Wireshark · Display Filter Reference: systemd Journal Entry

Display Filter Reference: systemd Journal Entry

Protocol field name: systemd_journal

Versions: 3.0.0 to 3.4.5

Field name	Description	Type	Versions
systemd_journal.audit_field_apparmor	Audit field AppArmor	Character string	3.0.0 to 3.4.5
systemd_journal.audit_field_name	Audit field name	Character string	3.0.0 to 3.4.5
systemd_journal.audit_field_operation	Audit field operation	Character string	3.0.0 to 3.4.5
systemd_journal.audit_field_profile	Audit field profile	Character string	3.0.0 to 3.4.5
systemd_journal.audit_id	Audit ID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.audit_loginuid	Audit login UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.audit_session	Audit session	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.audit_type	Audit type	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.available	Available	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.available_pretty	Human readable available	Character string	3.0.0 to 3.4.5
systemd_journal.binary_data_len	Binary data length	Unsigned integer, 8 bytes	3.0.0 to 3.4.5
systemd_journal.boot_id	Boot ID	Character string	3.0.0 to 3.4.5
systemd_journal.cap_effective	Effective capability	Character string	3.0.0 to 3.4.5
systemd_journal.cmdline	Command line	Character string	3.0.0 to 3.4.5
systemd_journal.code_file	Code file	Character string	3.0.0 to 3.4.5
systemd_journal.code_func	Code func	Character string	3.0.0 to 3.4.5
systemd_journal.code_line	Code line	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.comm	Command name	Character string	3.0.0 to 3.4.5
systemd_journal.coredump_unit	Coredump unit	Character string	3.0.0 to 3.4.5
systemd_journal.coredump_user_unit	Coredump user unit	Character string	3.0.0 to 3.4.5
systemd_journal.current_use	Current use	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.current_use_pretty	Human readable current use	Character string	3.0.0 to 3.4.5
systemd_journal.cursor	Cursor	Character string	3.0.0 to 3.4.5
systemd_journal.disk_available	Disk available	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.disk_available_pretty	Human readable disk available	Character string	3.0.0 to 3.4.5
systemd_journal.disk_keep_free	Disk keep free	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.disk_keep_free_pretty	Human readable disk keep free	Character string	3.0.0 to 3.4.5
systemd_journal.errno	Errno	Signed integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.exe	Executable path	Character string	3.0.0 to 3.4.5
systemd_journal.field	Unknown field	Label	3.0.0 to 3.4.5
systemd_journal.field.data	Field data	Character string	3.0.0 to 3.4.5
systemd_journal.field.name	Field name	Character string	3.0.0 to 3.4.5
systemd_journal.field.value	Field value	Character string	3.0.0 to 3.4.5
systemd_journal.gid	GID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.hostname	Hostname	Character string	3.0.0 to 3.4.5
systemd_journal.job_result	Job result	Character string	3.0.0 to 3.4.5
systemd_journal.job_type	Job type	Character string	3.0.0 to 3.4.5
systemd_journal.journal_name	Journal name	Character string	3.0.0 to 3.4.5
systemd_journal.journal_path	Journal path	Character string	3.0.0 to 3.4.5
systemd_journal.kernel_device	Kernel device	Character string	3.0.0 to 3.4.5
systemd_journal.kernel_subsystem	Kernel subsystem	Character string	3.0.0 to 3.4.5
systemd_journal.kernel_usec	Kernel microseconds	Time offset	3.0.0 to 3.4.5
systemd_journal.leader	Leader	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.limit	Limit	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.limit_pretty	Human readable limit	Character string	3.0.0 to 3.4.5
systemd_journal.line_break	Line break	Character string	3.0.0 to 3.4.5
systemd_journal.machine_id	Machine ID	Character string	3.0.0 to 3.4.5
systemd_journal.max_use	Max use	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.max_use_pretty	Human readable max use	Character string	3.0.0 to 3.4.5
systemd_journal.message	Message	Character string	3.0.0 to 3.4.5
systemd_journal.message_id	Message ID	Character string	3.0.0 to 3.4.5
systemd_journal.monotonic_timestamp	Monotonic Timestamp	Time offset	3.0.0 to 3.4.5
systemd_journal.nonbinary_field	Field shouldn\'t be binary	Label	3.0.0 to 3.4.5
