2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM
"custom-entities.ent" >
7 <!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
9 <refentry id=
"systemd-journal-upload" conditional='ENABLE_REMOTE HAVE_LIBCURL'
10 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
13 <title>systemd-journal-upload.service
</title>
14 <productname>systemd
</productname>
18 <refentrytitle>systemd-journal-upload.service
</refentrytitle>
19 <manvolnum>8</manvolnum>
23 <refname>systemd-journal-upload.service
</refname>
24 <refname>systemd-journal-upload
</refname>
25 <refpurpose>Send journal messages over the network
</refpurpose>
29 <para><filename>systemd-journal-upload.service
</filename></para>
31 <command>/usr/lib/systemd/systemd-journal-upload
</command>
32 <arg choice=
"opt" rep=
"repeat">OPTIONS
</arg>
33 <arg choice=
"opt" rep=
"norepeat">-u/--url=
<replaceable>URL
</replaceable></arg>
34 <arg choice=
"opt" rep=
"repeat">SOURCES
</arg>
39 <title>Description
</title>
41 <para><command>systemd-journal-upload
</command> will upload journal entries to the URL specified
42 with
<option>--url=
</option>. This program reads journal entries from one or more journal files,
44 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
45 Unless limited by one of the options specified below, all journal entries accessible to the user
46 the program is running as will be uploaded, and then the program will wait and send new entries
47 as they become available.
</para>
49 <para><command>systemd-journal-upload
</command> transfers the raw content of journal file and
50 uses HTTP as a transport protocol.
</para>
52 <para><filename>systemd-journal-upload.service
</filename> is a system service that uses
53 <command>systemd-journal-upload
</command> to upload journal entries to a server. It uses the
55 <citerefentry><refentrytitle>journal-upload.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
56 At least the
<varname>URL=
</varname> option must be specified.
</para>
60 <title>Options
</title>
64 <term><option>-u
</option></term>
65 <term><option>--url=
<optional>https://
</optional><replaceable>URL
</replaceable>[:
<replaceable>PORT
</replaceable>]
</option></term>
66 <term><option>--url=
<optional>http://
</optional><replaceable>URL
</replaceable>[:
<replaceable>PORT
</replaceable>]
</option></term>
68 <listitem><para>Upload to the specified
69 address.
<replaceable>URL
</replaceable> may specify either
70 just the hostname or both the protocol and
71 hostname.
<constant>https
</constant> is the default.
72 The port number may be specified after a colon (
<literal>:
</literal>),
73 otherwise
<constant>19532</constant> will be used by default.
76 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
80 <term><option>--system
</option></term>
81 <term><option>--user
</option></term>
83 <listitem><para>Limit uploaded entries to entries from system
84 services and the kernel, or to entries from services of
85 current user. This has the same meaning as
86 <option>--system
</option> and
<option>--user
</option> options
88 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
89 neither is specified, all accessible entries are uploaded.
92 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
96 <term><option>-m
</option></term>
97 <term><option>--merge
</option></term>
99 <listitem><para>Upload entries interleaved from all available
100 journals, including other machines. This has the same meaning
101 as
<option>--merge
</option> option for
102 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para>
104 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
108 <term><option>--namespace=
<replaceable>NAMESPACE
</replaceable></option></term>
110 <listitem><para>Takes a journal namespace identifier string as argument. Upload
111 entries from the specified journal namespace
112 <replaceable>NAMESPACE
</replaceable> instead of the default namespace. This has the same meaning as
113 <option>--namespace=
</option> option for
114 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
117 <xi:include href=
"version-info.xml" xpointer=
"v254"/></listitem>
121 <term><option>-D
</option></term>
122 <term><option>--directory=
<replaceable>DIR
</replaceable></option></term>
124 <listitem><para>Takes a directory path as argument. Upload
125 entries from the specified journal directory
126 <replaceable>DIR
</replaceable> instead of the default runtime
127 and system journal paths. This has the same meaning as
128 <option>--directory=
</option> option for
129 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
132 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
136 <term><option>--file=
<replaceable>GLOB
</replaceable></option></term>
138 <listitem><para>Takes a file glob as an argument. Upload
139 entries from the specified journal files matching
140 <replaceable>GLOB
</replaceable> instead of the default runtime
141 and system journal paths. May be specified multiple times, in
142 which case files will be suitably interleaved. This has the same meaning as
143 <option>--file=
</option> option for
144 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
147 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
151 <term><option>--cursor=
</option></term>
153 <listitem><para>Upload entries from the location in the
154 journal specified by the passed cursor. This has the same
155 meaning as
<option>--cursor=
</option> option for
156 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para>
158 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
162 <term><option>--after-cursor=
</option></term>
164 <listitem><para>Upload entries from the location in the
165 journal
<emphasis>after
</emphasis> the location specified by
166 the this cursor. This has the same meaning as
167 <option>--after-cursor=
</option> option for
168 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
171 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
175 <term><option>--save-state
</option><optional>=
<replaceable>PATH
</replaceable></optional></term>
177 <listitem><para>Upload entries from the location in the
178 journal
<emphasis>after
</emphasis> the location specified by
179 the cursor saved in file at
<replaceable>PATH
</replaceable>
180 (
<filename>/var/lib/systemd/journal-upload/state
</filename> by default).
