Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   systemd-journal-upload    ( 8 )

отправлять сообщения журнала по сети (Send journal messages over the network)

Имя (Name)

systemd-journal-upload.service, systemd-journal-upload - Send
       journal messages over the network

Синопсис (Synopsis)

systemd-journal-upload.service

/usr/lib/systemd/systemd-journal-upload [OPTIONS...] [-u/--url=URL] [SOURCES...]


Описание (Description)

systemd-journal-upload will upload journal entries to the URL
       specified with --url=. This program reads journal entries from
       one or more journal files, similarly to journalctl(1). Unless
       limited by one of the options specified below, all journal
       entries accessible to the user the program is running as will be
       uploaded, and then the program will wait and send new entries as
       they become available.

systemd-journal-upload.service is a system service that uses systemd-journal-upload to upload journal entries to a server. It uses the configuration in journal-upload.conf(5). At least the URL= option must be specified.


Параметры (Options)

-u, --url=[https://]URL[:PORT], --url=[http://]URL[:PORT]
           Upload to the specified address.  URL may specify either just
           the hostname or both the protocol and hostname.  https is the
           default. The port number may be specified after a colon
           (":"), otherwise 19532 will be used by default.

--system, --user Limit uploaded entries to entries from system services and the kernel, or to entries from services of current user. This has the same meaning as --system and --user options for journalctl(1). If neither is specified, all accessible entries are uploaded.

-m, --merge Upload entries interleaved from all available journals, including other machines. This has the same meaning as --merge option for journalctl(1).

-D, --directory=DIR Takes a directory path as argument. Upload entries from the specified journal directory DIR instead of the default runtime and system journal paths. This has the same meaning as --directory= option for journalctl(1).

--file=GLOB Takes a file glob as an argument. Upload entries from the specified journal files matching GLOB instead of the default runtime and system journal paths. May be specified multiple times, in which case files will be suitably interleaved. This has the same meaning as --file= option for journalctl(1).

--cursor= Upload entries from the location in the journal specified by the passed cursor. This has the same meaning as --cursor= option for journalctl(1).

--after-cursor= Upload entries from the location in the journal after the location specified by the this cursor. This has the same meaning as --after-cursor= option for journalctl(1).

--save-state[=PATH] Upload entries from the location in the journal after the location specified by the cursor saved in file at PATH (/var/lib/systemd/journal-upload/state by default). After an entry is successfully uploaded, update this file with the cursor of that entry.

--follow[=BOOL] If set to yes, then systemd-journal-upload waits for input.

--key= Takes a path to a SSL key file in PEM format, or -. If - is set, then client certificate authentication checking will be disabled. Defaults to /etc/ssl/private/journal-upload.pem.

--cert= Takes a path to a SSL certificate file in PEM format, or -. If - is set, then client certificate authentication checking will be disabled. Defaults to /etc/ssl/certs/journal-upload.pem.

--trust= Takes a path to a SSL CA certificate file in PEM format, or -/all. If -/all is set, then certificate checking will be disabled. Defaults to /etc/ssl/ca/trusted.pem.

-h, --help Print a short help text and exit.

--version Print a short version string and exit.


Статус выхода (Exit)

On success, 0 is returned; otherwise, a non-zero failure code is
       returned.

Примеры (Examples)

Example 1. Setting up certificates for authentication

Certificates signed by a trusted authority are used to verify that the server to which messages are uploaded is legitimate, and vice versa, that the client is trusted.

A suitable set of certificates can be generated with openssl. Note, 2048 bits of key length is minimally recommended to use for security reasons:

openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \ -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

cat >ca.conf <<EOF [ ca ] default_ca = this

[ this ] new_certs_dir = . certificate = ca.pem database = ./index private_key = ca.key serial = ./serial default_days = 3650 default_md = default policy = policy_anything

[ policy_anything ] countryName = optional stateOrProvinceName = optional localityName = optional organizationName = optional organizationalUnitName = optional commonName = supplied emailAddress = optional EOF

touch index echo 0001 >serial

SERVER=server CLIENT=client

openssl req -newkey rsa:2048 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/" openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

openssl req -newkey rsa:2048 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/" openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem

Generated files ca.pem, server.pem, and server.key should be installed on server, and ca.pem, client.pem, and client.key on the client. The location of those files can be specified using TrustedCertificateFile=, ServerCertificateFile=, and ServerKeyFile= in /etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf, respectively. The default locations can be queried by using systemd-journal-remote --help and systemd-journal-upload --help.


Смотри также (See also)

journal-upload.conf(5), systemd-journal-remote.service(8),
       journalctl(1), systemd-journald.service(8),
       systemd-journal-gatewayd.service(8)