2018-07-03 00:15:39 +03:00
<?xml version='1.0'?>
2019-03-14 16:40:58 +03:00
< !DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
2017-12-04 09:42:48 +03:00
<!ENTITY % entities SYSTEM "custom-entities.ent" >
%entities;
]>
2020-11-09 07:23:58 +03:00
<!-- SPDX - License - Identifier: LGPL - 2.1 - or - later -->
2012-11-02 02:08:03 +04:00
2014-07-21 03:28:58 +04:00
<refentry id= "systemd-journal-remote" conditional= 'HAVE_MICROHTTPD'
xmlns:xi="http://www.w3.org/2001/XInclude">
2012-11-02 02:08:03 +04:00
<refentryinfo >
2018-05-08 04:14:02 +03:00
<title > systemd-journal-remote.service</title>
2012-11-02 02:08:03 +04:00
<productname > systemd</productname>
</refentryinfo>
<refmeta >
2018-05-08 04:14:02 +03:00
<refentrytitle > systemd-journal-remote.service</refentrytitle>
2012-11-02 02:08:03 +04:00
<manvolnum > 8</manvolnum>
</refmeta>
<refnamediv >
2018-05-08 04:14:02 +03:00
<refname > systemd-journal-remote.service</refname>
<refname > systemd-journal-remote.socket</refname>
2012-11-02 02:08:03 +04:00
<refname > systemd-journal-remote</refname>
2014-07-10 22:50:50 +04:00
<refpurpose > Receive journal messages over the network</refpurpose>
2012-11-02 02:08:03 +04:00
</refnamediv>
<refsynopsisdiv >
2018-05-08 04:14:02 +03:00
<para > <filename > systemd-journal-remote.service</filename> </para>
<para > <filename > systemd-journal-remote.socket</filename> </para>
2012-11-02 02:08:03 +04:00
<cmdsynopsis >
2018-05-08 04:14:02 +03:00
<command > /usr/lib/systemd/systemd-journal-remote</command>
2012-11-02 02:08:03 +04:00
<arg choice= "opt" rep= "repeat" > OPTIONS</arg>
2014-07-10 22:50:50 +04:00
<arg choice= "opt" rep= "norepeat" > -o/--output=<replaceable > DIR</replaceable> |<replaceable > FILE</replaceable> </arg>
2012-11-02 02:08:03 +04:00
<arg choice= "opt" rep= "repeat" > SOURCES</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 >
<title > Description</title>
2018-05-08 11:37:09 +03:00
<para > <command > systemd-journal-remote</command> is a command to receive serialized journal
events and store them to journal files. Input streams are in the
2022-01-12 13:32:53 +03:00
<ulink url= "https://systemd.io/JOURNAL_EXPORT_FORMATS#journal-export-format" > Journal Export Format</ulink> ,
2018-05-08 11:37:09 +03:00
i.e. like the output from <command > journalctl --output=export</command> . For transport over the
network, this serialized stream is usually carried over an HTTPS connection.</para>
<para > <filename > systemd-journal-remote.service</filename> is a system service that uses
<command > systemd-journal-remote</command> to listen for connections.
<filename > systemd-journal-remote.socket</filename> configures the network address that
<filename > systemd-journal-remote.service</filename> listens on. By default this is port 19532.
What connections are accepted and how the received data is stored can be configured through the
<citerefentry > <refentrytitle > journal-remote.conf</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry>
configuration file.</para>
2012-11-02 02:08:03 +04:00
</refsect1>
<refsect1 >
<title > Sources</title>
<para >
Sources can be either "active"
(<command > systemd-journal-remote</command> requests and pulls
the data), or "passive"
(<command > systemd-journal-remote</command> waits for a
2014-05-08 03:28:44 +04:00
connection and then receives events pushed by the other side).
2012-11-02 02:08:03 +04:00
</para>
<para >
<command > systemd-journal-remote</command> can read more than one
event stream at a time. They will be interleaved in the output
file. In case of "active" connections, each "source" is one
2014-05-08 03:28:45 +04:00
stream, and in case of "passive" connections, each connection can
2012-11-02 02:08:03 +04:00
result in a separate stream. Sockets can be configured in
"accept" mode (i.e. only one connection), or "listen" mode (i.e.
multiple connections, each resulting in a stream).