181 After an entry is successfully uploaded, update this file
182 with the cursor of that entry.
185 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
189 <term><option>--follow
</option><optional>=
<replaceable>BOOL
</replaceable></optional></term>
192 If set to yes, then
<command>systemd-journal-upload
</command> waits for input.
195 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
199 <term><option>--key=
</option></term>
202 Takes a path to a SSL key file in PEM format, or
<option>-
</option>.
203 If
<option>-
</option> is set, then client certificate authentication checking
205 Defaults to
<filename>&CERTIFICATE_ROOT;/private/journal-upload.pem
</filename>.
208 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
212 <term><option>--cert=
</option></term>
215 Takes a path to a SSL certificate file in PEM format, or
<option>-
</option>.
216 If
<option>-
</option> is set, then client certificate authentication checking
218 Defaults to
<filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem
</filename>.
221 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
225 <term><option>--trust=
</option></term>
228 Takes a path to a SSL CA certificate file in PEM format, or
<option>-
</option>/
<option>all
</option>.
229 If
<option>-
</option>/
<option>all
</option> is set, then certificate checking will be disabled.
230 Defaults to
<filename>&CERTIFICATE_ROOT;/ca/trusted.pem
</filename>.
233 <xi:include href=
"version-info.xml" xpointer=
"v239"/></listitem>
236 <xi:include href=
"standard-options.xml" xpointer=
"help" />
237 <xi:include href=
"standard-options.xml" xpointer=
"version" />
242 <title>Exit status
</title>
244 <para>On success,
0 is returned; otherwise, a non-zero
245 failure code is returned.
</para>
249 <title>Examples
</title>
251 <title>Setting up certificates for authentication
</title>
253 <para>Certificates signed by a trusted authority are used to
254 verify that the server to which messages are uploaded is
255 legitimate, and vice versa, that the client is trusted.
</para>
257 <para>A suitable set of certificates can be generated with
258 <command>openssl
</command>. Note,
2048 bits of key length
259 is minimally recommended to use for security reasons:
</para>
261 <programlisting>openssl req -newkey rsa:
2048 -days
3650 -x509 -nodes \
262 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
264 cat
>ca.conf
<<EOF
276 policy = policy_anything
279 countryName = optional
280 stateOrProvinceName = optional
281 localityName = optional
282 organizationName = optional
283 organizationalUnitName = optional
284 commonName = supplied
285 emailAddress = optional
294 openssl req -newkey rsa:
2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj
"/CN=$SERVER/"
295 openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
297 openssl req -newkey rsa:
2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj
"/CN=$CLIENT/"
298 openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
301 <para>Generated files
<filename>ca.pem
</filename>,
302 <filename>server.pem
</filename>, and
303 <filename>server.key
</filename> should be installed on server,
304 and
<filename>ca.pem
</filename>,
305 <filename>client.pem
</filename>, and
306 <filename>client.key
</filename> on the client. The location of
307 those files can be specified using
308 <varname>TrustedCertificateFile=
</varname>,
309 <varname>ServerCertificateFile=
</varname>,
310 and
<varname>ServerKeyFile=
</varname> in
311 <filename>/etc/systemd/journal-remote.conf
</filename> and
312 <filename>/etc/systemd/journal-upload.conf
</filename>,
313 respectively. The default locations can be queried by using
314 <command>systemd-journal-remote --help
</command> and
315 <command>systemd-journal-upload --help
</command>.
</para>
320 <title>See Also
</title>
321 <para><simplelist type=
"inline">
322 <member><citerefentry><refentrytitle>journal-upload.conf
</refentrytitle><manvolnum>5</manvolnum></citerefentry></member>
323 <member><citerefentry><refentrytitle>systemd-journal-remote.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
324 <member><citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry></member>
325 <member><citerefentry><refentrytitle>systemd-journald.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
326 <member><citerefentry><refentrytitle>systemd-journal-gatewayd.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>