Remotelogging with systemd journald - how to use ksystemlog with?
Hello all
no all us servers running on systemd so we would like to use journald also for remotelogging. And yes we have configured that and it is running fine. We have configured the first 3 servers to send logs to central journaldservice with https and certificate. So on the server it is easy to say:
So we searching vor a GUI/Interface. The only one program that we found that journald is supported is ksystemlog. There i can enter remoteconnection. But i can't set some auth there. How the program connect? If i do the connection the programm say connected, but the logs in the program are emty.
I think that can't be so easy to connect, because that would be an security issue. So how i must conncect to the remote journald Server?
Here are the serverconfigs:
Code:
cat /etc/systemd/journal-remote.conf
[Remote]
# Seal=false
# SplitMode=host
ServerKeyFile=/etc/ssl/private-journal-remote/journal-remote.pem
ServerCertificateFile=/etc/ssl/certs/journal-remote.pem
TrustedCertificateFile=/etc/ssl/ca/trusted.pem[/ICODE]
[ICODE]cat /etc/systemd/system/systemd-journal-remote.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description=Journal Remote Sink Service
Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
Requires=systemd-journal-remote.socket
[Service]
ExecStart=/lib/systemd/systemd-journal-remote \
--listen-https=-3 \
--output=/var/log/journal/remote/
User=systemd-journal-remote
Group=systemd-journal-remote
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
WatchdogSec=3min
I was testing Fedora 16 mostly to check the new features. One thing that caught my eye as a systems admin is the systemd which is incorporated in Fedora for quite a while now.
From the first look of it, this appears more close to Solaris's SMF. With parallelization capabilities, advanced... (0 Replies)
I am writing a program that must determine certain things about services. How can I, or my program, determine which services are started automatically when a given target becomes active. It is my impression that just looking in the target's .wants directory is inadequate because of other... (2 Replies)
I'm on Arch and I have a strange issue with systemctl hibernate command. It hibernates and resumes just fine (I have TuxOnIce), but in the last stage of resume, it completely shuts down my laptop screen, so I cannot see anything even though I know the system resumed just fined and the desktop is... (1 Reply)
Hallo
I don't know where to put my question so I put it here.
I want that systemd let run a script but only on shutdown or reboot
and before the system umount the mounted devices.
I look on google but only a little information is found and not working
Until no, I don't find an solution for... (1 Reply)
Hello All,
OS: openSUSE 13.1 (Bottle) (armv7hl)
uname -a: Linux linux.site 3.14.14-cubox-i #1 SMP Sat Sep 13 03:48:24 UTC 2014 armv7l armv7l armv7l GNU/Linux
So this is my first attempt at starting a service at boot with systemd. I've done this with inittab in the past,
but I'm having... (0 Replies)
Hi All,
I had a startup script (rc3.d/S01getinput) which will accept user inputs during the boot up in console. Basically it will prompt for input. It was working fine in RHEL6.
Now I have migrated to RHEL 7 and script gets executed as part of the boot up process. But it does not... (1 Reply)
hi moring everyone,
i has used systemd-timer running the task, i set every 5 second execute 1 times,but the systemd-timer don't by that also random times execute.
what's reason.
testest.timer configure
------------------------------------------------------------------------
... (2 Replies)
journalctl --since "tomorrow"
By idea to show magazines from tomorrow. As it is illogical.
Tell me what is the essence of the team with the key tomorrow?
Code tags please (1 Reply)
Hi,
systemd cant start my script, but it work, at command prompt.
Code and execute at command prompt
#cat collector.sh
#!/bin/bash
case $1 in
start)
/home/postgres/scripts/pgwatch2/pgwatch2.sh
/home/postgres/scripts/pgwatch2/pgwatch2_UI.sh
;;
... (7 Replies)
Discussion started by: kvaikla
7 Replies
LEARN ABOUT DEBIAN
systemd-journal-upload
SYSTEMD-JOURNAL-UPLOAD(8) systemd-journal-upload SYSTEMD-JOURNAL-UPLOAD(8)NAME
systemd-journal-upload - Send journal messages over the network
SYNOPSIS
systemd-journal-upload [OPTIONS...] [-u/--url=URL] [SOURCES...]
