1SYSTEMD-JOURNAL-REMOTE.SEsRyVsItCeEm(d8-)journal-remoteS.YsSeTrEvMiDc-eJOURNAL-REMOTE.SERVICE(8)
2
3
4

NAME

6       systemd-journal-remote.service, systemd-journal-remote.socket, systemd-
7       journal-remote - Receive journal messages over the network
8

SYNOPSIS

10       systemd-journal-remote.service
11
12       systemd-journal-remote.socket
13
14       /usr/lib/systemd/systemd-journal-remote [OPTIONS...]
15                                               [-o/--output=DIR|FILE]
16                                               [SOURCES...]
17

DESCRIPTION

19       systemd-journal-remote is a command to receive serialized journal
20       events and store them to journal files. Input streams are in the
21       Journal Export Format[1], i.e. like the output from journalctl
22       --output=export. For transport over the network, this serialized stream
23       is usually carried over an HTTPS connection.
24
25       systemd-journal-remote.service is a system service that uses
26       systemd-journal-remote to listen for connections.
27       systemd-journal-remote.socket configures the network address that
28       systemd-journal-remote.service listens on. By default this is port
29       19532. What connections are accepted and how the received data is
30       stored can be configured through the journal-remote.conf(5)
31       configuration file.
32

SOURCES

34       Sources can be either "active" (systemd-journal-remote requests and
35       pulls the data), or "passive" (systemd-journal-remote waits for a
36       connection and then receives events pushed by the other side).
37
38       systemd-journal-remote can read more than one event stream at a time.
39       They will be interleaved in the output file. In case of "active"
40       connections, each "source" is one stream, and in case of "passive"
41       connections, each connection can result in a separate stream. Sockets
42       can be configured in "accept" mode (i.e. only one connection), or
43       "listen" mode (i.e. multiple connections, each resulting in a stream).
44
45       When there are no more connections, and no more can be created (there
46       are no listening sockets), then systemd-journal-remote will exit.
47
48       Active sources can be specified in the following ways:
49
50       [SOURCES...]
51           When - is given as a positional argument, events will be read from
52           standard input. Other positional arguments will be treated as
53           filenames to open and read from.
54
55       --url=ADDRESS
56           With the --url=ADDRESS option, events will be retrieved using HTTP
57           from ADDRESS. This URL should refer to the root of a remote
58           systemd-journal-gatewayd(8) instance, e.g. http://some.host:19531/
59           or https://some.host:19531/.
60
61       --getter='PROG [OPTIONS...]'
62           Program to invoke to retrieve data. The journal event stream must
63           be generated on standard output.
64
65           Examples:
66
67               --getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/'
68
69               --getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/'
70
71       Passive sources can be specified in the following ways:
72
73       --listen-raw=ADDRESS
74           ADDRESS must be an address suitable for ListenStream= (cf.
75           systemd.socket(5)).  systemd-journal-remote will listen on this
76           socket for connections. Each connection is expected to be a stream
77           of journal events.
78
79       --listen-http=ADDRESS, --listen-https=ADDRESS
80           ADDRESS must be either a negative integer, in which case it will be
81           interpreted as the (negated) file descriptor number, or an address
82           suitable for ListenStream= (c.f.  systemd.socket(5)). In the first
83           case, the server listens on port 19532 by default, and the matching
84           file descriptor must be inherited through $LISTEN_FDS/$LISTEN_PID.
85           In the second case, an HTTP or HTTPS server will be spawned on this
86           port, respectively for --listen-http= and --listen-https=.
87           Currently, only POST requests to /upload with "Content-Type:
88           application/vnd.fdo.journal" are supported.
89
90       $LISTEN_FDS
91           systemd-journal-remote supports the $LISTEN_FDS/$LISTEN_PID
92           protocol. Open sockets inherited through socket activation behave
93           like those opened with --listen-raw= described above, unless they
94           are specified as an argument in --listen-http=-n or
95           --listen-https=-n above. In the latter case, an HTTP or HTTPS
96           server will be spawned using this descriptor and connections must
97           be made over the HTTP protocol.
98
99       --key=
100           Takes a path to a SSL secret key file in PEM format. Defaults to
101           /etc/ssl/private/journal-remote.pem. This option can be used with
102           --listen-https=. If the path refers to an AF_UNIX stream socket in
103           the file system a connection is made to it and the key read from
104           it.
105
106       --cert=
107           Takes a path to a SSL certificate file in PEM format. Defaults to
108           /etc/ssl/certs/journal-remote.pem. This option can be used with
109           --listen-https=. If the path refers to an AF_UNIX stream socket in
110           the file system a connection is made to it and the certificate read
111           from it.
112
113       --trust=
114           Takes a path to a SSL CA certificate file in PEM format, or all. If
115           all is set, then certificate checking will be disabled. Defaults to
116           /etc/ssl/ca/trusted.pem. This option can be used with
117           --listen-https=. If the path refers to an AF_UNIX stream socket in
118           the file system a connection is made to it and the certificate read
119           from it.
120
121       --gnutls-log=
122           Takes a comma separated list of gnutls logging categories. This
123           option can be used with --listen-http= or --listen-https=.
124

