1 <?xml version='
1.0'
?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM
"custom-entities.ent" >
9 SPDX-License-Identifier: LGPL-2.1+
11 This file is part of systemd.
13 Copyright 2014 Zbigniew Jędrzejewski-Szmek
16 <refentry id=
"systemd-journal-upload" conditional='HAVE_MICROHTTPD'
17 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
20 <title>systemd-journal-upload.service
</title>
21 <productname>systemd
</productname>
25 <contrib>Developer
</contrib>
26 <firstname>Zbigniew
</firstname>
27 <surname>Jędrzejewski-Szmek
</surname>
28 <email>zbyszek@in.waw.pl
</email>
34 <refentrytitle>systemd-journal-upload.service
</refentrytitle>
35 <manvolnum>8</manvolnum>
39 <refname>systemd-journal-upload.service
</refname>
40 <refname>systemd-journal-upload
</refname>
41 <refpurpose>Send journal messages over the network
</refpurpose>
45 <para><filename>systemd-journal-upload.service
</filename></para>
47 <command>/usr/lib/systemd/systemd-journal-upload
</command>
48 <arg choice=
"opt" rep=
"repeat">OPTIONS
</arg>
49 <arg choice=
"opt" rep=
"norepeat">-u/--url=
<replaceable>URL
</replaceable></arg>
50 <arg choice=
"opt" rep=
"repeat">SOURCES
</arg>
55 <title>Description
</title>
57 <para><command>systemd-journal-upload
</command> will upload journal entries to the URL specified
58 with
<option>--url=
</option>. This program reads journal entries from one or more journal files,
60 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
61 Unless limited by one of the options specified below, all journal entries accessible to the user
62 the program is running as will be uploaded, and then the program will wait and send new entries
63 as they become available.
</para>
65 <para><filename>systemd-journal-upload.service
</filename> is a system service that uses
66 <command>systemd-journal-upload
</command> to upload journal entries to a server. It uses the
68 <citerefentry><refentrytitle>journal-upload.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
69 At least the
<varname>URL=
</varname> option must be specified.
</para>
73 <title>Options
</title>
77 <term><option>-u
</option></term>
78 <term><option>--url=
<optional>https://
</optional><replaceable>URL
</replaceable>[:
<replaceable>PORT
</replaceable>]
</option></term>
79 <term><option>--url=
<optional>http://
</optional><replaceable>URL
</replaceable>[:
<replaceable>PORT
</replaceable>]
</option></term>
81 <listitem><para>Upload to the specified
82 address.
<replaceable>URL
</replaceable> may specify either
83 just the hostname or both the protocol and
84 hostname.
<constant>https
</constant> is the default.
85 The port number may be specified after a colon (
<literal>:
</literal>),
86 otherwise
<constant>19532</constant> will be used by default.
91 <term><option>--system
</option></term>
92 <term><option>--user
</option></term>
94 <listitem><para>Limit uploaded entries to entries from system
95 services and the kernel, or to entries from services of
96 current user. This has the same meaning as
97 <option>--system
</option> and
<option>--user
</option> options
99 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
100 neither is specified, all accessible entries are uploaded.
105 <term><option>-m
</option></term>
106 <term><option>--merge
</option></term>
108 <listitem><para>Upload entries interleaved from all available
109 journals, including other machines. This has the same meaning
110 as
<option>--merge
</option> option for
111 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
115 <term><option>-D
</option></term>
116 <term><option>--directory=
<replaceable>DIR
</replaceable></option></term>
118 <listitem><para>Takes a directory path as argument. Upload
119 entries from the specified journal directory
120 <replaceable>DIR
</replaceable> instead of the default runtime
121 and system journal paths. This has the same meaning as
122 <option>--directory=
</option> option for
123 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
128 <term><option>--file=
<replaceable>GLOB
</replaceable></option></term>
130 <listitem><para>Takes a file glob as an argument. Upload
131 entries from the specified journal files matching
132 <replaceable>GLOB
</replaceable> instead of the default runtime
133 and system journal paths. May be specified multiple times, in
134 which case files will be suitably interleaved. This has the same meaning as
135 <option>--file=
</option> option for
136 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
141 <term><option>--cursor=
</option></term>
143 <listitem><para>Upload entries from the location in the
144 journal specified by the passed cursor. This has the same
145 meaning as
<option>--cursor=
</option> option for
146 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
150 <term><option>--after-cursor=
</option></term>
152 <listitem><para>Upload entries from the location in the
153 journal
<emphasis>after
</emphasis> the location specified by
154 the this cursor. This has the same meaning as
155 <option>--after-cursor=
</option> option for
156 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
161 <term><option>--save-state
</option><optional>=
<replaceable>PATH
</replaceable></optional></term>
163 <listitem><para>Upload entries from the location in the
164 journal
<emphasis>after
</emphasis> the location specified by
165 the cursor saved in file at
<replaceable>PATH
</replaceable>
166 (
<filename>/var/lib/systemd/journal-upload/state
</filename> by default).