DESCRIPTION
systemd-journal-upload will upload journal entries to the URL specified with --url. Unless limited by one of the options specified below,
all journal entries accessible to the user the program is running as will be uploaded, and then the program will wait and send new entries
as they become available.
OPTIONS -u, --url=[https://]URL, --url=[http://]URL
Upload to the specified address. URL may specify either just the hostname or both the protocol and hostname. https is the default.
--system, --user
Limit uploaded entries to entries from system services and the kernel, or to entries from services of current user. This has the same
meaning as --system and --user options for journalctl(1). If neither is specified, all accessible entries are uploaded.
-m, --merge
Upload entries interleaved from all available journals, including other machines. This has the same meaning as --merge option for
journalctl(1).
-D, --directory=DIR
Takes a directory path as argument. Upload entries from the specified journal directory DIR instead of the default runtime and system
journal paths. This has the same meaning as --directory option for journalctl(1).
--file=GLOB
Takes a file glob as an argument. Upload entries from the specified journal files matching GLOB instead of the default runtime and
system journal paths. May be specified multiple times, in which case files will be suitably interleaved. This has the same meaning as
--file option for journalctl(1).
--cursor=
Upload entries from the location in the journal specified by the passed cursor. This has the same meaning as --cursor option for
journalctl(1).
--after-cursor=
Upload entries from the location in the journal after the location specified by the this cursor. This has the same meaning as
--after-cursor option for journalctl(1).
--save-state[=PATH]
Upload entries from the location in the journal after the location specified by the cursor saved in file at PATH
(/var/lib/systemd/journal-upload/state by default). After an entry is successfully uploaded, update this file with the cursor of that
entry.
--follow[=BOOL]
If set to yes, then systemd-journal-upload waits for input.
--key=
Takes a path to a SSL key file in PEM format. Defaults to /etc/ssl/private/journal-upload.pem.
--cert=
Takes a path to a SSL certificate file in PEM format. Defaults to /etc/ssl/certs/journal-upload.pem.
--trust=
Takes a path to a SSL CA certificate file in PEM format, or all. If all is set, then certificate checking will be disabled. Defaults to
/etc/ssl/ca/trusted.pem.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
EXIT STATUS
On success, 0 is returned; otherwise, a non-zero failure code is returned.
EXAMPLES
Example 1. Setting up certificates for authentication
Certificates signed by a trusted authority are used to verify that the server to which messages are uploaded is legitimate, and vice versa,
that the client is trusted.
A suitable set of certificates can be generated with openssl:
openssl req -newkey rsa:2048 -days 3650 -x509 -nodes
-out ca.pem -keyout ca.key -subj '/CN=Certificate authority/'
cat >ca.conf <<EOF
[ ca ]
default_ca = this
[ this ]
new_certs_dir = .
certificate = ca.pem
database = ./index
private_key = ca.key
serial = ./serial
default_days = 3650
default_md = default
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
EOF
touch index
echo 0001 >serial
SERVER=server
CLIENT=client
openssl req -newkey rsa:1024 -nodes -out $SERVER.csr -keyout $SERVER.key -subj "/CN=$SERVER/"
openssl ca -batch -config ca.conf -notext -in $SERVER.csr -out $SERVER.pem
openssl req -newkey rsa:1024 -nodes -out $CLIENT.csr -keyout $CLIENT.key -subj "/CN=$CLIENT/"
openssl ca -batch -config ca.conf -notext -in $CLIENT.csr -out $CLIENT.pem
Generated files ca.pem, server.pem, and server.key should be installed on server, and ca.pem, client.pem, and client.key on the client. The
location of those files can be specified using TrustedCertificateFile=, ServerCertificateFile=, ServerKeyFile=, in
/etc/systemd/journal-remote.conf and /etc/systemd/journal-upload.conf, respectively. The default locations can be queried by using
systemd-journal-remote --help and systemd-journal-upload --help.
SEE ALSO systemd-journal-remote(8), journalctl(1), systemd-journald.service(8), systemd-journal-gatewayd.service(8)systemd 237SYSTEMD-JOURNAL-UPLOAD(8)
08-03-2018
