systemd-journal-upload.xml revision 3802a3d3d7af51ddff31943d5514382f01265770
3802a3d3d7af51ddff31943d5514382f01265770Lennart Poettering<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekThis file is part of systemd.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekCopyright 2014 Zbigniew Jędrzejewski-Szmek
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmeksystemd is free software; you can redistribute it and/or modify it
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekunder the terms of the GNU Lesser General Public License as published by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekthe Free Software Foundation; either version 2.1 of the License, or
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek(at your option) any later version.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmeksystemd is distributed in the hope that it will be useful, but
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekWITHOUT ANY WARRANTY; without even the implied warranty of
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekLesser General Public License for more details.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekYou should have received a copy of the GNU Lesser General Public License
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekalong with systemd; If not, see <http://www.gnu.org/licenses/>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek xmlns:xi="http://www.w3.org/2001/XInclude">
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <title>systemd-journal-upload</title>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <productname>systemd</productname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <surname>Jędrzejewski-Szmek</surname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <email>zbyszek@in.waw.pl</email>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refentrytitle>systemd-journal-upload</refentrytitle>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refname>systemd-journal-upload</refname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refpurpose>Send journal messages over the network</refpurpose>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refsynopsisdiv>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload</command>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="repeat">OPTIONS</arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="repeat">SOURCES</arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek </refsynopsisdiv>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload</command> will upload journal
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries to the URL specified with <option>--url</option>. Unless
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek limited by one of the options specified below, all journal
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries accessible to the user the program is running as will be
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek uploaded, and then the program will wait and send new entries
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek as they become available.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-u</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload to the specified
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek address. <replaceable>URL</replaceable> may specify either
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek just the hostname or both the protocol and
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek hostname. <constant>https</constant> is the default.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--system</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--user</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Limit uploaded entries to entries from system
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek services and the kernel, or to entries from services of
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek current user. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--system</option> and <option>--user</option> options
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek neither is specified, all accessible entries are uploaded.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-m</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--merge</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries interleaved from all available
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journals, including other machines. This has the same meaning
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek as <option>--merge</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-D</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--directory=<replaceable>DIR</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Takes a directory path as argument. Upload
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries from the specified journal directory
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <replaceable>DIR</replaceable> instead of the default runtime
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek and system journal paths. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--directory</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--file=<replaceable>GLOB</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Takes a file glob as an argument. Upload
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries from the specified journal files matching
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <replaceable>GLOB</replaceable> instead of the default runtime
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek and system journal paths. May be specified multiple times, in
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek which case files will be suitably interleaved. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--file</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--cursor=</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal specified by the passed cursor. This has the same
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek meaning as <option>--cursor</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--after-cursor=</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal <emphasis>after</emphasis> the location specified by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek the this cursor. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--after-cursor</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal <emphasis>after</emphasis> the location specified by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek the cursor saved in file at <replaceable>PATH</replaceable>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek After an entry is successfully uploaded, update this file
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek with the cursor of that entry.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <xi:include href="standard-options.xml" xpointer="help" />
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <xi:include href="standard-options.xml" xpointer="version" />
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <para>On success, 0 is returned; otherwise, a non-zero
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek failure code is returned.</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <title>Setting up certificates for authentication</title>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>Certificates signed by a trusted authority are used to
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek verify that the server to which messages are uploaded is
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek legitimate, and vice versa, that the client is trusted.</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>A suitable set of certificates can be generated with
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>openssl</command>:</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_ca = this
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmeknew_certs_dir = .
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_days = 3650
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_md = default
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekpolicy = policy_anything
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek[ policy_anything ]
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekcountryName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekstateOrProvinceName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmeklocalityName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekorganizationName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekorganizationalUnitName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekcommonName = supplied
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekemailAddress = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekecho 0001 > serial
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek</programlisting>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>Generated files <filename>ca.pem</filename>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>server.pem</filename>, and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>server.key</filename> should be installed on server,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek and <filename>ca.pem</filename>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>client.pem</filename>, and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>client.key</filename> on the client. The location of
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek those files can be specified using
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>TrustedCertificateFile=</varname>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>ServerCertificateFile=</varname>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>ServerKeyFile=</varname>, in
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>/etc/systemd/journal-remote.conf</filename> and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>/etc/systemd/journal-upload.conf</filename>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek respectively. The default locations can be queried by using
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>systemd-journal-remote --help</command> and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload --help</command>.</para>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>