167 After an entry is successfully uploaded, update this file
168 with the cursor of that entry.
173 <term><option>--follow
</option><optional>=
<replaceable>BOOL
</replaceable></optional></term>
176 If set to yes, then
<command>systemd-journal-upload
</command> waits for input.
181 <term><option>--key=
</option></term>
184 Takes a path to a SSL key file in PEM format.
185 Defaults to
<filename>&CERTIFICATE_ROOT;/private/journal-upload.pem
</filename>.
190 <term><option>--cert=
</option></term>
193 Takes a path to a SSL certificate file in PEM format.
194 Defaults to
<filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem
</filename>.
199 <term><option>--trust=
</option></term>
202 Takes a path to a SSL CA certificate file in PEM format,
203 or
<option>all
</option>. If
<option>all
</option> is set,
204 then certificate checking will be disabled.
205 Defaults to
<filename>&CERTIFICATE_ROOT;/ca/trusted.pem
</filename>.
209 <xi:include href=
"standard-options.xml" xpointer=
"help" />
210 <xi:include href=
"standard-options.xml" xpointer=
"version" />
215 <title>Exit status
</title>
217 <para>On success,
0 is returned; otherwise, a non-zero
218 failure code is returned.
</para>
222 <title>Examples
</title>
224 <title>Setting up certificates for authentication
</title>
226 <para>Certificates signed by a trusted authority are used to
227 verify that the server to which messages are uploaded is
228 legitimate, and vice versa, that the client is trusted.
</para>
230 <para>A suitable set of certificates can be generated with
231 <command>openssl
</command>. Note,
2048 bits of key length
232 is minimally recommended to use for security reasons:
</para>
234 <programlisting>openssl req -newkey rsa:
2048 -days
3650 -x509 -nodes \
235 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
237 cat
>ca.conf
<<EOF
249 policy = policy_anything
252 countryName = optional
253 stateOrProvinceName = optional
254 localityName = optional
255 organizationName = optional
256 organizationalUnitName = optional
257 commonName = supplied
258 emailAddress = optional
267 openssl req -newkey rsa:
2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj
"/CN=$SERVER/"
268 openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
270 openssl req -newkey rsa:
2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj
"/CN=$CLIENT/"
271 openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
274 <para>Generated files
<filename>ca.pem
</filename>,
275 <filename>server.pem
</filename>, and
276 <filename>server.key
</filename> should be installed on server,
277 and
<filename>ca.pem
</filename>,
278 <filename>client.pem
</filename>, and
279 <filename>client.key
</filename> on the client. The location of
280 those files can be specified using
281 <varname>TrustedCertificateFile=
</varname>,
282 <varname>ServerCertificateFile=
</varname>,
283 <varname>ServerKeyFile=
</varname>, in
284 <filename>/etc/systemd/journal-remote.conf
</filename> and
285 <filename>/etc/systemd/journal-upload.conf
</filename>,
286 respectively. The default locations can be queried by using
287 <command>systemd-journal-remote --help
</command> and
288 <command>systemd-journal-upload --help
</command>.
</para>
293 <title>See Also
</title>
295 <citerefentry><refentrytitle>journal-upload.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
296 <citerefentry><refentrytitle>systemd-journal-remote.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
297 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
298 <citerefentry><refentrytitle>systemd-journald.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
299 <citerefentry><refentrytitle>systemd-journal-gatewayd.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>