SYSTEMD-JOURNAL-UPLOAD.SERVICE(8) | systemd-journal-upload.service | SYSTEMD-JOURNAL-UPLOAD.SERVICE(8) |
NAME
systemd-journal-upload.service, systemd-journal-upload - Send journal messages over the network
SYNOPSIS
systemd-journal-upload.service
/usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL] [SOURCES...]
DESCRIPTION
systemd-journal-upload will upload journal entries to the URL specified with --url=. This program reads journal entries from one or more journal files, similarly to journalctl(1). Unless limited by one of the options specified below, all journal entries accessible to the user the program is running as will be uploaded, and then the program will wait and send new entries as they become available.
systemd-journal-upload transfers the raw content of journal file and uses HTTP as a transport protocol.
systemd-journal-upload.service is a system service that uses systemd-journal-upload to upload journal entries to a server. It uses the configuration in journal-upload.conf(5). At least the URL= option must be specified.
OPTIONS
-u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
Added in version 239.
--system, --user
Added in version 239.
-m, --merge
Added in version 239.
--namespace=NAMESPACE
Added in version 254.
-D, --directory=DIR
Added in version 239.
--file=GLOB
Added in version 239.
--cursor=
Added in version 239.
--after-cursor=
Added in version 239.
--save-state[=PATH]
Added in version 239.
--follow[=BOOL]
Added in version 239.
--key=
Added in version 239.
--cert=
Added in version 239.
--trust=
Added in version 239.
-h, --help
--version
EXIT STATUS
On success, 0 is returned; otherwise, a non-zero failure code is returned.
EXAMPLES
Example 1. Setting up certificates for authentication
Certificates signed by a trusted authority are used to verify that the server to which messages are uploaded is legitimate, and vice versa, that the client is trusted.
A suitable set of certificates can be generated with openssl. Note, 2048 bits of key length is minimally recommended to use for security reasons:
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \ -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/' cat >ca.conf <<EOF [ ca ] default_ca = this [ this ] new_certs_dir = . certificate = ca.pem database = ./index private_key = ca.key serial = ./serial default_days = 3650 default_md = default policy = policy_anything [ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional EOF touch index echo 0001 >serial SERVER=server CLIENT=client openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/" openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/" openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
Generated files ca.pem, server.pem, and server.key should be installed on server, and ca.pem, client.pem, and client.key on the client. The location of those files can be specified using TrustedCertificateFile=, ServerCertificateFile=, and ServerKeyFile= in /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf, respectively. The default locations can be queried by using systemd-journal-remote --help and systemd-journal-upload --help.
SEE ALSO
journal-upload.conf(5), systemd-journal-remote.service(8), journalctl(1), systemd-journald.service(8), systemd-journal-gatewayd.service(8)
systemd 257 |