systemd-journal-upload.xml revision 99a1ab10b05251220ff94a867f198b9302afe346
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek<?xml version='1.0'?> <!--*-nxml-*-->
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekThis file is part of systemd.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekCopyright 2014 Zbigniew Jędrzejewski-Szmek
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmeksystemd is free software; you can redistribute it and/or modify it
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekunder the terms of the GNU Lesser General Public License as published by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekthe Free Software Foundation; either version 2.1 of the License, or
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek(at your option) any later version.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmeksystemd is distributed in the hope that it will be useful, but
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekWITHOUT ANY WARRANTY; without even the implied warranty of
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekLesser General Public License for more details.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-SzmekYou should have received a copy of the GNU Lesser General Public License
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmekalong with systemd; If not, see <http://www.gnu.org/licenses/>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek xmlns:xi="http://www.w3.org/2001/XInclude">
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <title>systemd-journal-upload</title>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <productname>systemd</productname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <surname>Jędrzejewski-Szmek</surname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <email>zbyszek@in.waw.pl</email>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refentrytitle>systemd-journal-upload</refentrytitle>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refname>systemd-journal-upload</refname>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refpurpose>Send journal messages over the network</refpurpose>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <refsynopsisdiv>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload</command>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="repeat">OPTIONS</arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <arg choice="opt" rep="repeat">SOURCES</arg>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek </refsynopsisdiv>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload</command> will upload journal
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries to the URL specified with <option>--url</option>. Unless
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek limited by one of the options specified below, all journal
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries accessible to the user the program is running as will be
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek uploaded, and then the program will wait and send new entries
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek as they become available.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-u</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload to the specified
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek address. <replaceable>URL</replaceable> may specify either
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek just the hostname or both the protocol and
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek hostname. <constant>https</constant> is the default.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--system</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--user</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Limit uploaded entries to entries from system
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek services and the kernel, or to entries from services of
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek current user. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--system</option> and <option>--user</option> options
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek neither is specified, all accessible entries are uploaded.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-m</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--merge</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries interleaved from all available
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journals, including other machines. This has the same meaning
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek as <option>--merge</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>-D</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--directory=<replaceable>DIR</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Takes a directory path as argument. Upload
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries from the specified journal directory
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <replaceable>DIR</replaceable> instead of the default runtime
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek and system journal paths. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--directory</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--file=<replaceable>GLOB</replaceable></option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Takes a file glob as an argument. Upload
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek entries from the specified journal files matching
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <replaceable>GLOB</replaceable> instead of the default runtime
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek and system journal paths. May be specified multiple times, in
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek which case files will be suitably interleaved. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--file</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--cursor=</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal specified by the passed cursor. This has the same
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek meaning as <option>--cursor</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--after-cursor=</option></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal <emphasis>after</emphasis> the location specified by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek the this cursor. This has the same meaning as
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <option>--after-cursor</option> option for
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <listitem><para>Upload entries from the location in the
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek journal <emphasis>after</emphasis> the location specified by
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek the cursor saved in file at <replaceable>PATH</replaceable>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek After an entry is successfully uploaded, update this file
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek with the cursor of that entry.
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <xi:include href="standard-options.xml" xpointer="help" />
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <xi:include href="standard-options.xml" xpointer="version" />
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <para>On success, 0 is returned; otherwise, a non-zero
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek failure code is returned.</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <title>Setting up certificates for authentication</title>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>Certificates signed by a trusted authority are used to
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek verify that the server to which messages are uploaded is
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek legitimate, and vice versa, that the client is trusted.</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>A suitable set of certificates can be generated with
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>openssl</command>:</para>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_ca = this
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmeknew_certs_dir = .
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_days = 3650
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekdefault_md = default
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekpolicy = policy_anything
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek[ policy_anything ]
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekcountryName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekstateOrProvinceName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmeklocalityName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekorganizationName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekorganizationalUnitName = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekcommonName = supplied
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-SzmekemailAddress = optional
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekecho 0001 > serial
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmekopenssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek</programlisting>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <para>Generated files <filename>ca.pem</filename>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>server.pem</filename>, and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>server.key</filename> should be installed on server,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek and <filename>ca.pem</filename>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>client.pem</filename>, and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>client.key</filename> on the client. The location of
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek those files can be specified using
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>TrustedCertificateFile=</varname>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>ServerCertificateFile=</varname>,
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <varname>ServerKeyFile=</varname>, in
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>/etc/systemd/journal-remote.conf</filename> and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <filename>/etc/systemd/journal-upload.conf</filename>
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek respectively. The default locations can be queried by using
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>systemd-journal-remote --help</command> and
99a1ab10b05251220ff94a867f198b9302afe346Zbigniew Jędrzejewski-Szmek <command>systemd-journal-upload --help</command>.</para>
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
330427e271c37400f091bf4570b5d8fa96574d36Zbigniew Jędrzejewski-Szmek <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>