MAN-J
Man PagesPricing
LoginGet Started
systemd-journal-upload(8)
Original
English • 201 lines
SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)		systemd-journal-upload.service

NAME
       systemd-journal-upload.service, systemd-journal-upload - Send journal
       messages over the network

SYNOPSIS
       systemd-journal-upload.service

       /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL]
					       [SOURCES...]

DESCRIPTION
       systemd-journal-upload will upload journal entries to the URL specified
       with --url=. This program reads journal entries from one or more
       journal files, similarly to journalctl(1). Unless limited by one of the
       options specified below, all journal entries accessible to the user the
       program is running as will be uploaded, and then the program will wait
       and send new entries as they become available.

       systemd-journal-upload transfers the raw content of journal file and
       uses HTTP as a transport protocol.

       systemd-journal-upload.service is a system service that uses
       systemd-journal-upload to upload journal entries to a server. It uses
       the configuration in journal-upload.conf(5). At least the URL= option
       must be specified.

OPTIONS
       -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
	   Upload to the specified address.  URL may specify either just the
	   hostname or both the protocol and hostname.	https is the default.
	   The port number may be specified after a colon (":"), otherwise
	   19532 will be used by default.

	   Added in version 239.

       --system, --user
	   Limit uploaded entries to entries from system services and the
	   kernel, or to entries from services of current user. This has the
	   same meaning as --system and --user options for journalctl(1). If
	   neither is specified, all accessible entries are uploaded.

	   Added in version 239.

       -m, --merge
	   Upload entries interleaved from all available journals, including
	   other machines. This has the same meaning as --merge option for
	   journalctl(1).

	   Added in version 239.

       --namespace=NAMESPACE
	   Takes a journal namespace identifier string as argument. Upload
	   entries from the specified journal namespace NAMESPACE instead of
	   the default namespace. This has the same meaning as --namespace=
	   option for journalctl(1).

	   Added in version 254.

       -D, --directory=DIR
	   Takes a directory path as argument. Upload entries from the
	   specified journal directory DIR instead of the default runtime and
	   system journal paths. This has the same meaning as --directory=
	   option for journalctl(1).

	   Added in version 239.

       --file=GLOB
	   Takes a file glob as an argument. Upload entries from the specified
	   journal files matching GLOB instead of the default runtime and
	   system journal paths. May be specified multiple times, in which
	   case files will be suitably interleaved. This has the same meaning
	   as --file= option for journalctl(1).

	   Added in version 239.

       --cursor=
	   Upload entries from the location in the journal specified by the
	   passed cursor. This has the same meaning as --cursor= option for
	   journalctl(1).

	   Added in version 239.

       --after-cursor=
	   Upload entries from the location in the journal after the location
	   specified by the this cursor. This has the same meaning as
	   --after-cursor= option for journalctl(1).

	   Added in version 239.

       --save-state[=PATH]
	   Upload entries from the location in the journal after the location
	   specified by the cursor saved in file at PATH
	   (/var/lib/systemd/journal-upload/state by default). After an entry
	   is successfully uploaded, update this file with the cursor of that
	   entry.

	   Added in version 239.

       --follow[=BOOL]
	   If set to yes, then systemd-journal-upload waits for input.

	   Added in version 239.

       --key=
	   Takes a path to a SSL key file in PEM format, or -. If - is set,
	   then client certificate authentication checking will be disabled.
	   Defaults to /etc/ssl/private/journal-upload.pem.

	   Added in version 239.

       --cert=
	   Takes a path to a SSL certificate file in PEM format, or -. If - is
	   set, then client certificate authentication checking will be
	   disabled. Defaults to /etc/ssl/certs/journal-upload.pem.

	   Added in version 239.

       --trust=
	   Takes a path to a SSL CA certificate file in PEM format, or -/all.
	   If -/all is set, then certificate checking will be disabled.
	   Defaults to /etc/ssl/ca/trusted.pem.

	   Added in version 239.

       -h, --help
	   Print a short help text and exit.

       --version
	   Print a short version string and exit.

EXIT STATUS
       On success, 0 is returned; otherwise, a non-zero failure code is
       returned.

EXAMPLES
       Example 1. Setting up certificates for authentication

       Certificates signed by a trusted authority are used to verify that the
       server to which messages are uploaded is legitimate, and vice versa,
       that the client is trusted.

       A suitable set of certificates can be generated with openssl. Note,
       2048 bits of key length is minimally recommended to use for security
       reasons:

	   openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
		 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

	   cat >ca.conf <<EOF
	   [ ca ]
	   default_ca = this

	   [ this ]
	   new_certs_dir = .
	   certificate = ca.pem
	   database = ./index
	   private_key = ca.key
	   serial = ./serial
	   default_days = 3650
	   default_md = default
	   policy = policy_anything

	   [ policy_anything ]
	   countryName		   = optional
	   stateOrProvinceName	   = optional
	   localityName		   = optional
	   organizationName	   = optional
	   organizationalUnitName  = optional
	   commonName		   = supplied
	   emailAddress		   = optional
	   EOF

	   touch index
	   echo 0001 >serial

	   SERVER=server
	   CLIENT=client

	   openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
	   openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

	   openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
	   openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem

       Generated files ca.pem, server.pem, and server.key should be installed
       on server, and ca.pem, client.pem, and client.key on the client. The
       location of those files can be specified using TrustedCertificateFile=,
       ServerCertificateFile=, and ServerKeyFile= in
       /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf,
       respectively. The default locations can be queried by using
       systemd-journal-remote --help and systemd-journal-upload --help.

SEE ALSO
       journal-upload.conf(5), systemd-journal-remote.service(8),
       journalctl(1), systemd-journald.service(8), systemd-journal-
       gatewayd.service(8)

systemd 258				     SYSTEMD-JOURNAL-UPLOAD.SERVICE(8)

systemd-journal-upload(8)

systemdjournalupload.service, systemdjournalupload \- Send journal messages over the network

0popularity

System Information

systemd 258 1.0.0
Updated
Maintained by Unknown

Actions