1SYSTEMD-JOURNAL-REMOTE.SEsRyVsItCeEm(d8-)journal-remoteS.YsSeTrEvMiDc-eJOURNAL-REMOTE.SERVICE(8)
2
3
4

NAME

6       systemd-journal-remote.service, systemd-journal-remote.socket, systemd-
7       journal-remote - Receive journal messages over the network
8

SYNOPSIS

10       systemd-journal-remote.service
11
12       systemd-journal-remote.socket
13
14       /usr/lib/systemd/systemd-journal-remote [OPTIONS...]
15                                               [-o/--output=DIR|FILE]
16                                               [SOURCES...]
17

DESCRIPTION

19       systemd-journal-remote is a command to receive serialized journal
20       events and store them to journal files. Input streams are in the
21       Journal Export Format[1], i.e. like the output from journalctl
22       --output=export. For transport over the network, this serialized stream
23       is usually carried over an HTTPS connection.
24
25       systemd-journal-remote.service is a system service that uses
26       systemd-journal-remote to listen for connections.
27       systemd-journal-remote.socket configures the network address that
28       systemd-journal-remote.service listens on. By default this is port
29       19532. What connections are accepted and how the received data is
30       stored can be configured through the journal-remote.conf(5)
31       configuration file.
32

SOURCES

34       Sources can be either "active" (systemd-journal-remote requests and
35       pulls the data), or "passive" (systemd-journal-remote waits for a
36       connection and then receives events pushed by the other side).
37
38       systemd-journal-remote can read more than one event stream at a time.
39       They will be interleaved in the output file. In case of "active"
40       connections, each "source" is one stream, and in case of "passive"
41       connections, each connection can result in a separate stream. Sockets
42       can be configured in "accept" mode (i.e. only one connection), or
43       "listen" mode (i.e. multiple connections, each resulting in a stream).
44
45       When there are no more connections, and no more can be created (there
46       are no listening sockets), then systemd-journal-remote will exit.
47
48       Active sources can be specified in the following ways:
49
50       [SOURCES...]
51           When - is given as a positional argument, events will be read from
52           standard input. Other positional arguments will be treated as
53           filenames to open and read from.
54
55       --url=ADDRESS
56           With the --url=ADDRESS option, events will be retrieved using HTTP
57           from ADDRESS. This URL should refer to the root of a remote
58           systemd-journal-gatewayd(8) instance, e.g. http://some.host:19531/
59           or https://some.host:19531/.
60
61       --getter='PROG [OPTIONS...]'
62           Program to invoke to retrieve data. The journal event stream must
63           be generated on standard output.
64
65           Examples:
66
67               --getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/'
68
69               --getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/'
70
71       Passive sources can be specified in the following ways:
72
73       --listen-raw=ADDRESS
74           ADDRESS must be an address suitable for ListenStream= (cf.
75           systemd.socket(5)).  systemd-journal-remote will listen on this
76           socket for connections. Each connection is expected to be a stream
77           of journal events.
78
79       --listen-http=ADDRESS, --listen-https=ADDRESS
80           ADDRESS must be either a negative integer, in which case it will be
81           interpreted as the (negated) file descriptor number, or an address
82           suitable for ListenStream= (c.f.  systemd.socket(5)). In the first
83           case, the server listens on port 19532 by default, and the matching
84           file descriptor must be inherited through $LISTEN_FDS/$LISTEN_PID.
85           In the second case, an HTTP or HTTPS server will be spawned on this
86           port, respectively for --listen-http= and --listen-https=.
87           Currently, only POST requests to /upload with "Content-Type:
88           application/vnd.fdo.journal" are supported.
89
90       $LISTEN_FDS
91           systemd-journal-remote supports the $LISTEN_FDS/$LISTEN_PID
92           protocol. Open sockets inherited through socket activation behave
93           like those opened with --listen-raw= described above, unless they
94           are specified as an argument in --listen-http=-n or
95           --listen-https=-n above. In the latter case, an HTTP or HTTPS
96           server will be spawned using this descriptor and connections must
97           be made over the HTTP protocol.
98
99       --key=
100           Takes a path to a SSL key file in PEM format. Defaults to
101           /etc/ssl/private/journal-remote.pem. This option can be used with
102           --listen-https=.
103
104       --cert=
105           Takes a path to a SSL certificate file in PEM format. Defaults to
106           /etc/ssl/certs/journal-remote.pem. This option can be used with
107           --listen-https=.
108
109       --trust=
110           Takes a path to a SSL CA certificate file in PEM format, or all. If
111           all is set, then certificate checking will be disabled. Defaults to
112           /etc/ssl/ca/trusted.pem. This option can be used with
113           --listen-https=.
114
115       --gnutls-log=
116           Takes a comma separated list of gnutls logging categories. This
117           option can be used with --listen-http= or --listen-https=.
118

