Provided by: systemd-journal-remote_255.4-1ubuntu8.4_amd64 bug

NAME

       systemd-journal-upload.service, systemd-journal-upload - Send journal messages over the
       network

SYNOPSIS

       systemd-journal-upload.service

       /usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL] [SOURCES...]

DESCRIPTION

       systemd-journal-upload will upload journal entries to the URL specified with --url=. This
       program reads journal entries from one or more journal files, similarly to journalctl(1).
       Unless limited by one of the options specified below, all journal entries accessible to
       the user the program is running as will be uploaded, and then the program will wait and
       send new entries as they become available.

       systemd-journal-upload transfers the raw content of journal file and uses HTTP as a
       transport protocol.

       systemd-journal-upload.service is a system service that uses systemd-journal-upload to
       upload journal entries to a server. It uses the configuration in journal-upload.conf(5).
       At least the URL= option must be specified.

OPTIONS

       -u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
           Upload to the specified address.  URL may specify either just the hostname or both the
           protocol and hostname.  https is the default. The port number may be specified after a
           colon (":"), otherwise 19532 will be used by default.

           Added in version 239.

       --system, --user
           Limit uploaded entries to entries from system services and the kernel, or to entries
           from services of current user. This has the same meaning as --system and --user
           options for journalctl(1). If neither is specified, all accessible entries are
           uploaded.

           Added in version 239.

       -m, --merge
           Upload entries interleaved from all available journals, including other machines. This
           has the same meaning as --merge option for journalctl(1).

           Added in version 239.

       --namespace=NAMESPACE
           Takes a journal namespace identifier string as argument. Upload entries from the
           specified journal namespace NAMESPACE instead of the default namespace. This has the
           same meaning as --namespace= option for journalctl(1).

           Added in version 254.

       -D, --directory=DIR
           Takes a directory path as argument. Upload entries from the specified journal
           directory DIR instead of the default runtime and system journal paths. This has the
           same meaning as --directory= option for journalctl(1).

           Added in version 239.

       --file=GLOB
           Takes a file glob as an argument. Upload entries from the specified journal files
           matching GLOB instead of the default runtime and system journal paths. May be
           specified multiple times, in which case files will be suitably interleaved. This has
           the same meaning as --file= option for journalctl(1).

           Added in version 239.

       --cursor=
           Upload entries from the location in the journal specified by the passed cursor. This
           has the same meaning as --cursor= option for journalctl(1).

           Added in version 239.

       --after-cursor=
           Upload entries from the location in the journal after the location specified by the
           this cursor. This has the same meaning as --after-cursor= option for journalctl(1).

           Added in version 239.

       --save-state[=PATH]
           Upload entries from the location in the journal after the location specified by the
           cursor saved in file at PATH (/var/lib/systemd/journal-upload/state by default). After
           an entry is successfully uploaded, update this file with the cursor of that entry.

           Added in version 239.

       --follow[=BOOL]
           If set to yes, then systemd-journal-upload waits for input.

           Added in version 239.

       --key=
           Takes a path to a SSL key file in PEM format, or -. If - is set, then client
           certificate authentication checking will be disabled. Defaults to
           /etc/ssl/private/journal-upload.pem.

           Added in version 239.

       --cert=
           Takes a path to a SSL certificate file in PEM format, or -. If - is set, then client
           certificate authentication checking will be disabled. Defaults to
           /etc/ssl/certs/journal-upload.pem.

           Added in version 239.

       --trust=
           Takes a path to a SSL CA certificate file in PEM format, or -/all. If -/all is set,
           then certificate checking will be disabled. Defaults to /etc/ssl/ca/trusted.pem.

           Added in version 239.

       -h, --help
           Print a short help text and exit.

       --version
           Print a short version string and exit.

EXIT STATUS

       On success, 0 is returned; otherwise, a non-zero failure code is returned.

EXAMPLES

       Example 1. Setting up certificates for authentication

       Certificates signed by a trusted authority are used to verify that the server to which
       messages are uploaded is legitimate, and vice versa, that the client is trusted.

       A suitable set of certificates can be generated with openssl. Note, 2048 bits of key
       length is minimally recommended to use for security reasons:

           openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
                 -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

           cat >ca.conf <<EOF
           [ ca ]
           default_ca = this

           [ this ]
           new_certs_dir = .
           certificate = ca.pem
           database = ./index
           private_key = ca.key
           serial = ./serial
           default_days = 3650
           default_md = default
           policy = policy_anything

           [ policy_anything ]
           countryName             = optional
           stateOrProvinceName     = optional
           localityName            = optional
           organizationName        = optional
           organizationalUnitName  = optional
           commonName              = supplied
           emailAddress            = optional
           EOF

           touch index
           echo 0001 >serial

           SERVER=server
           CLIENT=client

           openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
           openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

           openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
           openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem

       Generated files ca.pem, server.pem, and server.key should be installed on server, and
       ca.pem, client.pem, and client.key on the client. The location of those files can be
       specified using TrustedCertificateFile=, ServerCertificateFile=, and ServerKeyFile= in
       /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf, respectively. The
       default locations can be queried by using systemd-journal-remote --help and
       systemd-journal-upload --help.

SEE ALSO

       journal-upload.conf(5), systemd-journal-remote.service(8), journalctl(1), systemd-
       journald.service(8), systemd-journal-gatewayd.service(8)