SINKS

126       The location of the output journal can be specified with -o or
127       --output=.
128
129       --output=FILE
130           Will write to this journal file. The filename must end with
131           .journal. The file will be created if it does not exist. If
132           necessary (journal file full, or corrupted), the file will be
133           renamed following normal journald rules and a new journal file will
134           be created in its stead.
135
136       --output=DIR
137           Will create journal files underneath directory DIR. The directory
138           must exist. If necessary (journal files over size, or corrupted),
139           journal files will be rotated following normal journald rules.
140           Names of files underneath DIR will be generated using the rules
141           described below.
142
143       If --output= is not used, the output directory /var/log/journal/remote/
144       will be used. In case the output file is not specified, journal files
145       will be created underneath the selected directory. Files will be called
146       remote-hostname.journal, where the hostname part is the escaped
147       hostname of the source endpoint of the connection, or the numerical
148       address if the hostname cannot be determined.
149
150       In the case that "active" sources are given by the positional arguments
151       or --getter= option, the output file name must always be given
152       explicitly.
153

OPTIONS

155       The following options are understood:
156
157       --split-mode
158           One of none or host. For the first, only one output journal file is
159           used. For the latter, a separate output file is used, based on the
160           hostname of the other endpoint of a connection.
161
162           In the case that "active" sources are given by the positional
163           arguments or --getter= option, the output file name must always be
164           given explicitly and only none is allowed.
165
166       --compress [BOOL]
167           If this is set to "yes" then compress the data in the journal using
168           XZ. The default is "yes".
169
170       --seal [BOOL]
171           If this is set to "yes" then periodically sign the data in the
172           journal using Forward Secure Sealing. The default is "no".
173
174       -h, --help
175           Print a short help text and exit.
176
177       --version
178           Print a short version string and exit.
179

EXAMPLES

181       Copy local journal events to a different journal directory:
182
183           journalctl -o export | systemd-journal-remote -o /tmp/dir/foo.journal -
184
185
186       Retrieve all available events from a remote systemd-journal-gatewayd(8)
187       instance and store them in
188       /var/log/journal/remote/remote-some.host.journal:
189
190           systemd-journal-remote --url http://some.host:19531/
191
192
193       Retrieve current boot events and wait for new events from a remote
194       systemd-journal-gatewayd(8) instance, and store them in
195       /var/log/journal/remote/remote-some.host.journal:
196
197           systemd-journal-remote --url http://some.host:19531/entries?boot&follow
198
199
200

SEE ALSO

202       journal-remote.conf(5), journalctl(1), systemd-journal-
203       gatewayd.service(8), systemd-journal-upload.service(8), systemd-
204       journald.service(8)
205

NOTES

207        1. Journal Export Format
208           https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format
209
210
211
212systemd 250                                  SYSTEMD-JOURNAL-REMOTE.SERVICE(8)
Impressum