1SYSTEMD-JOURNAL-UPLOAD.SEsRyVsItCeEm(d8-)journal-uploadS.YsSeTrEvMiDc-eJOURNAL-UPLOAD.SERVICE(8)
2
3
4

NAME

6       systemd-journal-upload.service, systemd-journal-upload - Send journal
7       messages over the network
8

SYNOPSIS

10       systemd-journal-upload.service
11
12       /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL]
13                                               [SOURCES...]
14

DESCRIPTION

16       systemd-journal-upload will upload journal entries to the URL specified
17       with --url=. This program reads journal entries from one or more
18       journal files, similarly to journalctl(1). Unless limited by one of the
19       options specified below, all journal entries accessible to the user the
20       program is running as will be uploaded, and then the program will wait
21       and send new entries as they become available.
22
23       systemd-journal-upload transfers the raw content of journal file and
24       uses HTTP as a transport protocol.
25
26       systemd-journal-upload.service is a system service that uses
27       systemd-journal-upload to upload journal entries to a server. It uses
28       the configuration in journal-upload.conf(5). At least the URL= option
29       must be specified.
30

OPTIONS

32       -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
33           Upload to the specified address.  URL may specify either just the
34           hostname or both the protocol and hostname.  https is the default.
35           The port number may be specified after a colon (":"), otherwise
36           19532 will be used by default.
37
38       --system, --user
39           Limit uploaded entries to entries from system services and the
40           kernel, or to entries from services of current user. This has the
41           same meaning as --system and --user options for journalctl(1). If
42           neither is specified, all accessible entries are uploaded.
43
44       -m, --merge
45           Upload entries interleaved from all available journals, including
46           other machines. This has the same meaning as --merge option for
47           journalctl(1).
48
49       --namespace=NAMESPACE
50           Takes a journal namespace identifier string as argument. Upload
51           entries from the specified journal namespace NAMESPACE instead of
52           the default namespace. This has the same meaning as --namespace=
53           option for journalctl(1).
54
55       -D, --directory=DIR
56           Takes a directory path as argument. Upload entries from the
57           specified journal directory DIR instead of the default runtime and
58           system journal paths. This has the same meaning as --directory=
59           option for journalctl(1).
60
61       --file=GLOB
62           Takes a file glob as an argument. Upload entries from the specified
63           journal files matching GLOB instead of the default runtime and
64           system journal paths. May be specified multiple times, in which
65           case files will be suitably interleaved. This has the same meaning
66           as --file= option for journalctl(1).
67
68       --cursor=
69           Upload entries from the location in the journal specified by the
70           passed cursor. This has the same meaning as --cursor= option for
71           journalctl(1).
72
73       --after-cursor=
74           Upload entries from the location in the journal after the location
75           specified by the this cursor. This has the same meaning as
76           --after-cursor= option for journalctl(1).
77
78       --save-state[=PATH]
79           Upload entries from the location in the journal after the location
80           specified by the cursor saved in file at PATH
81           (/var/lib/systemd/journal-upload/state by default). After an entry
82           is successfully uploaded, update this file with the cursor of that
83           entry.
84
85       --follow[=BOOL]
86           If set to yes, then systemd-journal-upload waits for input.
87
88       --key=
89           Takes a path to a SSL key file in PEM format, or -. If - is set,
90           then client certificate authentication checking will be disabled.
91           Defaults to /etc/ssl/private/journal-upload.pem.
92
93       --cert=
94           Takes a path to a SSL certificate file in PEM format, or -. If - is
95           set, then client certificate authentication checking will be
96           disabled. Defaults to /etc/ssl/certs/journal-upload.pem.
97
98       --trust=
99           Takes a path to a SSL CA certificate file in PEM format, or -/all.
100           If -/all is set, then certificate checking will be disabled.
101           Defaults to /etc/ssl/ca/trusted.pem.
102
103       -h, --help
104           Print a short help text and exit.
105
106       --version
107           Print a short version string and exit.
108

EXIT STATUS

110       On success, 0 is returned; otherwise, a non-zero failure code is
111       returned.
112

EXAMPLES

114       Example 1. Setting up certificates for authentication
115
116       Certificates signed by a trusted authority are used to verify that the
117       server to which messages are uploaded is legitimate, and vice versa,
118       that the client is trusted.
119
120       A suitable set of certificates can be generated with openssl. Note,
121       2048 bits of key length is minimally recommended to use for security
122       reasons:
123
124           openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
125                 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
126
127           cat >ca.conf <<EOF
128           [ ca ]
129           default_ca = this
130
131           [ this ]
132           new_certs_dir = .
133           certificate = ca.pem
134           database = ./index
135           private_key = ca.key
136           serial = ./serial
137           default_days = 3650
138           default_md = default
139           policy = policy_anything
140
141           [ policy_anything ]
142           countryName             = optional
143           stateOrProvinceName     = optional
144           localityName            = optional
145           organizationName        = optional
146           organizationalUnitName  = optional
147           commonName              = supplied
148           emailAddress            = optional
149           EOF
150
151           touch index
152           echo 0001 >serial
153
154           SERVER=server
155           CLIENT=client
156
157           openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
158           openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
159
160           openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
161           openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
162
163       Generated files ca.pem, server.pem, and server.key should be installed
164       on server, and ca.pem, client.pem, and client.key on the client. The
165       location of those files can be specified using TrustedCertificateFile=,
166       ServerCertificateFile=, and ServerKeyFile= in
167       /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf,
168       respectively. The default locations can be queried by using
169       systemd-journal-remote --help and systemd-journal-upload --help.
170

SEE ALSO

172       journal-upload.conf(5), systemd-journal-remote.service(8),
173       journalctl(1), systemd-journald.service(8), systemd-journal-
174       gatewayd.service(8)
175
176
177
178systemd 254                                  SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)
Impressum