</para>
<para >
When there are no more connections, and no more can be created
(there are no listening sockets), then
<command > systemd-journal-remote</command> will exit.
</para>
<para > Active sources can be specified in the following
ways:</para>
<variablelist >
<varlistentry >
2017-08-27 10:20:12 +03:00
<term > <arg choice= "opt" rep= "repeat" > SOURCES</arg> </term>
2012-11-02 02:08:03 +04:00
<listitem > <para > When <option > -</option> is given as a
positional argument, events will be read from standard input.
Other positional arguments will be treated as filenames
to open and read from.</para> </listitem>
</varlistentry>
<varlistentry >
<term > <option > --url=<replaceable > ADDRESS</replaceable> </option> </term>
<listitem > <para > With the
<option > --url=<replaceable > ADDRESS</replaceable> </option> option,
events will be retrieved using HTTP from
<replaceable > ADDRESS</replaceable> . This URL should refer to the
root of a remote
<citerefentry > <refentrytitle > systemd-journal-gatewayd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
2016-08-29 09:59:18 +03:00
instance, e.g. http://some.host:19531/ or
https://some.host:19531/.</para> </listitem>
2012-11-02 02:08:03 +04:00
</varlistentry>
2017-08-27 10:20:12 +03:00
<varlistentry >
<term > <option > --getter='<replaceable > PROG</replaceable> <arg choice= "opt" rep= "repeat" > OPTIONS</arg> '</option> </term>
<listitem > <para > Program to invoke to retrieve data. The journal
event stream must be generated on standard output.</para>
<para > Examples:</para>
<programlisting > --getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/'</programlisting>
<programlisting > --getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/'</programlisting>
</listitem>
</varlistentry>
2012-11-02 02:08:03 +04:00
</variablelist>
<para > Passive sources can be specified in the following
ways:</para>
<variablelist >
<varlistentry >
<term > <option > --listen-raw=<replaceable > ADDRESS</replaceable> </option> </term>
2014-03-15 23:58:03 +04:00
<listitem > <para > <replaceable > ADDRESS</replaceable> must be an
2014-05-08 03:28:44 +04:00
address suitable for <option > ListenStream=</option> (cf.
2012-11-02 02:08:03 +04:00
<citerefentry > <refentrytitle > systemd.socket</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ).
<command > systemd-journal-remote</command> will listen on this
socket for connections. Each connection is expected to be a
stream of journal events.</para>
</listitem>
</varlistentry>
2014-03-15 23:58:03 +04:00
<varlistentry >
<term > <option > --listen-http=<replaceable > ADDRESS</replaceable> </option> </term>
<term > <option > --listen-https=<replaceable > ADDRESS</replaceable> </option> </term>
2014-03-17 06:33:35 +04:00
<listitem > <para > <replaceable > ADDRESS</replaceable> must be
either a negative integer, in which case it will be
interpreted as the (negated) file descriptor number, or an
2014-03-15 23:58:03 +04:00
address suitable for <option > ListenStream=</option> (c.f.
<citerefentry > <refentrytitle > systemd.socket</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ).
2018-05-08 05:57:28 +03:00
In the first case, the server listens on port 19532 by default,
and the matching file descriptor must be inherited through
2014-03-17 06:33:35 +04:00
<varname > $LISTEN_FDS</varname> /<varname > $LISTEN_PID</varname> .
