blob: e2b39bf96e693efda217765b9dd46190cbd3765d [file] [log] [blame] [raw]
<?xml version='1.0'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>systemd-journal-upload.service</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>systemd-journal-upload.service</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv>
<refname>systemd-journal-upload.service</refname>
<refname>systemd-journal-upload</refname>
<refpurpose>Send journal messages over the network</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename>systemd-journal-upload.service</filename></para>
<cmdsynopsis>
<command>/usr/lib/systemd/systemd-journal-upload</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
<arg choice="opt" rep="repeat">SOURCES</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>systemd-journal-upload</command> will upload journal entries to the URL specified
with <option>--url=</option>. This program reads journal entries from one or more journal files,
similarly to
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
Unless limited by one of the options specified below, all journal entries accessible to the user
the program is running as will be uploaded, and then the program will wait and send new entries
as they become available.</para>
<para><filename>systemd-journal-upload.service</filename> is a system service that uses
<command>systemd-journal-upload</command> to upload journal entries to a server. It uses the
configuration in
<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
At least the <varname>URL=</varname> option must be specified.</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term><option>-u</option></term>
<term><option>--url=<optional>https://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
<term><option>--url=<optional>http://</optional><replaceable>URL</replaceable>[:<replaceable>PORT</replaceable>]</option></term>
<listitem><para>Upload to the specified
address. <replaceable>URL</replaceable> may specify either
just the hostname or both the protocol and
hostname. <constant>https</constant> is the default.
The port number may be specified after a colon (<literal>:</literal>),
otherwise <constant>19532</constant> will be used by default.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--system</option></term>
<term><option>--user</option></term>
<listitem><para>Limit uploaded entries to entries from system
services and the kernel, or to entries from services of
current user. This has the same meaning as
<option>--system</option> and <option>--user</option> options
for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
neither is specified, all accessible entries are uploaded.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-m</option></term>
<term><option>--merge</option></term>
<listitem><para>Upload entries interleaved from all available
journals, including other machines. This has the same meaning
as <option>--merge</option> option for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-D</option></term>
<term><option>--directory=<replaceable>DIR</replaceable></option></term>
<listitem><para>Takes a directory path as argument. Upload
entries from the specified journal directory
<replaceable>DIR</replaceable> instead of the default runtime
and system journal paths. This has the same meaning as
<option>--directory=</option> option for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--file=<replaceable>GLOB</replaceable></option></term>
<listitem><para>Takes a file glob as an argument. Upload
entries from the specified journal files matching
<replaceable>GLOB</replaceable> instead of the default runtime
and system journal paths. May be specified multiple times, in
which case files will be suitably interleaved. This has the same meaning as
<option>--file=</option> option for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--cursor=</option></term>
<listitem><para>Upload entries from the location in the
journal specified by the passed cursor. This has the same
meaning as <option>--cursor=</option> option for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--after-cursor=</option></term>
<listitem><para>Upload entries from the location in the
journal <emphasis>after</emphasis> the location specified by
the this cursor. This has the same meaning as
<option>--after-cursor=</option> option for
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
<listitem><para>Upload entries from the location in the
journal <emphasis>after</emphasis> the location specified by
the cursor saved in file at <replaceable>PATH</replaceable>
(<filename>/var/lib/systemd/journal-upload/state</filename> by default).
After an entry is successfully uploaded, update this file
with the cursor of that entry.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--follow</option><optional>=<replaceable>BOOL</replaceable></optional></term>
<listitem><para>
If set to yes, then <command>systemd-journal-upload</command> waits for input.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--key=</option></term>
<listitem><para>
Takes a path to a SSL key file in PEM format, or <option>-</option>.
If <option>-</option> is set, then client certificate authentication checking
will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/private/journal-upload.pem</filename>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--cert=</option></term>
<listitem><para>
Takes a path to a SSL certificate file in PEM format, or <option>-</option>.
If <option>-</option> is set, then client certificate authentication checking
will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/certs/journal-upload.pem</filename>.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--trust=</option></term>
<listitem><para>
Takes a path to a SSL CA certificate file in PEM format, or <option>-</option>/<option>all</option>.
If <option>-</option>/<option>all</option> is set, then certificate checking will be disabled.
Defaults to <filename>&CERTIFICATE_ROOT;/ca/trusted.pem</filename>.
</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="help" />
<xi:include href="standard-options.xml" xpointer="version" />
</variablelist>
</refsect1>
<refsect1>
<title>Exit status</title>
<para>On success, 0 is returned; otherwise, a non-zero
failure code is returned.</para>
</refsect1>
<refsect1>
<title>Examples</title>
<example>
<title>Setting up certificates for authentication</title>
<para>Certificates signed by a trusted authority are used to
verify that the server to which messages are uploaded is
legitimate, and vice versa, that the client is trusted.</para>
<para>A suitable set of certificates can be generated with
<command>openssl</command>. Note, 2048 bits of key length
is minimally recommended to use for security reasons:</para>
<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
cat &gt;ca.conf &lt;&lt;EOF
[ ca ]
default_ca = this
[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
touch index
echo 0001 &gt;serial
SERVER=server
CLIENT=client
openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>
<para>Generated files <filename>ca.pem</filename>,
<filename>server.pem</filename>, and
<filename>server.key</filename> should be installed on server,
and <filename>ca.pem</filename>,
<filename>client.pem</filename>, and
<filename>client.key</filename> on the client. The location of
those files can be specified using
<varname>TrustedCertificateFile=</varname>,
<varname>ServerCertificateFile=</varname>,
and <varname>ServerKeyFile=</varname> in
<filename>/etc/systemd/journal-remote.conf</filename> and
<filename>/etc/systemd/journal-upload.conf</filename>,
respectively. The default locations can be queried by using
<command>systemd-journal-remote --help</command> and
<command>systemd-journal-upload --help</command>.</para>
</example>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>journal-upload.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>