1 <?xml version='
1.0'
?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
2 <!DOCTYPE refentry PUBLIC
"-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % entities SYSTEM
"custom-entities.ent" >
9 SPDX-License-Identifier: LGPL-2.1+
11 This file is part of systemd.
13 Copyright 2014 Zbigniew Jędrzejewski-Szmek
15 systemd is free software; you can redistribute it and/or modify it
16 under the terms of the GNU Lesser General Public License as published by
17 the Free Software Foundation; either version 2.1 of the License, or
18 (at your option) any later version.
20 systemd is distributed in the hope that it will be useful, but
21 WITHOUT ANY WARRANTY; without even the implied warranty of
22 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
23 Lesser General Public License for more details.
25 You should have received a copy of the GNU Lesser General Public License
26 along with systemd; If not, see <http://www.gnu.org/licenses/>.
29 <refentry id=
"systemd-journal-upload" conditional='HAVE_MICROHTTPD'
30 xmlns:
xi=
"http://www.w3.org/2001/XInclude">
33 <title>systemd-journal-upload
</title>
34 <productname>systemd
</productname>
38 <contrib>Developer
</contrib>
39 <firstname>Zbigniew
</firstname>
40 <surname>Jędrzejewski-Szmek
</surname>
41 <email>zbyszek@in.waw.pl
</email>
47 <refentrytitle>systemd-journal-upload
</refentrytitle>
48 <manvolnum>8</manvolnum>
52 <refname>systemd-journal-upload
</refname>
53 <refpurpose>Send journal messages over the network
</refpurpose>
58 <command>systemd-journal-upload
</command>
59 <arg choice=
"opt" rep=
"repeat">OPTIONS
</arg>
60 <arg choice=
"opt" rep=
"norepeat">-u/--url=
<replaceable>URL
</replaceable></arg>
61 <arg choice=
"opt" rep=
"repeat">SOURCES
</arg>
66 <title>Description
</title>
69 <command>systemd-journal-upload
</command> will upload journal
70 entries to the URL specified with
<option>--url
</option>. Unless
71 limited by one of the options specified below, all journal
72 entries accessible to the user the program is running as will be
73 uploaded, and then the program will wait and send new entries
74 as they become available.
79 <title>Options
</title>
83 <term><option>-u
</option></term>
84 <term><option>--url=
<optional>https://
</optional><replaceable>URL
</replaceable></option></term>
85 <term><option>--url=
<optional>http://
</optional><replaceable>URL
</replaceable></option></term>
87 <listitem><para>Upload to the specified
88 address.
<replaceable>URL
</replaceable> may specify either
89 just the hostname or both the protocol and
90 hostname.
<constant>https
</constant> is the default.
95 <term><option>--system
</option></term>
96 <term><option>--user
</option></term>
98 <listitem><para>Limit uploaded entries to entries from system
99 services and the kernel, or to entries from services of
100 current user. This has the same meaning as
101 <option>--system
</option> and
<option>--user
</option> options
103 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
104 neither is specified, all accessible entries are uploaded.
109 <term><option>-m
</option></term>
110 <term><option>--merge
</option></term>
112 <listitem><para>Upload entries interleaved from all available
113 journals, including other machines. This has the same meaning
114 as
<option>--merge
</option> option for
115 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
119 <term><option>-D
</option></term>
120 <term><option>--directory=
<replaceable>DIR
</replaceable></option></term>
122 <listitem><para>Takes a directory path as argument. Upload
123 entries from the specified journal directory
124 <replaceable>DIR
</replaceable> instead of the default runtime
125 and system journal paths. This has the same meaning as
126 <option>--directory
</option> option for
127 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
132 <term><option>--file=
<replaceable>GLOB
</replaceable></option></term>
134 <listitem><para>Takes a file glob as an argument. Upload
135 entries from the specified journal files matching
136 <replaceable>GLOB
</replaceable> instead of the default runtime
137 and system journal paths. May be specified multiple times, in
138 which case files will be suitably interleaved. This has the same meaning as
139 <option>--file
</option> option for
140 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
145 <term><option>--cursor=
</option></term>
147 <listitem><para>Upload entries from the location in the
148 journal specified by the passed cursor. This has the same
149 meaning as
<option>--cursor
</option> option for
150 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
154 <term><option>--after-cursor=
</option></term>
156 <listitem><para>Upload entries from the location in the
157 journal
<emphasis>after
</emphasis> the location specified by
158 the this cursor. This has the same meaning as
159 <option>--after-cursor
</option> option for
160 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
166 <term><option>--save-state
</option><optional>=
<replaceable>PATH
</replaceable></optional></term>
168 <listitem><para>Upload entries from the location in the
169 journal
<emphasis>after
</emphasis> the location specified by
170 the cursor saved in file at
<replaceable>PATH
</replaceable>
171 (
<filename>/var/lib/systemd/journal-upload/state
</filename> by default).
