<!--
SPDX-License-Identifier: LGPL-2.1+
- This file is part of systemd.
-
- Copyright 2014 Zbigniew Jędrzejewski-Szmek
+ Copyright © 2014 Zbigniew Jędrzejewski-Szmek
-->
<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
Unless limited by one of the options specified below, all journal entries accessible to the user
the program is running as will be uploaded, and then the program will wait and send new entries
as they become available.</para>
+
+ <para><filename>systemd-journal-upload.service</filename> is a system service that uses
+ <command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
+ configuration in
+ <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
+ At least the <varname>URL=</varname> option must be specified.</para>
</refsect1>
<refsect1>
<variablelist>
<varlistentry>
<term><option>-u</option></term>
- <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
- <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>
+ <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
+ <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
<listitem><para>Upload to the specified
address. <replaceable>URL</replaceable> may specify either
just the hostname or both the protocol and
hostname. <constant>https</constant> is the default.
+ The port number may be specified after a colon (<literal>:</literal>),
+ otherwise <constant>19532</constant> will be used by default.
</para></listitem>
</varlistentry>
legitimate, and vice versa, that the client is trusted.</para>
<para>A suitable set of certificates can be generated with
- <command>openssl</command>:</para>
+ <command>openssl</command>. Note, 2048 bits of key length
+ is minimally recommended to use for security reasons:</para>
<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
SERVER=server
CLIENT=client
-openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
+openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
-openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
+openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>
<refsect1>
<title>See Also</title>
<para>
+ <citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
projects / thirdparty / systemd.git / blobdiff