In the second case, an HTTP or HTTPS server will be spawned on
2018-04-18 10:15:28 +03:00
this port, respectively for <option > --listen-http=</option> and
<option > --listen-https=</option> . Currently, only POST requests
2014-03-17 06:33:35 +04:00
to <filename > /upload</filename> with <literal > Content-Type:
application/vnd.fdo.journal</literal> are supported.</para>
2014-03-15 23:58:03 +04:00
</listitem>
</varlistentry>
2012-11-02 02:08:03 +04:00
<varlistentry >
<term > <varname > $LISTEN_FDS</varname> </term>
<listitem > <para > <command > systemd-journal-remote</command>
supports the
<varname > $LISTEN_FDS</varname> /<varname > $LISTEN_PID</varname>
2014-03-17 06:33:35 +04:00
protocol. Open sockets inherited through socket activation
behave like those opened with <option > --listen-raw=</option>
described above, unless they are specified as an argument in
<option > --listen-http=-<replaceable > n</replaceable> </option>
or
<option > --listen-https=-<replaceable > n</replaceable> </option>
2014-05-08 03:28:45 +04:00
above. In the latter case, an HTTP or HTTPS server will be
2014-03-17 06:33:35 +04:00
spawned using this descriptor and connections must be made
over the HTTP protocol.</para>
2012-11-02 02:08:03 +04:00
</listitem>
</varlistentry>
2017-12-04 09:42:48 +03:00
<varlistentry >
<term > <option > --key=</option> </term>
2020-11-04 18:23:11 +03:00
<listitem > <para > Takes a path to a SSL secret key file in PEM format. Defaults to
2020-07-17 13:58:19 +03:00
<filename > &CERTIFICATE_ROOT; /private/journal-remote.pem</filename> . This option can be used with
<option > --listen-https=</option> . If the path refers to an <constant > AF_UNIX</constant> stream socket
in the file system a connection is made to it and the key read from it.</para> </listitem>
2017-12-04 09:42:48 +03:00
</varlistentry>
<varlistentry >
<term > <option > --cert=</option> </term>
2020-07-17 13:58:19 +03:00
<listitem > <para > Takes a path to a SSL certificate file in PEM format. Defaults to
<filename > &CERTIFICATE_ROOT; /certs/journal-remote.pem</filename> . This option can be used with
<option > --listen-https=</option> . If the path refers to an <constant > AF_UNIX</constant> stream socket
in the file system a connection is made to it and the certificate read from it.</para> </listitem>
2017-12-04 09:42:48 +03:00
</varlistentry>
<varlistentry >
<term > <option > --trust=</option> </term>
2020-07-17 13:58:19 +03:00
<listitem > <para > Takes a path to a SSL CA certificate file in PEM format, or <option > all</option> . If
<option > all</option> is set, then certificate checking will be disabled. Defaults to
<filename > &CERTIFICATE_ROOT; /ca/trusted.pem</filename> . This option can be used with
<option > --listen-https=</option> . If the path refers to an <constant > AF_UNIX</constant> stream socket
in the file system a connection is made to it and the certificate read from it.</para> </listitem>
2017-12-04 09:42:48 +03:00
</varlistentry>
<varlistentry >
<term > <option > --gnutls-log=</option> </term>
<listitem > <para >
Takes a comma separated list of gnutls logging categories.
This option can be used with <option > --listen-http=</option> or
<option > --listen-https=</option> .
</para> </listitem>
</varlistentry>
2012-11-02 02:08:03 +04:00
</variablelist>
</refsect1>
<refsect1 >
<title > Sinks</title>
<para > The location of the output journal can be specified
2017-08-30 11:03:37 +03:00
with <option > -o</option> or <option > --output=</option> .
2012-11-02 02:08:03 +04:00
</para>
<variablelist >
<varlistentry >
<term > <option > --output=<replaceable > FILE</replaceable> </option> </term>
2014-07-10 23:03:28 +04:00
<listitem > <para > Will write to this journal file. The filename
must end with <filename > .journal</filename> . The file will be
created if it does not exist. If necessary (journal file full,
or corrupted), the file will be renamed following normal
2014-05-08 03:28:44 +04:00
journald rules and a new journal file will be created in its
stead.</para> </listitem>
2012-11-02 02:08:03 +04:00
</varlistentry>
<varlistentry >
<term > <option > --output=<replaceable > DIR</replaceable> </option> </term>
<listitem > <para > Will create journal files underneath directory
2014-05-08 03:28:45 +04:00
<replaceable > DIR</replaceable> . The directory must exist. If
necessary (journal files over size, or corrupted), journal
2012-11-02 02:08:03 +04:00
files will be rotated following normal journald rules. Names
of files underneath <replaceable > DIR</replaceable> will be
generated using the rules described below.</para> </listitem>
</varlistentry>
</variablelist>
