1SYSTEMD-JOURNAL-UPLOAD.SEsRyVsItCeEm(d8-)journal-uploadS.YsSeTrEvMiDc-eJOURNAL-UPLOAD.SERVICE(8)
2
3
4

NAME

6       systemd-journal-upload.service, systemd-journal-upload - Send journal
7       messages over the network
8

SYNOPSIS

10       systemd-journal-upload.service
11
12       /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL]
13                                               [SOURCES...]
14

DESCRIPTION

16       systemd-journal-upload will upload journal entries to the URL specified
17       with --url=. This program reads journal entries from one or more
18       journal files, similarly to journalctl(1). Unless limited by one of the
19       options specified below, all journal entries accessible to the user the
20       program is running as will be uploaded, and then the program will wait
21       and send new entries as they become available.
22
23       systemd-journal-upload transfers the raw content of journal file and
24       uses HTTP as a transport protocol.
25
26       systemd-journal-upload.service is a system service that uses
27       systemd-journal-upload to upload journal entries to a server. It uses
28       the configuration in journal-upload.conf(5). At least the URL= option
29       must be specified.
30

OPTIONS

32       -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
33           Upload to the specified address.  URL may specify either just the
34           hostname or both the protocol and hostname.  https is the default.
35           The port number may be specified after a colon (":"), otherwise
36           19532 will be used by default.
37
38       --system, --user
39           Limit uploaded entries to entries from system services and the
40           kernel, or to entries from services of current user. This has the
41           same meaning as --system and --user options for journalctl(1). If
42           neither is specified, all accessible entries are uploaded.
43
44       -m, --merge
45           Upload entries interleaved from all available journals, including
46           other machines. This has the same meaning as --merge option for
47           journalctl(1).
48
49       -D, --directory=DIR
50           Takes a directory path as argument. Upload entries from the
51           specified journal directory DIR instead of the default runtime and
52           system journal paths. This has the same meaning as --directory=
53           option for journalctl(1).
54
55       --file=GLOB
56           Takes a file glob as an argument. Upload entries from the specified
57           journal files matching GLOB instead of the default runtime and
58           system journal paths. May be specified multiple times, in which
59           case files will be suitably interleaved. This has the same meaning
60           as --file= option for journalctl(1).
61
62       --cursor=
63           Upload entries from the location in the journal specified by the
64           passed cursor. This has the same meaning as --cursor= option for
65           journalctl(1).
66
67       --after-cursor=
68           Upload entries from the location in the journal after the location
69           specified by the this cursor. This has the same meaning as
70           --after-cursor= option for journalctl(1).
71
72       --save-state[=PATH]
73           Upload entries from the location in the journal after the location
74           specified by the cursor saved in file at PATH
75           (/var/lib/systemd/journal-upload/state by default). After an entry
76           is successfully uploaded, update this file with the cursor of that
77           entry.
78
79       --follow[=BOOL]
80           If set to yes, then systemd-journal-upload waits for input.
81
82       --key=
83           Takes a path to a SSL key file in PEM format, or -. If - is set,
84           then client certificate authentication checking will be disabled.
85           Defaults to /etc/ssl/private/journal-upload.pem.
86
87       --cert=
88           Takes a path to a SSL certificate file in PEM format, or -. If - is
89           set, then client certificate authentication checking will be
90           disabled. Defaults to /etc/ssl/certs/journal-upload.pem.
91
92       --trust=
93           Takes a path to a SSL CA certificate file in PEM format, or -/all.
94           If -/all is set, then certificate checking will be disabled.
95           Defaults to /etc/ssl/ca/trusted.pem.
96
97       -h, --help
98           Print a short help text and exit.
99
100       --version
101           Print a short version string and exit.
102

EXIT STATUS

104       On success, 0 is returned; otherwise, a non-zero failure code is
105       returned.
106

EXAMPLES

108       Example 1. Setting up certificates for authentication
109
110       Certificates signed by a trusted authority are used to verify that the
111       server to which messages are uploaded is legitimate, and vice versa,
112       that the client is trusted.
113
114       A suitable set of certificates can be generated with openssl. Note,
115       2048 bits of key length is minimally recommended to use for security
116       reasons:
117
118           openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
119                 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
120
121           cat >ca.conf <<EOF
122           [ ca ]
123           default_ca = this
124
125           [ this ]
126           new_certs_dir = .
127           certificate = ca.pem
128           database = ./index
129           private_key = ca.key
130           serial = ./serial
131           default_days = 3650
132           default_md = default
133           policy = policy_anything
134
135           [ policy_anything ]
136           countryName             = optional
137           stateOrProvinceName     = optional
138           localityName            = optional
139           organizationName        = optional
140           organizationalUnitName  = optional
141           commonName              = supplied
142           emailAddress            = optional
143           EOF
144
145           touch index
146           echo 0001 >serial
147
148           SERVER=server
149           CLIENT=client
150
151           openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
152           openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
153
154           openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
155           openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
156
157       Generated files ca.pem, server.pem, and server.key should be installed
158       on server, and ca.pem, client.pem, and client.key on the client. The
159       location of those files can be specified using TrustedCertificateFile=,
160       ServerCertificateFile=, and ServerKeyFile= in
161       /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf,
162       respectively. The default locations can be queried by using
163       systemd-journal-remote --help and systemd-journal-upload --help.
164

SEE ALSO

166       journal-upload.conf(5), systemd-journal-remote.service(8),
167       journalctl(1), systemd-journald.service(8), systemd-journal-
168       gatewayd.service(8)
169
170
171
172systemd 253                                  SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)
Impressum