172 After an entry is successfully uploaded, update this file
173 with the cursor of that entry.
178 <term><option>--follow
</option><optional>=
<replaceable>BOOL
</replaceable></optional></term>
181 If set to yes, then
<command>systemd-journal-upload
</command> waits for input.
186 <term><option>--key=
</option></term>
189 Takes a path to a SSL key file in PEM format.
190 Defaults to
<filename>&CERTIFICATE_ROOT;/private/journal-upload.pem
</filename>.
195 <term><option>--cert=
</option></term>
198 Takes a path to a SSL certificate file in PEM format.
199 Defaults to
<filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem
</filename>.
204 <term><option>--trust=
</option></term>
207 Takes a path to a SSL CA certificate file in PEM format,
208 or
<option>all
</option>. If
<option>all
</option> is set,
209 then certificate checking will be disabled.
210 Defaults to
<filename>&CERTIFICATE_ROOT;/ca/trusted.pem
</filename>.
214 <xi:include href=
"standard-options.xml" xpointer=
"help" />
215 <xi:include href=
"standard-options.xml" xpointer=
"version" />
220 <title>Exit status
</title>
222 <para>On success,
0 is returned; otherwise, a non-zero
223 failure code is returned.
</para>
227 <title>Examples
</title>
229 <title>Setting up certificates for authentication
</title>
231 <para>Certificates signed by a trusted authority are used to
232 verify that the server to which messages are uploaded is
233 legitimate, and vice versa, that the client is trusted.
</para>
235 <para>A suitable set of certificates can be generated with
236 <command>openssl
</command>:
</para>
238 <programlisting>openssl req -newkey rsa:
2048 -days
3650 -x509 -nodes \
239 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
241 cat
>ca.conf
<<EOF
253 policy = policy_anything
256 countryName = optional
257 stateOrProvinceName = optional
258 localityName = optional
259 organizationName = optional
260 organizationalUnitName = optional
261 commonName = supplied
262 emailAddress = optional
271 openssl req -newkey rsa:
1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj
"/CN=$SERVER/"
272 openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
274 openssl req -newkey rsa:
1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj
"/CN=$CLIENT/"
275 openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
278 <para>Generated files
<filename>ca.pem
</filename>,
279 <filename>server.pem
</filename>, and
280 <filename>server.key
</filename> should be installed on server,
281 and
<filename>ca.pem
</filename>,
282 <filename>client.pem
</filename>, and
283 <filename>client.key
</filename> on the client. The location of
284 those files can be specified using
285 <varname>TrustedCertificateFile=
</varname>,
286 <varname>ServerCertificateFile=
</varname>,
287 <varname>ServerKeyFile=
</varname>, in
288 <filename>/etc/systemd/journal-remote.conf
</filename> and
289 <filename>/etc/systemd/journal-upload.conf
</filename>,
290 respectively. The default locations can be queried by using
291 <command>systemd-journal-remote --help
</command> and
292 <command>systemd-journal-upload --help
</command>.
</para>
297 <title>See Also
</title>
299 <citerefentry><refentrytitle>systemd-journal-remote
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
300 <citerefentry><refentrytitle>journalctl
</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
301 <citerefentry><refentrytitle>systemd-journald.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
302 <citerefentry><refentrytitle>systemd-journal-gatewayd.service
</refentrytitle><manvolnum>8</manvolnum></citerefentry>
projects / thirdparty / systemd.git / blob