[thirdparty/systemd.git] / man / systemd-journal-upload.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>

<!--
  SPDX-License-Identifier: LGPL-2.1+

  This file is part of systemd.

  Copyright 2014 Zbigniew Jędrzejewski-Szmek
-->

<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-journal-upload</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Zbigniew</firstname>
        <surname>Jędrzejewski-Szmek</surname>
        <email>zbyszek@in.waw.pl</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-journal-upload</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-journal-upload</refname>
    <refpurpose>Send journal messages over the network</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-journal-upload</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
      <arg choice="opt" rep="repeat">SOURCES</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
    with <option>--url=</option>. This program reads journal entries from one or more journal files,
    similarly to
    <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
    Unless limited by one of the options specified below, all journal entries accessible to the user
    the program is running as will be uploaded, and then the program will wait and send new entries
    as they become available.</para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <variablelist>
      <varlistentry>
        <term><option>-u</option></term>
        <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
        <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>

        <listitem><para>Upload to the specified
        address. <replaceable>URL</replaceable> may specify either
        just the hostname or both the protocol and
        hostname. <constant>https</constant> is the default.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--system</option></term>
        <term><option>--user</option></term>

        <listitem><para>Limit uploaded entries to entries from system
        services and the kernel, or to entries from services of
        current user. This has the same meaning as
        <option>--system</option> and <option>--user</option> options
        for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
        neither is specified, all accessible entries are uploaded.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-m</option></term>
        <term><option>--merge</option></term>

        <listitem><para>Upload entries interleaved from all available
        journals, including other machines. This has the same meaning
        as <option>--merge</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-D</option></term>
        <term><option>--directory=<replaceable>DIR</replaceable></option></term>

        <listitem><para>Takes a directory path as argument. Upload
        entries from the specified journal directory
        <replaceable>DIR</replaceable> instead of the default runtime
        and system journal paths. This has the same meaning as
        <option>--directory=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--file=<replaceable>GLOB</replaceable></option></term>

        <listitem><para>Takes a file glob as an argument. Upload
        entries from the specified journal files matching
        <replaceable>GLOB</replaceable> instead of the default runtime
        and system journal paths. May be specified multiple times, in
        which case files will be suitably interleaved. This has the same meaning as
        <option>--file=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal specified by the passed cursor. This has the same
        meaning as <option>--cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--after-cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the this cursor.  This has the same meaning as
        <option>--after-cursor=</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the cursor saved in file at <replaceable>PATH</replaceable>
        (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
        After an entry is successfully uploaded, update this file
        with the cursor of that entry.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>

        <listitem><para>
          If set to yes, then <command>systemd-journal-upload</command> waits for input.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--key=</option></term>

        <listitem><para>
          Takes a path to a SSL key file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cert=</option></term>

        <listitem><para>
          Takes a path to a SSL certificate file in PEM format.
          Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--trust=</option></term>

        <listitem><para>
          Takes a path to a SSL CA certificate file in PEM format,
          or <option>all</option>. If <option>all</option> is set,
          then certificate checking will be disabled.
          Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned; otherwise, a non-zero
    failure code is returned.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <title>Setting up certificates for authentication</title>

      <para>Certificates signed by a trusted authority are used to
      verify that the server to which messages are uploaded is
      legitimate, and vice versa, that the client is trusted.</para>

      <para>A suitable set of certificates can be generated with
      <command>openssl</command>:</para>

      <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
      -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

