signed integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.exe	Executable path	Character string	3.0.0 to 4.6.0
systemd_journal.field	Unknown field	Label	3.0.0 to 4.6.0
systemd_journal.field.data	Field data	Character string	3.0.0 to 4.6.0
systemd_journal.field.name	Field name	Character string	3.0.0 to 4.6.0
systemd_journal.field.value	Field value	Character string	3.0.0 to 4.6.0
systemd_journal.gid	GID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.hostname	Hostname	Character string	3.0.0 to 4.6.0
systemd_journal.job_result	Job result	Character string	3.0.0 to 4.6.0
systemd_journal.job_type	Job type	Character string	3.0.0 to 4.6.0
systemd_journal.journal_name	Journal name	Character string	3.0.0 to 4.6.0
systemd_journal.journal_path	Journal path	Character string	3.0.0 to 4.6.0
systemd_journal.kernel_device	Kernel device	Character string	3.0.0 to 4.6.0
systemd_journal.kernel_subsystem	Kernel subsystem	Character string	3.0.0 to 4.6.0
systemd_journal.kernel_usec	Kernel microseconds	Time offset	3.0.0 to 4.6.0
systemd_journal.leader	Leader	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.limit	Limit	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.limit_pretty	Human readable limit	Character string	3.0.0 to 4.6.0
systemd_journal.line_break	Line break	Character string	3.0.0 to 4.6.0
systemd_journal.machine_id	Machine ID	Character string	3.0.0 to 4.6.0
systemd_journal.max_use	Max use	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.max_use_pretty	Human readable max use	Character string	3.0.0 to 4.6.0
systemd_journal.message	Message	Character string	3.0.0 to 4.6.0
systemd_journal.message_id	Message ID	Character string	3.0.0 to 4.6.0
systemd_journal.monotonic_timestamp	Monotonic Timestamp	Time offset	3.0.0 to 4.6.0
systemd_journal.nonbinary_field	Field shouldn't be binary	Label	3.0.0 to 4.6.0
systemd_journal.object_audit_loginuid	Object audit login UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_audit_session	Object audit session	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_cap_effective	Object effective capability	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_cmdline	Object command line	Character string	3.0.0 to 4.6.0
systemd_journal.object_comm	Object command name	Character string	3.0.0 to 4.6.0
systemd_journal.object_exe	Object executable path	Character string	3.0.0 to 4.6.0
systemd_journal.object_gid	Object GID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_pid	Object PID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_selinux_context	Object SELinux context	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_cgroup	Object systemd cgroup	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_invocation_id	Object systemd invocation ID	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_owner_uid	Object systemd owner UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_systemd_session	Object systemd session	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.object_systemd_slice	Object systemd slice	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_unit	Object systemd unit	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_user_slice	Object systemd user slice	Character string	3.0.0 to 4.6.0
systemd_journal.object_systemd_user_unit	Object systemd user unit	Character string	3.0.0 to 4.6.0
systemd_journal.object_uid	Object UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.pid	PID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.priority	Priority	Unsigned integer (8 bits)	3.0.0 to 4.6.0
systemd_journal.realtime_timestamp	Realtime Timestamp	Date and time	3.0.0 to 4.6.0
systemd_journal.result	Result	Character string	3.0.0 to 4.6.0
systemd_journal.seat_id	Seat ID	Character string	3.0.0 to 4.6.0
systemd_journal.selinux_context	SELinux context	Character string	3.0.0 to 4.6.0
systemd_journal.session_id	Session ID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.source_monotonic_timestamp	Source monotonic timestamp	Time offset	3.0.0 to 4.6.0
systemd_journal.source_realtime_timestamp	Source realtime timestamp	Date and time	3.0.0 to 4.6.0
systemd_journal.stream_id	Stream ID	Character string	3.0.0 to 4.6.0
systemd_journal.syslog_facility	Syslog facility	Unsigned integer (8 bits)	3.0.0 to 4.6.0
systemd_journal.syslog_id	Syslog identifier	Character string	3.0.0 to 4.6.0
systemd_journal.syslog_pid	Syslog PID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.systemd_cgroup	Systemd cgroup	Character string	3.0.0 to 4.6.0
systemd_journal.systemd_invocation_id	Systemd invocation ID	Character string	3.0.0 to 4.6.0
systemd_journal.systemd_owner_uid	Systemd owner UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.systemd_session	Systemd session	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.systemd_slice	Systemd slice	Character string	3.0.0 to 4.6.0
systemd_journal.systemd_unit	Systemd unit	Character string	3.0.0 to 4.6.0
systemd_journal.systemd_user_slice	Systemd user slice	Character string	3.0.0 to 4.6.0
systemd_journal.systemd_user_unit	Systemd user unit	Character string	3.0.0 to 4.6.0
systemd_journal.transport	Transport	Character string	3.0.0 to 4.6.0
systemd_journal.udev_devlink	Device tree symlink	Character string	3.0.0 to 4.6.0
systemd_journal.udev_devnode	Device tree node	Character string	3.0.0 to 4.6.0
systemd_journal.udev_sysname	Device tree name	Character string	3.0.0 to 4.6.0
systemd_journal.uid	UID	Unsigned integer (32 bits)	3.0.0 to 4.6.0
systemd_journal.undecoded_field	Unable to decode field	Label	3.0.13 to 3.0.14, 3.2.6 to 4.6.0
systemd_journal.unhandled_field_type	Field data	Character string	3.0.0 to 4.6.0
systemd_journal.unhandled_field_type.undecoded	Unhandled field type	Label	3.6.0 to 4.6.0
systemd_journal.user_id	User ID	Character string	3.0.0 to 4.6.0
systemd_journal.user_invocation_id	User invocation ID	Character string	3.0.0 to 4.6.0
systemd_journal.userspace_usec	Userspace microseconds	Time offset	3.0.0 to 4.6.0