SINKS

120       The location of the output journal can be specified with -o or
121       --output=.
122
123       --output=FILE
124           Will write to this journal file. The filename must end with
125           .journal. The file will be created if it does not exist. If
126           necessary (journal file full, or corrupted), the file will be
127           renamed following normal journald rules and a new journal file will
128           be created in its stead.
129
130       --output=DIR
131           Will create journal files underneath directory DIR. The directory
132           must exist. If necessary (journal files over size, or corrupted),
133           journal files will be rotated following normal journald rules.
134           Names of files underneath DIR will be generated using the rules
135           described below.
136
137       If --output= is not used, the output directory /var/log/journal/remote/
138       will be used. In case the output file is not specified, journal files
139       will be created underneath the selected directory. Files will be called
140       remote-hostname.journal, where the hostname part is the escaped
141       hostname of the source endpoint of the connection, or the numerical
142       address if the hostname cannot be determined.
143
144       In the case that "active" sources are given by the positional arguments
145       or --getter= option, the output file name must always be given
146       explicitly.
147

OPTIONS

149       The following options are understood:
150
151       --split-mode
152           One of none or host. For the first, only one output journal file is
153           used. For the latter, a separate output file is used, based on the
154           hostname of the other endpoint of a connection.
155
156           In the case that "active" sources are given by the positional
157           arguments or --getter= option, the output file name must always be
158           given explicitly and only none is allowed.
159
160       --compress [BOOL]
161           If this is set to "yes" then compress the data in the journal using
162           XZ. The default is "yes".
163
164       --seal [BOOL]
165           If this is set to "yes" then periodically sign the data in the
166           journal using Forward Secure Sealing. The default is "no".
167
168       -h, --help
169           Print a short help text and exit.
170
171       --version
172           Print a short version string and exit.
173

EXAMPLES

175       Copy local journal events to a different journal directory:
176
177           journalctl -o export | systemd-journal-remote -o /tmp/dir/foo.journal -
178
179
180       Retrieve all available events from a remote systemd-journal-gatewayd(8)
181       instance and store them in
182       /var/log/journal/remote/remote-some.host.journal:
183
184           systemd-journal-remote --url http://some.host:19531/
185
186
187       Retrieve current boot events and wait for new events from a remote
188       systemd-journal-gatewayd(8) instance, and store them in
189       /var/log/journal/remote/remote-some.host.journal:
190
191           systemd-journal-remote --url http://some.host:19531/entries?boot&follow
192
193
194

SEE ALSO

196       journal-remote.conf(5), journalctl(1), systemd-journal-
197       gatewayd.service(8), systemd-journal-upload.service(8), systemd-
198       journald.service(8)
199

NOTES

201        1. Journal Export Format
202           https://www.freedesktop.org/wiki/Software/systemd/export
203
204
205
206systemd 241                                  SYSTEMD-JOURNAL-REMOTE.SERVICE(8)
Impressum