2014-07-10 23:03:28 +04:00
<para > If <option > --output=</option> is not used, the output
directory <filename > /var/log/journal/remote/</filename> will be
used. In case the output file is not specified, journal files
will be created underneath the selected directory. Files will be
called
<filename > remote-<replaceable > hostname</replaceable> .journal</filename> ,
2014-07-23 14:40:07 +04:00
where the <replaceable > hostname</replaceable> part is the
2014-07-10 23:03:28 +04:00
escaped hostname of the source endpoint of the connection, or the
numerical address if the hostname cannot be determined.</para>
2017-08-27 10:20:12 +03:00
<para > In the case that "active" sources are given by the positional
arguments or <option > --getter=</option> option, the output file name
must always be given explicitly.</para>
2012-11-02 02:08:03 +04:00
</refsect1>
<refsect1 >
<title > Options</title>
<para > The following options are understood:</para>
<variablelist >
2014-06-22 21:36:31 +04:00
<varlistentry >
<term > <option > --split-mode</option> </term>
<listitem > <para > One of <constant > none</constant> or
<constant > host</constant> . For the first, only one output
journal file is used. For the latter, a separate output file
is used, based on the hostname of the other endpoint of a
connection.</para>
2017-08-30 11:03:37 +03:00
<para > In the case that "active" sources are given by the positional
arguments or <option > --getter=</option> option, the output file name must
2014-06-22 21:36:31 +04:00
always be given explicitly and only <constant > none</constant>
is allowed.</para> </listitem>
</varlistentry>
2012-11-02 02:08:03 +04:00
<varlistentry >
2016-05-06 22:14:14 +03:00
<term > <option > --compress</option> [<replaceable > BOOL</replaceable> ]</term>
2012-11-02 02:08:03 +04:00
2016-05-06 22:14:14 +03:00
<listitem > <para > If this is set to <literal > yes</literal> then compress
the data in the journal using XZ. The default is <literal > yes</literal> .
</para> </listitem>
2012-11-02 02:08:03 +04:00
</varlistentry>
<varlistentry >
2016-05-06 22:14:14 +03:00
<term > <option > --seal</option> [<replaceable > BOOL</replaceable> ]</term>
2012-11-02 02:08:03 +04:00
2016-05-06 22:14:14 +03:00
<listitem > <para > If this is set to <literal > yes</literal> then
periodically sign the data in the journal using Forward Secure Sealing.
The default is <literal > no</literal> .</para> </listitem>
2012-11-02 02:08:03 +04:00
</varlistentry>
2014-07-21 03:28:58 +04:00
<xi:include href= "standard-options.xml" xpointer= "help" />
<xi:include href= "standard-options.xml" xpointer= "version" />
2012-11-02 02:08:03 +04:00
</variablelist>
</refsect1>
<refsect1 >
<title > Examples</title>
<para > Copy local journal events to a different journal directory:
<programlisting >
2017-08-27 10:20:12 +03:00
journalctl -o export | systemd-journal-remote -o /tmp/dir/foo.journal -
2012-11-02 02:08:03 +04:00
</programlisting>
</para>
2016-01-24 09:54:05 +03:00
<para > Retrieve all available events from a remote
2012-11-02 02:08:03 +04:00
<citerefentry > <refentrytitle > systemd-journal-gatewayd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
instance and store them in
2016-01-24 09:54:05 +03:00
<filename > /var/log/journal/remote/remote-some.host.journal</filename> :
2012-11-02 02:08:03 +04:00
<programlisting >
systemd-journal-remote --url http://some.host:19531/
</programlisting>
</para>
2016-01-24 09:54:05 +03:00
<para > Retrieve current boot events and wait for new events from a remote
<citerefentry > <refentrytitle > systemd-journal-gatewayd</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
instance, and store them in
<filename > /var/log/journal/remote/remote-some.host.journal</filename> :
<programlisting >
systemd-journal-remote --url http://some.host:19531/entries?boot& follow
</programlisting>
</para>
</refsect1>
2012-11-02 02:08:03 +04:00
<refsect1 >
<title > See Also</title>
<para >
2018-05-08 04:14:02 +03:00
<citerefentry > <refentrytitle > journal-remote.conf</refentrytitle> <manvolnum > 5</manvolnum> </citerefentry> ,
2012-11-02 02:08:03 +04:00
<citerefentry > <refentrytitle > journalctl</refentrytitle> <manvolnum > 1</manvolnum> </citerefentry> ,
2018-05-08 04:14:02 +03:00
<citerefentry > <refentrytitle > systemd-journal-gatewayd.service</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd-journal-upload.service</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry> ,
<citerefentry > <refentrytitle > systemd-journald.service</refentrytitle> <manvolnum > 8</manvolnum> </citerefentry>
2012-11-02 02:08:03 +04:00
</para>
</refsect1>
</refentry>