[thirdparty/systemd.git] / man / systemd-journal-upload.service.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>

<!--
  SPDX-License-Identifier: LGPL-2.1+

  Copyright © 2014 Zbigniew Jędrzejewski-Szmek
-->

<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-journal-upload.service</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-journal-upload.service</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-journal-upload.service</refname>
    <refname>systemd-journal-upload</refname>
    <refpurpose>Send journal messages over the network</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <para><filename>systemd-journal-upload.service</filename></para>
    <cmdsynopsis>
      <command>/usr/lib/systemd/systemd-journal-upload</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
      <arg choice="opt" rep="repeat">SOURCES</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
    with <option>--url=</option>. This program reads journal entries from one or more journal files,
    similarly to
    <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    Unless limited by one of the options specified below, all journal entries accessible to the user
    the program is running as will be uploaded, and then the program will wait and send new entries
    as they become available.</para>

    <para><filename>systemd-journal-upload.service</filename> is a system service that uses
    <command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
    configuration in
    <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
    At least the <varname>URL=</varname> option must be specified.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <variablelist>
      <varlistentry>
        <term><option>-u</option></term>
        <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
        <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>

        <listitem><para>Upload to the specified
        address. <replaceable>URL</replaceable> may specify either
        just the hostname or both the protocol and
        hostname. <constant>https</constant> is the default.
        The port number may be specified after a colon (<literal>:</literal>),
        otherwise <constant>19532</constant> will be used by default.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--system</option></term>
        <term><option>--user</option></term>

        <listitem><para>Limit uploaded entries to entries from system
        services and the kernel, or to entries from services of
        current user. This has the same meaning as
        <option>--system</option> and <option>--user</option> options
        for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
        neither is specified, all accessible entries are uploaded.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-m</option></term>
        <term><option>--merge</option></term>

        <listitem><para>Upload entries interleaved from all available
        journals, including other machines. This has the same meaning
        as <option>--merge</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-D</option></term>
        <term><option>--directory=<replaceable>DIR</replaceable></option></term>

        <listitem><para>Takes a directory path as argument. Upload
        entries from the specified journal directory
        <replaceable>DIR</replaceable> instead of the default runtime
        and system journal paths. This has the same meaning as
        <option>--directory=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--file=<replaceable>GLOB</replaceable></option></term>

        <listitem><para>Takes a file glob as an argument. Upload
        entries from the specified journal files matching
        <replaceable>GLOB</replaceable> instead of the default runtime
        and system journal paths. May be specified multiple times, in
        which case files will be suitably interleaved. This has the same meaning as
        <option>--file=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal specified by the passed cursor. This has the same
        meaning as <option>--cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--after-cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the this cursor.  This has the same meaning as
        <option>--after-cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the cursor saved in file at <replaceable>PATH</replaceable>
        (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
        After an entry is successfully uploaded, update this file
        with the cursor of that entry.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>

        <listitem><para>
          If set to yes, then <command>systemd-journal-upload</command> waits for input.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--key=</option></term>

        <listitem><para>
          Takes a path to a SSL key file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cert=</option></term>

        <listitem><para>
          Takes a path to a SSL certificate file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--trust=</option></term>

        <listitem><para>
          Takes a path to a SSL CA certificate file in PEM format,
          or <option>all</option>. If <option>all</option> is set,
          then certificate checking will be disabled.
          Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned; otherwise, a non-zero
    failure code is returned.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <title>Setting up certificates for authentication</title>

      <para>Certificates signed by a trusted authority are used to
      verify that the server to which messages are uploaded is
      legitimate, and vice versa, that the client is trusted.</para>

      <para>A suitable set of certificates can be generated with
      <command>openssl</command>. Note, 2048 bits of key length
      is minimally recommended to use for security reasons:</para>

      <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
      -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

