Journald

1

ExecStart=/lib/systemd/systemd-journal-remote --listen-http=-3 --output=/var/log/journal/remote/all.journal

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

[Remote]
Seal=false
SplitMode=none
Compress=yes
SystemKeepFree=5%
SystemMaxFileSize=1G

# ServerKeyFile=/etc/letsencrypt/live/server.your_domain/privkey.pem
# ServerCertificateFile=/etc/letsencrypt/live/server.your_domain/fullchain.pem
# TrustedCertificateFile=/etc/letsencrypt/live/server.your_domain/letsencrypt-combined-certs.pem

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16

sudo apt install systemd-journal-remote
sudo systemctl enable systemd-journal-remote

# Recommenced not less than 253
sudo sudo dpkg -l systemd-journal-remote

# create storage dir
sudo mkdir -p /var/log/journal/remote
sudo chown -R systemd-journal-remote:systemd-journal-remote /var/log/journal/remote

# firewall
sudo ufw allow in 19532/tcp
sudo ufw allow in 80/tcp

# for server certs
# sudo chown -R systemd-journal-remote:systemd-journal-remote /etc/systemd/journal-remote-ssl

1
2
3
4
5
6

[Upload]
URL=http://CHANGE-ME:19532

# ServerKeyFile=/etc/letsencrypt/live/client.your_domain/privkey.pem
# ServerCertificateFile=/etc/letsencrypt/live/client.your_domain/fullchain.pem
# TrustedCertificateFile=/etc/letsencrypt/live/client.your_domain/letsencrypt-combined-certs.pem

1
2
3
4
5
6

sudo apt install systemd-journal-upload
sudo systemctl enable systemd-journal-upload
sudo systemctl start systemd-journal-upload

# client certs
# sudo chown -R systemd-journal-remote:systemd-journal-remote /etc/systemd/journal-upload-ssl

1
2
3
4
5
6

# on server
sudo ls -lah /var/log/journal/remote/
sudo journalctl -f --file=/var/log/journal/remote/all.journal

# on client
logger -p syslog.debug "### TEST MESSAGE from client ###"

1
2
3
4
5
6
7

sudo journalctl --disk-usage
sudo journalctl --vacuum-size=200M
sudo journalctl --vacuum-time=2d


sudo journalctl --disk-usage --directory /var/log/journal/remote
sudo journalctl --directory /var/log/journal/remote --vacuum-time=1d