cat &gt;ca.conf &lt;&lt;EOF
[ ca ]
default_ca = this

[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
EOF

touch index
echo 0001 &gt;serial

SERVER=server
CLIENT=client

openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>

      <para>Generated files <filename>ca.pem</filename>,
      <filename>server.pem</filename>, and
      <filename>server.key</filename> should be installed on server,
      and <filename>ca.pem</filename>,
      <filename>client.pem</filename>, and
      <filename>client.key</filename> on the client. The location of
      those files can be specified using
      <varname>TrustedCertificateFile=</varname>,
      <varname>ServerCertificateFile=</varname>,
      <varname>ServerKeyFile=</varname>, in
      <filename>/etc/systemd/journal-remote.conf</filename> and
      <filename>/etc/systemd/journal-upload.conf</filename>,
      respectively. The default locations can be queried by using
      <command>systemd-journal-remote --help</command> and
      <command>systemd-journal-upload --help</command>.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>
Commit	Line	Data
3802a3d3	1	<?xml version='1.0'?> <!--- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil --->
330427e2	2	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3db93b3f YW	3	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
	4	<!ENTITY % entities SYSTEM "custom-entities.ent" >
	5	%entities;
	6	]>
330427e2 ZJS	7
330427e2 ZJS	8	<!--
572eb058 ZJS	9	SPDX-License-Identifier: LGPL-2.1+
572eb058 ZJS	10
5de0ccff	11	This file is part of systemd.
330427e2	12
5de0ccff	13	Copyright 2014 Zbigniew Jędrzejewski-Szmek
330427e2 ZJS	14	-->
	15
	16	<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
	17	xmlns:xi="http://www.w3.org/2001/XInclude">
	18
	19	<refentryinfo>
	20	<title>systemd-journal-upload</title>
	21	<productname>systemd</productname>
	22
	23	<authorgroup>
	24	<author>
	25	<contrib>Developer</contrib>
	26	<firstname>Zbigniew</firstname>
	27	<surname>Jędrzejewski-Szmek</surname>
	28	<email>zbyszek@in.waw.pl</email>
	29	</author>
	30	</authorgroup>
	31	</refentryinfo>
	32
	33	<refmeta>
	34	<refentrytitle>systemd-journal-upload</refentrytitle>
	35	<manvolnum>8</manvolnum>
	36	</refmeta>
	37
	38	<refnamediv>
	39	<refname>systemd-journal-upload</refname>
	40	<refpurpose>Send journal messages over the network</refpurpose>
	41	</refnamediv>
	42
	43	<refsynopsisdiv>
	44	<cmdsynopsis>
	45	<command>systemd-journal-upload</command>
	46	<arg choice="opt" rep="repeat">OPTIONS</arg>
	47	<arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
	48	<arg choice="opt" rep="repeat">SOURCES</arg>
	49	</cmdsynopsis>
	50	</refsynopsisdiv>
	51
	52	<refsect1>
	53	<title>Description</title>
	54
c643653e	55	<para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
492cb509	56	with <option>--url=</option>. This program reads journal entries from one or more journal files,
c643653e ZJS	57	similarly to
	58	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	59	Unless limited by one of the options specified below, all journal entries accessible to the user
	60	the program is running as will be uploaded, and then the program will wait and send new entries
	61	as they become available.</para>
330427e2 ZJS	62	</refsect1>
	63
	64	<refsect1>
	65	<title>Options</title>
	66
	67	<variablelist>
	68	<varlistentry>
	69	<term><option>-u</option></term>
	70	<term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
	71	<term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>
	72
	73	<listitem><para>Upload to the specified
	74	address. <replaceable>URL</replaceable> may specify either
	75	just the hostname or both the protocol and
	76	hostname. <constant>https</constant> is the default.
	77	</para></listitem>
	78	</varlistentry>
	79
	80	<varlistentry>
	81	<term><option>--system</option></term>
	82	<term><option>--user</option></term>
	83
	84	<listitem><para>Limit uploaded entries to entries from system
	85	services and the kernel, or to entries from services of
	86	current user. This has the same meaning as
	87	<option>--system</option> and <option>--user</option> options
	88	for
	89	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
	90	neither is specified, all accessible entries are uploaded.
	91	</para></listitem>
	92	</varlistentry>
	93
	94	<varlistentry>
	95	<term><option>-m</option></term>
	96	<term><option>--merge</option></term>
	97
	98	<listitem><para>Upload entries interleaved from all available
	99	journals, including other machines. This has the same meaning
	100	as <option>--merge</option> option for
	101	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	102	</varlistentry>
	103
	104	<varlistentry>
	105	<term><option>-D</option></term>
	106	<term><option>--directory=<replaceable>DIR</replaceable></option></term>
	107
	108	<listitem><para>Takes a directory path as argument. Upload
	109	entries from the specified journal directory
	110	<replaceable>DIR</replaceable> instead of the default runtime
	111	and system journal paths. This has the same meaning as
492cb509	112	<option>--directory=</option> option for
330427e2 ZJS	113	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	114	</para></listitem>
	115	</varlistentry>
	116
	117	<varlistentry>
	118	<term><option>--file=<replaceable>GLOB</replaceable></option></term>
	119
	120	<listitem><para>Takes a file glob as an argument. Upload
	121	entries from the specified journal files matching
	122	<replaceable>GLOB</replaceable> instead of the default runtime
	123	and system journal paths. May be specified multiple times, in
	124	which case files will be suitably interleaved. This has the same meaning as
492cb509	125	<option>--file=</option> option for