cat &gt;ca.conf &lt;&lt;EOF
[ ca ]
default_ca = this

[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
EOF

touch index
echo 0001 &gt;serial

SERVER=server
CLIENT=client

openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>

      <para>Generated files <filename>ca.pem</filename>,
      <filename>server.pem</filename>, and
      <filename>server.key</filename> should be installed on server,
      and <filename>ca.pem</filename>,
      <filename>client.pem</filename>, and
      <filename>client.key</filename> on the client. The location of
      those files can be specified using
      <varname>TrustedCertificateFile=</varname>,
      <varname>ServerCertificateFile=</varname>,
      <varname>ServerKeyFile=</varname>, in
      <filename>/etc/systemd/journal-remote.conf</filename> and
      <filename>/etc/systemd/journal-upload.conf</filename>,
      respectively. The default locations can be queried by using
      <command>systemd-journal-remote --help</command> and
      <command>systemd-journal-upload --help</command>.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
3802a3d3	1	<?xml version='1.0'?> <!--- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil --->
330427e2	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3db93b3f YW	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
	4	<!ENTITY % entities SYSTEM "custom-entities.ent" >
	5	%entities;
	6	]>
330427e2 ZJS	7
330427e2 ZJS	8	<!--
572eb058 ZJS	9	SPDX-License-Identifier: LGPL-2.1+
572eb058 ZJS	10
96b2fb93	11	Copyright © 2014 Zbigniew Jędrzejewski-Szmek
330427e2 ZJS	12	-->
	13
	14	<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
	15	xmlns:xi="http://www.w3.org/2001/XInclude">
	16
	17	<refentryinfo>
1f416853	18	<title>systemd-journal-upload.service</title>
330427e2	19	<productname>systemd</productname>
330427e2 ZJS	20	</refentryinfo>
	21
	22	<refmeta>
1f416853	23	<refentrytitle>systemd-journal-upload.service</refentrytitle>
330427e2 ZJS	24	<manvolnum>8</manvolnum>
	25	</refmeta>
	26
	27	<refnamediv>
1f416853	28	<refname>systemd-journal-upload.service</refname>
330427e2 ZJS	29	<refname>systemd-journal-upload</refname>
	30	<refpurpose>Send journal messages over the network</refpurpose>
	31	</refnamediv>
	32
	33	<refsynopsisdiv>
1f416853	34	<para><filename>systemd-journal-upload.service</filename></para>
330427e2	35	<cmdsynopsis>
1f416853	36	<command>/usr/lib/systemd/systemd-journal-upload</command>
330427e2 ZJS	37	<arg choice="opt" rep="repeat">OPTIONS</arg>
	38	<arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
	39	<arg choice="opt" rep="repeat">SOURCES</arg>
	40	</cmdsynopsis>
	41	</refsynopsisdiv>
	42
	43	<refsect1>
	44	<title>Description</title>
	45
c643653e	46	<para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
492cb509	47	with <option>--url=</option>. This program reads journal entries from one or more journal files,
c643653e ZJS	48	similarly to
	49	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	50	Unless limited by one of the options specified below, all journal entries accessible to the user
	51	the program is running as will be uploaded, and then the program will wait and send new entries
	52	as they become available.</para>
0b063391 ZJS	53
	54	<para><filename>systemd-journal-upload.service</filename> is a system service that uses
	55	<command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
	56	configuration in
	57	<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
	58	At least the <varname>URL=</varname> option must be specified.</para>
330427e2 ZJS	59	</refsect1>
	60
	61	<refsect1>
	62	<title>Options</title>
	63
	64	<variablelist>
	65	<varlistentry>
	66	<term><option>-u</option></term>
767f565f YW	67	<term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
767f565f YW	68	<term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
330427e2 ZJS	69
	70	<listitem><para>Upload to the specified
	71	address. <replaceable>URL</replaceable> may specify either
	72	just the hostname or both the protocol and
	73	hostname. <constant>https</constant> is the default.
767f565f YW	74	The port number may be specified after a colon (<literal>:</literal>),
767f565f YW	75	otherwise <constant>19532</constant> will be used by default.
330427e2 ZJS	76	</para></listitem>
	77	</varlistentry>
	78
	79	<varlistentry>
	80	<term><option>--system</option></term>
	81	<term><option>--user</option></term>
	82
	83	<listitem><para>Limit uploaded entries to entries from system
	84	services and the kernel, or to entries from services of
	85	current user. This has the same meaning as
	86	<option>--system</option> and <option>--user</option> options
	87	for
	88	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
	89	neither is specified, all accessible entries are uploaded.
	90	</para></listitem>
	91	</varlistentry>
	92
	93	<varlistentry>
	94	<term><option>-m</option></term>
	95	<term><option>--merge</option></term>
	96
	97	<listitem><para>Upload entries interleaved from all available
	98	journals, including other machines. This has the same meaning
	99	as <option>--merge</option> option for
	100	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	101	</varlistentry>
	102
	103	<varlistentry>
	104	<term><option>-D</option></term>
	105	<term><option>--directory=<replaceable>DIR</replaceable></option></term>
	106
	107	<listitem><para>Takes a directory path as argument. Upload
	108	entries from the specified journal directory
	109	<replaceable>DIR</replaceable> instead of the default runtime
	110	and system journal paths. This has the same meaning as
492cb509	111	<option>--directory=</option> option for
330427e2 ZJS	112	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	113	</para></listitem>
	114	</varlistentry>
	115
	116	<varlistentry>
	117	<term><option>--file=<replaceable>GLOB</replaceable></option></term>
	118
	119	<listitem><para>Takes a file glob as an argument. Upload
	120	entries from the specified journal files matching
	121	<replaceable>GLOB</replaceable> instead of the default runtime
	122	and system journal paths. May be specified multiple times, in
