mirror of
https://github.com/systemd/systemd.git
synced 2024-11-28 12:44:33 +08:00
264 lines
9.7 KiB
XML
264 lines
9.7 KiB
XML
<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
|
|
<!--
|
|
This file is part of systemd.
|
|
|
|
Copyright 2014 Zbigniew Jędrzejewski-Szmek
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
(at your option) any later version.
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Lesser General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
-->
|
|
|
|
<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
|
|
xmlns:xi="http://www.w3.org/2001/XInclude">
|
|
|
|
<refentryinfo>
|
|
<title>systemd-journal-upload</title>
|
|
<productname>systemd</productname>
|
|
|
|
<authorgroup>
|
|
<author>
|
|
<contrib>Developer</contrib>
|
|
<firstname>Zbigniew</firstname>
|
|
<surname>Jędrzejewski-Szmek</surname>
|
|
<email>zbyszek@in.waw.pl</email>
|
|
</author>
|
|
</authorgroup>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>systemd-journal-upload</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>systemd-journal-upload</refname>
|
|
<refpurpose>Send journal messages over the network</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>systemd-journal-upload</command>
|
|
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
|
<arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
|
|
<arg choice="opt" rep="repeat">SOURCES</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
<command>systemd-journal-upload</command> will upload journal
|
|
entries to the URL specified with <option>--url</option>. Unless
|
|
limited by one of the options specified below, all journal
|
|
entries accessible to the user the program is running as will be
|
|
uploaded, and then the program will wait and send new entries
|
|
as they become available.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Options</title>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><option>-u</option></term>
|
|
<term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
|
|
<term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>
|
|
|
|
<listitem><para>Upload to the specified
|
|
address. <replaceable>URL</replaceable> may specify either
|
|
just the hostname or both the protocol and
|
|
hostname. <constant>https</constant> is the default.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--system</option></term>
|
|
<term><option>--user</option></term>
|
|
|
|
<listitem><para>Limit uploaded entries to entries from system
|
|
services and the kernel, or to entries from services of
|
|
current user. This has the same meaning as
|
|
<option>--system</option> and <option>--user</option> options
|
|
for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
|
|
neither is specified, all accessible entries are uploaded.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-m</option></term>
|
|
<term><option>--merge</option></term>
|
|
|
|
<listitem><para>Upload entries interleaved from all available
|
|
journals, including other machines. This has the same meaning
|
|
as <option>--merge</option> option for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>-D</option></term>
|
|
<term><option>--directory=<replaceable>DIR</replaceable></option></term>
|
|
|
|
<listitem><para>Takes a directory path as argument. Upload
|
|
entries from the specified journal directory
|
|
<replaceable>DIR</replaceable> instead of the default runtime
|
|
and system journal paths. This has the same meaning as
|
|
<option>--directory</option> option for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--file=<replaceable>GLOB</replaceable></option></term>
|
|
|
|
<listitem><para>Takes a file glob as an argument. Upload
|
|
entries from the specified journal files matching
|
|
<replaceable>GLOB</replaceable> instead of the default runtime
|
|
and system journal paths. May be specified multiple times, in
|
|
which case files will be suitably interleaved. This has the same meaning as
|
|
<option>--file</option> option for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--cursor=</option></term>
|
|
|
|
<listitem><para>Upload entries from the location in the
|
|
journal specified by the passed cursor. This has the same
|
|
meaning as <option>--cursor</option> option for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><option>--after-cursor=</option></term>
|
|
|
|
<listitem><para>Upload entries from the location in the
|
|
journal <emphasis>after</emphasis> the location specified by
|
|
the this cursor. This has the same meaning as
|
|
<option>--after-cursor</option> option for
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
|
|
<varlistentry>
|
|
<term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>
|
|
|
|
<listitem><para>Upload entries from the location in the
|
|
journal <emphasis>after</emphasis> the location specified by
|
|
the cursor saved in file at <replaceable>PATH</replaceable>
|
|
(<filename>/var/lib/systemd/journal-upload/state</filename> by default).
|
|
After an entry is successfully uploaded, update this file
|
|
with the cursor of that entry.
|
|
</para></listitem>
|
|
</varlistentry>
|
|
|
|
<xi:include href="standard-options.xml" xpointer="help" />
|
|
<xi:include href="standard-options.xml" xpointer="version" />
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Exit status</title>
|
|
|
|
<para>On success, 0 is returned; otherwise, a non-zero
|
|
failure code is returned.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
<example>
|
|
<title>Setting up certificates for authentication</title>
|
|
|
|
<para>Certificates signed by a trusted authority are used to
|
|
verify that the server to which messages are uploaded is
|
|
legitimate, and vice versa, that the client is trusted.</para>
|
|
|
|
<para>A suitable set of certificates can be generated with
|
|
<command>openssl</command>:</para>
|
|
|
|
<programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
|
|
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
|
|
|
|
cat >ca.conf <<EOF
|
|
[ ca ]
|
|
default_ca = this
|
|
|
|
[ this ]
|
|
new_certs_dir = .
|
|
certificate = ca.pem
|
|
database = ./index
|
|
private_key = ca.key
|
|
serial = ./serial
|
|
default_days = 3650
|
|
default_md = default
|
|
policy = policy_anything
|
|
|
|
[ policy_anything ]
|
|
countryName = optional
|
|
stateOrProvinceName = optional
|
|
localityName = optional
|
|
organizationName = optional
|
|
organizationalUnitName = optional
|
|
commonName = supplied
|
|
emailAddress = optional
|
|
EOF
|
|
|
|
touch index
|
|
echo 0001 >serial
|
|
|
|
SERVER=server
|
|
CLIENT=client
|
|
|
|
openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
|
|
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
|
|
|
|
openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
|
|
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
|
|
</programlisting>
|
|
|
|
<para>Generated files <filename>ca.pem</filename>,
|
|
<filename>server.pem</filename>, and
|
|
<filename>server.key</filename> should be installed on server,
|
|
and <filename>ca.pem</filename>,
|
|
<filename>client.pem</filename>, and
|
|
<filename>client.key</filename> on the client. The location of
|
|
those files can be specified using
|
|
<varname>TrustedCertificateFile=</varname>,
|
|
<varname>ServerCertificateFile=</varname>,
|
|
<varname>ServerKeyFile=</varname>, in
|
|
<filename>/etc/systemd/journal-remote.conf</filename> and
|
|
<filename>/etc/systemd/journal-upload.conf</filename>,
|
|
respectively. The default locations can be queried by using
|
|
<command>systemd-journal-remote --help</command> and
|
|
<command>systemd-journal-upload --help</command>.</para>
|
|
</example>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
</refentry>
|