1SYSTEMD-JOURNAL-UPLOAD.SEsRyVsItCeEm(d8-)journal-uploadS.YsSeTrEvMiDc-eJOURNAL-UPLOAD.SERVICE(8)
2
3
4

NAME

6       systemd-journal-upload.service, systemd-journal-upload - Send journal
7       messages over the network
8

SYNOPSIS

10       systemd-journal-upload.service
11
12       /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL]
13                                               [SOURCES...]
14

DESCRIPTION

16       systemd-journal-upload will upload journal entries to the URL specified
17       with --url=. This program reads journal entries from one or more
18       journal files, similarly to journalctl(1). Unless limited by one of the
19       options specified below, all journal entries accessible to the user the
20       program is running as will be uploaded, and then the program will wait
21       and send new entries as they become available.
22
23       systemd-journal-upload.service is a system service that uses
24       systemd-journal-upload to upload journal entries to a server. It uses
25       the configuration in journal-upload.conf(5). At least the URL= option
26       must be specified.
27

OPTIONS

29       -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
30           Upload to the specified address.  URL may specify either just the
31           hostname or both the protocol and hostname.  https is the default.
32           The port number may be specified after a colon (":"), otherwise
33           19532 will be used by default.
34
35       --system, --user
36           Limit uploaded entries to entries from system services and the
37           kernel, or to entries from services of current user. This has the
38           same meaning as --system and --user options for journalctl(1). If
39           neither is specified, all accessible entries are uploaded.
40
41       -m, --merge
42           Upload entries interleaved from all available journals, including
43           other machines. This has the same meaning as --merge option for
44           journalctl(1).
45
46       -D, --directory=DIR
47           Takes a directory path as argument. Upload entries from the
48           specified journal directory DIR instead of the default runtime and
49           system journal paths. This has the same meaning as --directory=
50           option for journalctl(1).
51
52       --file=GLOB
53           Takes a file glob as an argument. Upload entries from the specified
54           journal files matching GLOB instead of the default runtime and
55           system journal paths. May be specified multiple times, in which
56           case files will be suitably interleaved. This has the same meaning
57           as --file= option for journalctl(1).
58
59       --cursor=
60           Upload entries from the location in the journal specified by the
61           passed cursor. This has the same meaning as --cursor= option for
62           journalctl(1).
63
64       --after-cursor=
65           Upload entries from the location in the journal after the location
66           specified by the this cursor. This has the same meaning as
67           --after-cursor= option for journalctl(1).
68
69       --save-state[=PATH]
70           Upload entries from the location in the journal after the location
71           specified by the cursor saved in file at PATH
72           (/var/lib/systemd/journal-upload/state by default). After an entry
73           is successfully uploaded, update this file with the cursor of that
74           entry.
75
76       --follow[=BOOL]
77           If set to yes, then systemd-journal-upload waits for input.
78
79       --key=
80           Takes a path to a SSL key file in PEM format, or -. If - is set,
81           then client certificate authentication checking will be disabled.
82           Defaults to /etc/ssl/private/journal-upload.pem.
83
84       --cert=
85           Takes a path to a SSL certificate file in PEM format, or -. If - is
86           set, then client certificate authentication checking will be
87           disabled. Defaults to /etc/ssl/certs/journal-upload.pem.
88
89       --trust=
90           Takes a path to a SSL CA certificate file in PEM format, or -/all.
91           If -/all is set, then certificate checking will be disabled.
92           Defaults to /etc/ssl/ca/trusted.pem.
93
94       -h, --help
95           Print a short help text and exit.
96
97       --version
98           Print a short version string and exit.
99

EXIT STATUS

101       On success, 0 is returned; otherwise, a non-zero failure code is
102       returned.
103

EXAMPLES

105       Example 1. Setting up certificates for authentication
106
107       Certificates signed by a trusted authority are used to verify that the
108       server to which messages are uploaded is legitimate, and vice versa,
109       that the client is trusted.
110
111       A suitable set of certificates can be generated with openssl. Note,
112       2048 bits of key length is minimally recommended to use for security
113       reasons:
114
115           openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
116                 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
117
118           cat >ca.conf <<EOF
119           [ ca ]
120           default_ca = this
121
122           [ this ]
123           new_certs_dir = .
124           certificate = ca.pem
125           database = ./index
126           private_key = ca.key
127           serial = ./serial
128           default_days = 3650
129           default_md = default
130           policy = policy_anything
131
132           [ policy_anything ]
133           countryName             = optional
134           stateOrProvinceName     = optional
135           localityName            = optional
136           organizationName        = optional
137           organizationalUnitName  = optional
138           commonName              = supplied
139           emailAddress            = optional
140           EOF
141
142           touch index
143           echo 0001 >serial
144
145           SERVER=server
146           CLIENT=client
147
148           openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
149           openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
150
151           openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
152           openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
153
154       Generated files ca.pem, server.pem, and server.key should be installed
155       on server, and ca.pem, client.pem, and client.key on the client. The
156       location of those files can be specified using TrustedCertificateFile=,
157       ServerCertificateFile=, and ServerKeyFile= in
158       /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf,
159       respectively. The default locations can be queried by using
160       systemd-journal-remote --help and systemd-journal-upload --help.
161

SEE ALSO

163       journal-upload.conf(5), systemd-journal-remote.service(8),
164       journalctl(1), systemd-journald.service(8), systemd-journal-
165       gatewayd.service(8)
166
167
168
169systemd 249                                  SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)
Impressum