	123	which case files will be suitably interleaved. This has the same meaning as
492cb509	124	<option>--file=</option> option for
330427e2 ZJS	125	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	126	</para></listitem>
	127	</varlistentry>
	128
	129	<varlistentry>
	130	<term><option>--cursor=</option></term>
	131
	132	<listitem><para>Upload entries from the location in the
	133	journal specified by the passed cursor. This has the same
492cb509	134	meaning as <option>--cursor=</option> option for
330427e2 ZJS	135	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	136	</varlistentry>
	137
	138	<varlistentry>
	139	<term><option>--after-cursor=</option></term>
	140
	141	<listitem><para>Upload entries from the location in the
	142	journal <emphasis>after</emphasis> the location specified by
	143	the this cursor. This has the same meaning as
492cb509	144	<option>--after-cursor=</option> option for
330427e2 ZJS	145	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	146	</para></listitem>
	147	</varlistentry>
	148
330427e2 ZJS	149	<varlistentry>
	150	<term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
	151
	152	<listitem><para>Upload entries from the location in the
	153	journal <emphasis>after</emphasis> the location specified by
	154	the cursor saved in file at <replaceable>PATH</replaceable>
	155	(<filename>/var/lib/systemd/journal-upload/state</filename> by default).
	156	After an entry is successfully uploaded, update this file
	157	with the cursor of that entry.
	158	</para></listitem>
	159	</varlistentry>
	160
3db93b3f YW	161	<varlistentry>
	162	<term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>
	163
	164	<listitem><para>
	165	If set to yes, then <command>systemd-journal-upload</command> waits for input.
	166	</para></listitem>
	167	</varlistentry>
	168
	169	<varlistentry>
	170	<term><option>--key=</option></term>
	171
	172	<listitem><para>
	173	Takes a path to a SSL key file in PEM format.
	174	Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
	175	</para></listitem>
	176	</varlistentry>
	177
	178	<varlistentry>
	179	<term><option>--cert=</option></term>
	180
	181	<listitem><para>
	182	Takes a path to a SSL certificate file in PEM format.
	183	Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
	184	</para></listitem>
	185	</varlistentry>
	186
	187	<varlistentry>
	188	<term><option>--trust=</option></term>
	189
	190	<listitem><para>
	191	Takes a path to a SSL CA certificate file in PEM format,
	192	or <option>all</option>. If <option>all</option> is set,
	193	then certificate checking will be disabled.
	194	Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
	195	</para></listitem>
	196	</varlistentry>
	197
330427e2 ZJS	198	<xi:include href="standard-options.xml" xpointer="help" />
	199	<xi:include href="standard-options.xml" xpointer="version" />
	200	</variablelist>
	201	</refsect1>
	202
	203	<refsect1>
	204	<title>Exit status</title>
	205
	206	<para>On success, 0 is returned; otherwise, a non-zero
	207	failure code is returned.</para>
	208	</refsect1>
	209
99a1ab10 ZJS	210	<refsect1>
	211	<title>Examples</title>
	212	<example>
	213	<title>Setting up certificates for authentication</title>
	214
	215	<para>Certificates signed by a trusted authority are used to
	216	verify that the server to which messages are uploaded is
	217	legitimate, and vice versa, that the client is trusted.</para>
	218
	219	<para>A suitable set of certificates can be generated with
b5340a29	220	<command>openssl</command>. Note, 2048 bits of key length
32f511ec	221	is minimally recommended to use for security reasons:</para>
99a1ab10 ZJS	222
	223	<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
	224	-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
	225
b938cb90	226	cat >ca.conf <<EOF
99a1ab10 ZJS	227	[ ca ]
	228	default_ca = this
	229
	230	[ this ]
	231	new_certs_dir = .
	232	certificate = ca.pem
	233	database = ./index
	234	private_key = ca.key
	235	serial = ./serial
	236	default_days = 3650
	237	default_md = default
	238	policy = policy_anything
	239
	240	[ policy_anything ]
	241	countryName = optional
	242	stateOrProvinceName = optional
	243	localityName = optional
	244	organizationName = optional
	245	organizationalUnitName = optional
	246	commonName = supplied
	247	emailAddress = optional
	248	EOF
	249
	250	touch index
b938cb90	251	echo 0001 >serial
99a1ab10 ZJS	252
	253	SERVER=server
	254	CLIENT=client
	255
562b65ca	256	openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
99a1ab10 ZJS	257	openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
99a1ab10 ZJS	258
562b65ca	259	openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
99a1ab10 ZJS	260	openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
	261	</programlisting>
	262
	263	<para>Generated files <filename>ca.pem</filename>,
	264	<filename>server.pem</filename>, and
	265	<filename>server.key</filename> should be installed on server,
	266	and <filename>ca.pem</filename>,
	267	<filename>client.pem</filename>, and
	268	<filename>client.key</filename> on the client. The location of
	269	those files can be specified using
	270	<varname>TrustedCertificateFile=</varname>,
	271	<varname>ServerCertificateFile=</varname>,
	272	<varname>ServerKeyFile=</varname>, in
12b42c76	273	<filename>/etc/systemd/journal-remote.conf</filename> and
b938cb90	274	<filename>/etc/systemd/journal-upload.conf</filename>,
99a1ab10 ZJS	275	respectively. The default locations can be queried by using
	276	<command>systemd-journal-remote --help</command> and
	277	<command>systemd-journal-upload --help</command>.</para>
	278	</example>
	279	</refsect1>
	280
330427e2 ZJS	281	<refsect1>
	282	<title>See Also</title>
	283	<para>
3eff246a	284	<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
1f416853	285	<citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e2 ZJS	286	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	287	<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	288	<citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	289	</para>
	290	</refsect1>
	291	</refentry>