systemd-journal-remote [OPTIONS...] [-o/--output= DIR|FILE] [SOURCES...]
When - is given as a positional argument, events will be read from standard input. Other positional arguments will be treated as filenames to open and read from.--url=ADDRESS
With the --url=ADDRESS option, events will be retrieved using HTTP from ADDRESS. This URL should refer to the root of a remote systemd-journal-gatewayd(8) instance, e.g. http://some.host:19531/ or https://some.host:19531/.--getter='PROG [OPTIONS...]'
Program to invoke to retrieve data. The journal event stream must be generated on standard output.Examples:Passive sources can be specified in the following ways: --listen-raw=ADDRESS
--getter='curl "-HAccept: application/vnd.fdo.journal" https://some.host:19531/'
--getter='wget --header="Accept: application/vnd.fdo.journal" -O- https://some.host:19531/'
ADDRESS must be an address suitable for ListenStream= (cf. systemd.socket(5)). systemd-journal-remote will listen on this socket for connections. Each connection is expected to be a stream of journal events.--listen-http=ADDRESS, --listen-https=ADDRESS
ADDRESS must be either a negative integer, in which case it will be interpreted as the (negated) file descriptor number, or an address suitable for ListenStream= (c.f. systemd.socket(5)). In the first case, matching file descriptor must be inherited through $LISTEN_FDS/$LISTEN_PID. In the second case, an HTTP or HTTPS server will be spawned on this port, respectively for --listen-http and --listen-https. Currently, only POST requests to /upload with "Content-Type: application/vnd.fdo.journal" are supported.$LISTEN_FDS
systemd-journal-remote supports the $LISTEN_FDS/ $LISTEN_PID protocol. Open sockets inherited through socket activation behave like those opened with --listen-raw= described above, unless they are specified as an argument in --listen-http=- n or --listen-https=-n above. In the latter case, an HTTP or HTTPS server will be spawned using this descriptor and connections must be made over the HTTP protocol.--key=
Takes a path to a SSL key file in PEM format. Defaults to /etc/ssl/private/journal-remote.pem. This option can be used with --listen-https=.--cert=
Takes a path to a SSL certificate file in PEM format. Defaults to /etc/ssl/certs/journal-remote.pem. This option can be used with --listen-https=.--trust=
Takes a path to a SSL CA certificate file in PEM format, or all. If all is set, then certificate checking will be disabled. Defaults to /etc/ssl/ca/trusted.pem. This option can be used with --listen-https=.--gnutls-log=
Takes a comma separated list of gnutls logging categories. This option can be used with --listen-http= or --listen-https=.
Will write to this journal file. The filename must end with .journal. The file will be created if it does not exist. If necessary (journal file full, or corrupted), the file will be renamed following normal journald rules and a new journal file will be created in its stead.--output=DIR
Will create journal files underneath directory DIR. The directory must exist. If necessary (journal files over size, or corrupted), journal files will be rotated following normal journald rules. Names of files underneath DIR will be generated using the rules described below.If --output= is not used, the output directory /var/log/journal/remote/ will be used. In case the output file is not specified, journal files will be created underneath the selected directory. Files will be called remote- hostname.journal, where the hostname part is the escaped hostname of the source endpoint of the connection, or the numerical address if the hostname cannot be determined. In the case that "active" sources are given by the positional arguments or --getter= option, the output file name must always be given explicitly.
One of none or host. For the first, only one output journal file is used. For the latter, a separate output file is used, based on the hostname of the other endpoint of a connection.In the case that "active" sources are given by the positional arguments or --getter= option, the output file name must always be given explicitly and only none is allowed.--compress [BOOL]
If this is set to "yes" then compress the data in the journal using XZ. The default is "yes".--seal [BOOL]
If this is set to "yes" then periodically sign the data in the journal using Forward Secure Sealing. The default is "no".-h, --help
Print a short help text and exit.--version
Print a short version string and exit.
journalctl -o export | systemd-journal-remote -o /tmp/dir/foo.journal -
systemd-journal-remote --url http://some.host:19531/
systemd-journal-remote --url http://some.host:19531/entries?boot&follow
- Journal Export Format