1SYSTEMD-JOURNAL-REMOTE.SEsRyVsItCeEm(d8-)journal-remoteS.YsSeTrEvMiDc-eJOURNAL-REMOTE.SERVICE(8)
2
3
4
6 systemd-journal-remote.service, systemd-journal-remote.socket, systemd-
7 journal-remote - Receive journal messages over the network
8
10 systemd-journal-remote.service
11
12 systemd-journal-remote.socket
13
14 /usr/lib/systemd/systemd-journal-remote [OPTIONS...]
15 [-o/--output=DIR|FILE]
16 [SOURCES...]
17
19 systemd-journal-remote is a command to receive serialized journal
20 events and store them to journal files. Input streams are in the
21 Journal Export Format[1], i.e. like the output from journalctl
22 --output=export. For transport over the network, this serialized stream
23 is usually carried over an HTTPS connection.
24
25 systemd-journal-remote.service is a system service that uses
26 systemd-journal-remote to listen for connections.
27 systemd-journal-remote.socket configures the network address that
28 systemd-journal-remote.service listens on. By default this is port
29 19532. What connections are accepted and how the received data is
30 stored can be configured through the journal-remote.conf(5)
31 configuration file.
32
34 Sources can be either "active" (systemd-journal-remote requests and
35 pulls the data), or "passive" (systemd-journal-remote waits for a
36 connection and then receives events pushed by the other side).
37
38 systemd-journal-remote can read more than one event stream at a time.
39 They will be interleaved in the output file. In case of "active"
40 connections, each "source" is one stream, and in case of "passive"
41 connections, each connection can result in a separate stream. Sockets
42 can be configured in "accept" mode (i.e. only one connection), or
43 "listen" mode (i.e. multiple connections, each resulting in a stream).
44
45 When there are no more connections, and no more can be created (there
46 are no listening sockets), then systemd-journal-remote will exit.
47
48 Active sources can be specified in the following ways:
49
50 [SOURCES...]
51 When - is given as a positional argument, events will be read from
52 standard input. Other positional arguments will be treated as
53 filenames to open and read from.
54
55 --url=ADDRESS
56 With the --url=ADDRESS option, events will be retrieved using HTTP
57 from ADDRESS. This URL should refer to the root of a remote
58 systemd-journal-gatewayd(8) instance, e.g. http://some.host:19531/
59 or https://some.host:19531/.
60
61 --getter='PROG [OPTIONS...]'
62 Program to invoke to retrieve data. The journal event stream must
63 be generated on standard output.
64
65 Examples:
66
67 --getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/'
68
69 --getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/'
70
71 Passive sources can be specified in the following ways:
72
73 --listen-raw=ADDRESS
74 ADDRESS must be an address suitable for ListenStream= (cf.
75 systemd.socket(5)). systemd-journal-remote will listen on this
76 socket for connections. Each connection is expected to be a stream
77 of journal events.
78
79 --listen-http=ADDRESS, --listen-https=ADDRESS
80 ADDRESS must be either a negative integer, in which case it will be
81 interpreted as the (negated) file descriptor number, or an address
82 suitable for ListenStream= (c.f. systemd.socket(5)). In the first
83 case, the server listens on port 19532 by default, and the matching
84 file descriptor must be inherited through $LISTEN_FDS/$LISTEN_PID.
85 In the second case, an HTTP or HTTPS server will be spawned on this
86 port, respectively for --listen-http= and --listen-https=.
87 Currently, only POST requests to /upload with "Content-Type:
88 application/vnd.fdo.journal" are supported.
89
90 $LISTEN_FDS
91 systemd-journal-remote supports the $LISTEN_FDS/$LISTEN_PID
92 protocol. Open sockets inherited through socket activation behave
93 like those opened with --listen-raw= described above, unless they
94 are specified as an argument in --listen-http=-n or
95 --listen-https=-n above. In the latter case, an HTTP or HTTPS
96 server will be spawned using this descriptor and connections must
97 be made over the HTTP protocol.
98
99 --key=
100 Takes a path to a SSL key file in PEM format. Defaults to
101 /etc/ssl/private/journal-remote.pem. This option can be used with
102 --listen-https=.
103
104 --cert=
105 Takes a path to a SSL certificate file in PEM format. Defaults to
106 /etc/ssl/certs/journal-remote.pem. This option can be used with
107 --listen-https=.
108
109 --trust=
110 Takes a path to a SSL CA certificate file in PEM format, or all. If
111 all is set, then certificate checking will be disabled. Defaults to
112 /etc/ssl/ca/trusted.pem. This option can be used with
113 --listen-https=.
114
115 --gnutls-log=
116 Takes a comma separated list of gnutls logging categories. This
117 option can be used with --listen-http= or --listen-https=.
118
120 The location of the output journal can be specified with -o or
121 --output=.
122
123 --output=FILE
124 Will write to this journal file. The filename must end with
125 .journal. The file will be created if it does not exist. If
126 necessary (journal file full, or corrupted), the file will be
127 renamed following normal journald rules and a new journal file will
128 be created in its stead.
129
130 --output=DIR
131 Will create journal files underneath directory DIR. The directory
132 must exist. If necessary (journal files over size, or corrupted),
133 journal files will be rotated following normal journald rules.
134 Names of files underneath DIR will be generated using the rules
135 described below.
136
137 If --output= is not used, the output directory /var/log/journal/remote/
138 will be used. In case the output file is not specified, journal files
139 will be created underneath the selected directory. Files will be called
140 remote-hostname.journal, where the hostname part is the escaped
141 hostname of the source endpoint of the connection, or the numerical
142 address if the hostname cannot be determined.
143
144 In the case that "active" sources are given by the positional arguments
145 or --getter= option, the output file name must always be given
146 explicitly.
147
149 The following options are understood:
150
151 --split-mode
152 One of none or host. For the first, only one output journal file is
153 used. For the latter, a separate output file is used, based on the
154 hostname of the other endpoint of a connection.
155
156 In the case that "active" sources are given by the positional
157 arguments or --getter= option, the output file name must always be
158 given explicitly and only none is allowed.
159
160 --compress [BOOL]
161 If this is set to "yes" then compress the data in the journal using
162 XZ. The default is "yes".
163
164 --seal [BOOL]
165 If this is set to "yes" then periodically sign the data in the
166 journal using Forward Secure Sealing. The default is "no".
167
168 -h, --help
169 Print a short help text and exit.
170
171 --version
172 Print a short version string and exit.
173
175 Copy local journal events to a different journal directory:
176
177 journalctl -o export | systemd-journal-remote -o /tmp/dir/foo.journal -
178
179
180 Retrieve all available events from a remote systemd-journal-gatewayd(8)
181 instance and store them in
182 /var/log/journal/remote/remote-some.host.journal:
183
184 systemd-journal-remote --url http://some.host:19531/
185
186
187 Retrieve current boot events and wait for new events from a remote
188 systemd-journal-gatewayd(8) instance, and store them in
189 /var/log/journal/remote/remote-some.host.journal:
190
191 systemd-journal-remote --url http://some.host:19531/entries?boot&follow
192
193
194
196 journal-remote.conf(5), journalctl(1), systemd-journal-
197 gatewayd.service(8), systemd-journal-upload.service(8), systemd-
198 journald.service(8)
199
201 1. Journal Export Format
202 https://www.freedesktop.org/wiki/Software/systemd/export
203
204
205
206systemd 245 SYSTEMD-JOURNAL-REMOTE.SERVICE(8)