330427e2 ZJS	126	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	127	</para></listitem>
	128	</varlistentry>
	129
	130	<varlistentry>
	131	<term><option>--cursor=</option></term>
	132
	133	<listitem><para>Upload entries from the location in the
	134	journal specified by the passed cursor. This has the same
492cb509	135	meaning as <option>--cursor=</option> option for
330427e2 ZJS	136	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
	137	</varlistentry>
	138
	139	<varlistentry>
	140	<term><option>--after-cursor=</option></term>
	141
	142	<listitem><para>Upload entries from the location in the
	143	journal <emphasis>after</emphasis> the location specified by
	144	the this cursor. This has the same meaning as
492cb509	145	<option>--after-cursor=</option> option for
330427e2 ZJS	146	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
	147	</para></listitem>
	148	</varlistentry>
	149
330427e2 ZJS	150	<varlistentry>
	151	<term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
	152
	153	<listitem><para>Upload entries from the location in the
	154	journal <emphasis>after</emphasis> the location specified by
	155	the cursor saved in file at <replaceable>PATH</replaceable>
	156	(<filename>/var/lib/systemd/journal-upload/state</filename> by default).
	157	After an entry is successfully uploaded, update this file
	158	with the cursor of that entry.
	159	</para></listitem>
	160	</varlistentry>
	161
3db93b3f YW	162	<varlistentry>
	163	<term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>
	164
	165	<listitem><para>
	166	If set to yes, then <command>systemd-journal-upload</command> waits for input.
	167	</para></listitem>
	168	</varlistentry>
	169
	170	<varlistentry>
	171	<term><option>--key=</option></term>
	172
	173	<listitem><para>
	174	Takes a path to a SSL key file in PEM format.
	175	Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
	176	</para></listitem>
	177	</varlistentry>
	178
	179	<varlistentry>
	180	<term><option>--cert=</option></term>
	181
	182	<listitem><para>
	183	Takes a path to a SSL certificate file in PEM format.
	184	Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
	185	</para></listitem>
	186	</varlistentry>
	187
	188	<varlistentry>
	189	<term><option>--trust=</option></term>
	190
	191	<listitem><para>
	192	Takes a path to a SSL CA certificate file in PEM format,
	193	or <option>all</option>. If <option>all</option> is set,
	194	then certificate checking will be disabled.
	195	Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
	196	</para></listitem>
	197	</varlistentry>
	198
330427e2 ZJS	199	<xi:include href="standard-options.xml" xpointer="help" />
	200	<xi:include href="standard-options.xml" xpointer="version" />
	201	</variablelist>
	202	</refsect1>
	203
	204	<refsect1>
	205	<title>Exit status</title>
	206
	207	<para>On success, 0 is returned; otherwise, a non-zero
	208	failure code is returned.</para>
	209	</refsect1>
	210
99a1ab10 ZJS	211	<refsect1>
	212	<title>Examples</title>
	213	<example>
	214	<title>Setting up certificates for authentication</title>
	215
	216	<para>Certificates signed by a trusted authority are used to
	217	verify that the server to which messages are uploaded is
	218	legitimate, and vice versa, that the client is trusted.</para>
	219
	220	<para>A suitable set of certificates can be generated with
	221	<command>openssl</command>:</para>
	222
	223	<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
	224	-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
	225
b938cb90	226	cat >ca.conf <<EOF
99a1ab10 ZJS	227	[ ca ]
	228	default_ca = this
	229
	230	[ this ]
	231	new_certs_dir = .
	232	certificate = ca.pem
	233	database = ./index
	234	private_key = ca.key
	235	serial = ./serial
	236	default_days = 3650
	237	default_md = default
	238	policy = policy_anything
	239
	240	[ policy_anything ]
	241	countryName = optional
	242	stateOrProvinceName = optional
	243	localityName = optional
	244	organizationName = optional
	245	organizationalUnitName = optional
	246	commonName = supplied
	247	emailAddress = optional
	248	EOF
	249
	250	touch index
b938cb90	251	echo 0001 >serial
99a1ab10 ZJS	252
	253	SERVER=server
	254	CLIENT=client
	255
	256	openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
	257	openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
	258
	259	openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
	260	openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
	261	</programlisting>
	262
	263	<para>Generated files <filename>ca.pem</filename>,
	264	<filename>server.pem</filename>, and
	265	<filename>server.key</filename> should be installed on server,
	266	and <filename>ca.pem</filename>,
	267	<filename>client.pem</filename>, and
	268	<filename>client.key</filename> on the client. The location of
	269	those files can be specified using
	270	<varname>TrustedCertificateFile=</varname>,
	271	<varname>ServerCertificateFile=</varname>,
	272	<varname>ServerKeyFile=</varname>, in
12b42c76	273	<filename>/etc/systemd/journal-remote.conf</filename> and
b938cb90	274	<filename>/etc/systemd/journal-upload.conf</filename>,
99a1ab10 ZJS	275	respectively. The default locations can be queried by using
	276	<command>systemd-journal-remote --help</command> and
	277	<command>systemd-journal-upload --help</command>.</para>
	278	</example>
	279	</refsect1>
	280
330427e2 ZJS	281	<refsect1>
	282	<title>See Also</title>
	283	<para>
	284	<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	285	<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
	286	<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
	287	<citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
	288	</para>
	289	</refsect1>
	290	</refentry>