1SYSTEMD-JOURNAL-UPLOAD.SEsRyVsItCeEm(d8-)journal-uploadS.YsSeTrEvMiDc-eJOURNAL-UPLOAD.SERVICE(8)
2
3
4
6 systemd-journal-upload.service, systemd-journal-upload - Send journal
7 messages over the network
8
10 systemd-journal-upload.service
11
12 /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL]
13 [SOURCES...]
14
16 systemd-journal-upload will upload journal entries to the URL specified
17 with --url=. This program reads journal entries from one or more
18 journal files, similarly to journalctl(1). Unless limited by one of the
19 options specified below, all journal entries accessible to the user the
20 program is running as will be uploaded, and then the program will wait
21 and send new entries as they become available.
22
23 systemd-journal-upload transfers the raw content of journal file and
24 uses HTTP as a transport protocol.
25
26 systemd-journal-upload.service is a system service that uses
27 systemd-journal-upload to upload journal entries to a server. It uses
28 the configuration in journal-upload.conf(5). At least the URL= option
29 must be specified.
30
32 -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
33 Upload to the specified address. URL may specify either just the
34 hostname or both the protocol and hostname. https is the default.
35 The port number may be specified after a colon (":"), otherwise
36 19532 will be used by default.
37
38 --system, --user
39 Limit uploaded entries to entries from system services and the
40 kernel, or to entries from services of current user. This has the
41 same meaning as --system and --user options for journalctl(1). If
42 neither is specified, all accessible entries are uploaded.
43
44 -m, --merge
45 Upload entries interleaved from all available journals, including
46 other machines. This has the same meaning as --merge option for
47 journalctl(1).
48
49 -D, --directory=DIR
50 Takes a directory path as argument. Upload entries from the
51 specified journal directory DIR instead of the default runtime and
52 system journal paths. This has the same meaning as --directory=
53 option for journalctl(1).
54
55 --file=GLOB
56 Takes a file glob as an argument. Upload entries from the specified
57 journal files matching GLOB instead of the default runtime and
58 system journal paths. May be specified multiple times, in which
59 case files will be suitably interleaved. This has the same meaning
60 as --file= option for journalctl(1).
61
62 --cursor=
63 Upload entries from the location in the journal specified by the
64 passed cursor. This has the same meaning as --cursor= option for
65 journalctl(1).
66
67 --after-cursor=
68 Upload entries from the location in the journal after the location
69 specified by the this cursor. This has the same meaning as
70 --after-cursor= option for journalctl(1).
71
72 --save-state[=PATH]
73 Upload entries from the location in the journal after the location
74 specified by the cursor saved in file at PATH
75 (/var/lib/systemd/journal-upload/state by default). After an entry
76 is successfully uploaded, update this file with the cursor of that
77 entry.
78
79 --follow[=BOOL]
80 If set to yes, then systemd-journal-upload waits for input.
81
82 --key=
83 Takes a path to a SSL key file in PEM format, or -. If - is set,
84 then client certificate authentication checking will be disabled.
85 Defaults to /etc/ssl/private/journal-upload.pem.
86
87 --cert=
88 Takes a path to a SSL certificate file in PEM format, or -. If - is
89 set, then client certificate authentication checking will be
90 disabled. Defaults to /etc/ssl/certs/journal-upload.pem.
91
92 --trust=
93 Takes a path to a SSL CA certificate file in PEM format, or -/all.
94 If -/all is set, then certificate checking will be disabled.
95 Defaults to /etc/ssl/ca/trusted.pem.
96
97 -h, --help
98 Print a short help text and exit.
99
100 --version
101 Print a short version string and exit.
102
104 On success, 0 is returned; otherwise, a non-zero failure code is
105 returned.
106
108 Example 1. Setting up certificates for authentication
109
110 Certificates signed by a trusted authority are used to verify that the
111 server to which messages are uploaded is legitimate, and vice versa,
112 that the client is trusted.
113
114 A suitable set of certificates can be generated with openssl. Note,
115 2048 bits of key length is minimally recommended to use for security
116 reasons:
117
118 openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
119 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
120
121 cat >ca.conf <<EOF
122 [ ca ]
123 default_ca = this
124
125 [ this ]
126 new_certs_dir = .
127 certificate = ca.pem
128 database = ./index
129 private_key = ca.key
130 serial = ./serial
131 default_days = 3650
132 default_md = default
133 policy = policy_anything
134
135 [ policy_anything ]
136 countryName = optional
137 stateOrProvinceName = optional
138 localityName = optional
139 organizationName = optional
140 organizationalUnitName = optional
141 commonName = supplied
142 emailAddress = optional
143 EOF
144
145 touch index
146 echo 0001 >serial
147
148 SERVER=server
149 CLIENT=client
150
151 openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
152 openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
153
154 openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
155 openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
156
157 Generated files ca.pem, server.pem, and server.key should be installed
158 on server, and ca.pem, client.pem, and client.key on the client. The
159 location of those files can be specified using TrustedCertificateFile=,
160 ServerCertificateFile=, and ServerKeyFile= in
161 /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf,
162 respectively. The default locations can be queried by using
163 systemd-journal-remote --help and systemd-journal-upload --help.
164
166 journal-upload.conf(5), systemd-journal-remote.service(8),
167 journalctl(1), systemd-journald.service(8), systemd-journal-
168 gatewayd.service(8)
169
170
171
172systemd 251 SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)