How to configure systemd journal-remote?
Solution 1:
Seeing that there is not even a single comment, I decided to continue my research and finally pieced the configuration together.
OS: Ubuntu 16.04
systemd: 229-1ubuntu2
systemd-journal-remote: 229-1ubuntu2
Upload server configuration
This one is actually simple, online example are correct and only need to touch one configuration file.
Use following command to install systemd-journal-remote
sudo apt-get install systemd-journal-remote
Edit /etc/systemd/journal-upload.conf.
/etc/systemd/journal-upload.conf
[Upload]
URL=http://10.0.0.1:19532
# ServerKeyFile=/etc/ssl/private/journal-upload.pem
# ServerCertificateFile=/etc/ssl/certs/journal-upload.pem
# TrustedCertificateFile=/etc/ssl/ca/trusted.pem
To make sure journal-upload auto start on boot
sudo systemctl enable systemd-journal-upload.service
Restart journal-upload after configuration.
sudo systemctl restart systemd-journal-upload.service
If you are using http, you can do as above and leave the bottom 3 lines commented. For active mode https, uncomment them and create those cert files.
The URL actually dictate the transfer protocol(http/https) and the destination port to use.
Additionally if you want to prevent accidental overwrite by future package update, you can create a /etc/systemd/journal-upload.conf.d directory and put your config file inside, as long as the file end with a .conf extension.
As a side notes, I am doing this within a LXC container and seems the service will not use /etc/hosts for dns resolution, I end up using IP address here. So if you use hostname and see error message that journal-upload cannot reach the target, try with IP address.
Receiving server configuration
The receiving server give me most of the trouble when looking for configuration information. And unlike the uploading server, configuration is scattered on this side.
Use following command to install systemd-journal-remote and enable the listening port
sudo apt-get install systemd-journal-remote
sudo systemctl enable systemd-journal-remote.socket
There are two ways, active and passive, to configure journal-remote. I am using passive mode here.
Port number
The configuration file for journal listening port is /etc/systemd/system/sockets.target.wants/systemd-journal-remote.socket as follow. ListenStream is the port number.
Unlike the uploading side, this setting has nothing to do with which protocol(http/https) to use. It only specify the listening port number.
[Unit]
Description=Journal Remote Sink Socket
[Socket]
ListenStream=19532
[Install]
WantedBy=sockets.target
Protocol(http/https) and journal/log location
To change the protocol of the journal transfer and the save location, copy /lib/systemd/system/systemd-journal-remote.service into /etc/systemd/system/, then edit /etc/systemd/system/systemd-journal-remote.service.
[Unit]
Description=Journal Remote Sink Service
Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
Requires=systemd-journal-remote.socket
[Service]
ExecStart=/etc/systemd/systemd-journal-remote \
--listen-http=-3 \
--output=/var/log/journal/remote/
User=systemd-journal-remote
Group=systemd-journal-remote
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
WatchdogSec=3min
[Install]
Also=systemd-journal-remote.socket
The --listen-http=-3 specify the incoming journal is using http. If you want to use https, change it to --listen-https=-3.
--output=/var/log/journal/remote/ specify the sink (saving directory) of incoming journal. If it does not exist, create it and change its owner to systemd-journal-remote.
sudo mkdir /var/log/journal/remote
sudo chown systemd-journal-remote /var/log/journal/remote
Restart journal-remote.socket after configuration.
sudo systemctl daemon-reload
What about the most obvious /etc/systemd/journal-remote.conf?
[Remote]
# Seal=false
# SplitMode=host
# ServerKeyFile=/etc/ssl/private/journal-remote.pem
# ServerCertificateFile=/etc/ssl/certs/journal-remote.pem
# TrustedCertificateFile=/etc/ssl/ca/trusted.pem
Since I am not using https, don't need to change anything.