systemd_journal.object_audit_loginuid	Object audit login UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_audit_session	Object audit session	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_cap_effective	Object effective capability	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_cmdline	Object command line	Character string	3.0.0 to 3.4.5
systemd_journal.object_comm	Object command name	Character string	3.0.0 to 3.4.5
systemd_journal.object_exe	Object executable path	Character string	3.0.0 to 3.4.5
systemd_journal.object_gid	Object GID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_pid	Object PID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_selinux_context	Object SELinux context	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_cgroup	Object systemd cgroup	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_invocation_id	Object systemd invocation ID	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_owner_uid	Object systemd owner UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_systemd_session	Object systemd session	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.object_systemd_slice	Object systemd slice	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_unit	Object systemd unit	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_user_slice	Object systemd user slice	Character string	3.0.0 to 3.4.5
systemd_journal.object_systemd_user_unit	Object systemd user unit	Character string	3.0.0 to 3.4.5
systemd_journal.object_uid	Object UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.pid	PID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.priority	Priority	Unsigned integer, 1 byte	3.0.0 to 3.4.5
systemd_journal.realtime_timestamp	Realtime Timestamp	Date and time	3.0.0 to 3.4.5
systemd_journal.result	Result	Character string	3.0.0 to 3.4.5
systemd_journal.seat_id	Seat ID	Character string	3.0.0 to 3.4.5
systemd_journal.selinux_context	SELinux context	Character string	3.0.0 to 3.4.5
systemd_journal.session_id	Session ID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.source_monotonic_timestamp	Source monotonic timestamp	Time offset	3.0.0 to 3.4.5
systemd_journal.source_realtime_timestamp	Source realtime timestamp	Date and time	3.0.0 to 3.4.5
systemd_journal.stream_id	Stream ID	Character string	3.0.0 to 3.4.5
systemd_journal.syslog_facility	Syslog facility	Unsigned integer, 1 byte	3.0.0 to 3.4.5
systemd_journal.syslog_id	Syslog identifier	Character string	3.0.0 to 3.4.5
systemd_journal.syslog_pid	Syslog PID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.systemd_cgroup	Systemd cgroup	Character string	3.0.0 to 3.4.5
systemd_journal.systemd_invocation_id	Systemd invocation ID	Character string	3.0.0 to 3.4.5
systemd_journal.systemd_owner_uid	Systemd owner UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.systemd_session	Systemd session	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.systemd_slice	Systemd slice	Character string	3.0.0 to 3.4.5
systemd_journal.systemd_unit	Systemd unit	Character string	3.0.0 to 3.4.5
systemd_journal.systemd_user_slice	Systemd user slice	Character string	3.0.0 to 3.4.5
systemd_journal.systemd_user_unit	Systemd user unit	Character string	3.0.0 to 3.4.5
systemd_journal.transport	Transport	Character string	3.0.0 to 3.4.5
systemd_journal.udev_devlink	Device tree symlink	Character string	3.0.0 to 3.4.5
systemd_journal.udev_devnode	Device tree node	Character string	3.0.0 to 3.4.5
systemd_journal.udev_sysname	Device tree name	Character string	3.0.0 to 3.4.5
systemd_journal.uid	UID	Unsigned integer, 4 bytes	3.0.0 to 3.4.5
systemd_journal.undecoded_field	Unable to decode field	Label	3.0.13 to 3.0.14, 3.2.6 to 3.4.5
systemd_journal.unhandled_field_type	Field data	Character string	3.0.0 to 3.4.5
systemd_journal.user_id	User ID	Character string	3.0.0 to 3.4.5
systemd_journal.user_invocation_id	User invocation ID	Character string	3.0.0 to 3.4.5
systemd_journal.userspace_usec	Userspace microseconds	Time offset	3.0.0 to 3.4.5

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11

• Full stack analysis – from packets to pages
• Rich performance metrics & pre-defined insights for fast problem identification/resolution
• Modular, flexible solution for deeply-analyzing network & application performance

Learn More