update TODO

[elogind.git] / man / systemd-journal-upload.xml

<?xml version='1.0'?> <!--*- Mode: nxml; nxml-child-indent: 2; indent-tabs-mode: nil -*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">

<!--
This file is part of systemd.

Copyright 2014 Zbigniew Jędrzejewski-Szmek

systemd is free software; you can redistribute it and/or modify it
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.

systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->

<refentry id="systemd-journal-upload" conditional='HAVE_MICROHTTPD'
          xmlns:xi="http://www.w3.org/2001/XInclude">

  <refentryinfo>
    <title>systemd-journal-upload</title>
    <productname>systemd</productname>

    <authorgroup>
      <author>
        <contrib>Developer</contrib>
        <firstname>Zbigniew</firstname>
        <surname>Jędrzejewski-Szmek</surname>
        <email>zbyszek@in.waw.pl</email>
      </author>
    </authorgroup>
  </refentryinfo>

  <refmeta>
    <refentrytitle>systemd-journal-upload</refentrytitle>
    <manvolnum>8</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>systemd-journal-upload</refname>
    <refpurpose>Send journal messages over the network</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>systemd-journal-upload</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="opt" rep="norepeat">-u/--url=<replaceable>URL</replaceable></arg>
      <arg choice="opt" rep="repeat">SOURCES</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para>
      <command>systemd-journal-upload</command> will upload journal
      entries to the URL specified with <option>--url</option>. Unless
      limited by one of the options specified below, all journal
      entries accessible to the user the program is running as will be
      uploaded, and then the program will wait and send new entries
      as they become available.
    </para>
  </refsect1>

  <refsect1>
    <title>Options</title>

    <variablelist>
      <varlistentry>
        <term><option>-u</option></term>
        <term><option>--url=<optional>https://</optional><replaceable>URL</replaceable></option></term>
        <term><option>--url=<optional>http://</optional><replaceable>URL</replaceable></option></term>

        <listitem><para>Upload to the specified
        address. <replaceable>URL</replaceable> may specify either
        just the hostname or both the protocol and
        hostname. <constant>https</constant> is the default.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--system</option></term>
        <term><option>--user</option></term>

        <listitem><para>Limit uploaded entries to entries from system
        services and the kernel, or to entries from services of
        current user. This has the same meaning as
        <option>--system</option> and <option>--user</option> options
        for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>. If
        neither is specified, all accessible entries are uploaded.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-m</option></term>
        <term><option>--merge</option></term>

        <listitem><para>Upload entries interleaved from all available
        journals, including other machines. This has the same meaning
        as <option>--merge</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-D</option></term>
        <term><option>--directory=<replaceable>DIR</replaceable></option></term>

        <listitem><para>Takes a directory path as argument. Upload
        entries from the specified journal directory
        <replaceable>DIR</replaceable> instead of the default runtime
        and system journal paths. This has the same meaning as
        <option>--directory</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--file=<replaceable>GLOB</replaceable></option></term>

        <listitem><para>Takes a file glob as an argument. Upload
        entries from the specified journal files matching
        <replaceable>GLOB</replaceable> instead of the default runtime
        and system journal paths. May be specified multiple times, in
        which case files will be suitably interleaved. This has the same meaning as
        <option>--file</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal specified by the passed cursor. This has the same
        meaning as <option>--cursor</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--after-cursor=</option></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the this cursor.  This has the same meaning as
        <option>--after-cursor</option> option for
        <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
        </para></listitem>
      </varlistentry>


      <varlistentry>
        <term><option>--save-state</option><optional>=<replaceable>PATH</replaceable></optional></term>

        <listitem><para>Upload entries from the location in the
        journal <emphasis>after</emphasis> the location specified by
        the cursor saved in file at <replaceable>PATH</replaceable>
        (<filename>/var/lib/systemd/journal-upload/state</filename> by default).
        After an entry is successfully uploaded, update this file
        with the cursor of that entry.
        </para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="help" />
      <xi:include href="standard-options.xml" xpointer="version" />
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Exit status</title>

    <para>On success, 0 is returned; otherwise, a non-zero
    failure code is returned.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>
    <example>
      <title>Setting up certificates for authentication</title>

      <para>Certificates signed by a trusted authority are used to
      verify that the server to which messages are uploaded is
      legitimate, and vice versa, that the client is trusted.</para>

      <para>A suitable set of certificates can be generated with
      <command>openssl</command>:</para>

      <programlisting>openssl req -newkey rsa:2048 -days 3650 -x509 -nodes \
      -out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'

cat >ca.conf &lt;&lt;EOF
[ ca ]
default_ca = this

[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything

[ policy_anything ]
countryName             = optional
stateOrProvinceName     = optional
localityName            = optional
organizationName        = optional
organizationalUnitName  = optional
commonName              = supplied
emailAddress            = optional
EOF

touch index
echo 0001 > serial

SERVER=server
CLIENT=client

openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem

openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
</programlisting>

      <para>Generated files <filename>ca.pem</filename>,
      <filename>server.pem</filename>, and
      <filename>server.key</filename> should be installed on server,
      and <filename>ca.pem</filename>,
      <filename>client.pem</filename>, and
      <filename>client.key</filename> on the client. The location of
      those files can be specified using
      <varname>TrustedCertificateFile=</varname>,
      <varname>ServerCertificateFile=</varname>,
      <varname>ServerKeyFile=</varname>, in
      <filename>/etc/systemd/journal-remote.conf</filename> and
      <filename>/etc/systemd/journal-upload.conf</filename>
      respectively. The default locations can be queried by using
      <command>systemd-journal-remote --help</command> and
      <command>systemd-journal-upload --help</command>.</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
      <citerefentry><refentrytitle>systemd-journal-gatewayd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>