You are not logged in.
- Topics: Active | Unanswered
#1 2016-12-10 13:41:53
- whoops
- Member
- Registered: 2009-03-19
- Posts: 891
fetch journal from remote server / secure systemd-journal-gatewayd?
So, I'm trying to fetch the journal (with my home archlinux PC) from a (static IP + domain) archlinux server.
( Simply using journalctl over ssh turned out way too messy + looses connection a lot. )
systemd-journal-gatewayd (running on server) and systemd-journal-remote (running on PC / client) sounded like the right tools to do that... but documentation on both seems a bit... terrible. Especially, I can't figure out how to secure the systemd-journal-gatewayd (at first I thought I could set up the certificates mentioned in journal-remote.conf between server and client... kind of like ssh... somehow... but I failed and I'm not sure that's how it's supposed to work any more).
That's a bit old and was the only relevant thing I could find:
http://systemd-devel.freedesktop.narkiv … l-gatewayd
Supporting SSL means it's possible to set up an authority that only
signs certificates you want to access the gateway. It's not
sophisticated, but it's definitely a usable access-control mechanism.
Aaaand... I'm not sure what it means.
Does that sound like I'm totally on the wrong track?
Is there a different / better way to fetch the journal?
Offline
#2 2016-12-10 18:09:14
- x33a
- Forum Fellow
- Registered: 2009-08-15
- Posts: 4,587
Re: fetch journal from remote server / secure systemd-journal-gatewayd?
From what I can understand, it supports SSL. The comment that you quoted means that only clients for whom you generate SSL certificates should be able to connect. This of course implies that you set up your own CA.
Offline
#3 2016-12-10 19:22:30
- whoops
- Member
- Registered: 2009-03-19
- Posts: 891
Re: fetch journal from remote server / secure systemd-journal-gatewayd?
I think, that's what I tried to do with the certificates... but I'm a bit out of my depth here. I generated a private key + signed a certificate on the server and verified with curl that https is working.
If it works anything like apache... I would have to make the server (in this case the microhttp server which gatewayd runs) request + verify the client certificate (instead of just the other way around) somehow explicitly? But as far as I can see "gatewayd" is just offering up normal https connection to everyone and I can't find an option to stop that.
I can't tell if I'm doing it wrong or if that feature is even really implemented...
And I still haven't found another way to watch my server journal -.-
( "journalctl -f" over ssh doesn't work at all after the first few lines - it just stops... tried some scripting but despite a lot of useless tweaking & searching, my ssh connection just isn't stable enough with long running scripts... I am almost desperate enough to try piping the stupid journal trough an IRC server at this point T_T )
Last edited by whoops (2016-12-10 19:23:43)
Offline
#4 2016-12-13 09:18:50
- x33a
- Forum Fellow
- Registered: 2009-08-15
- Posts: 4,587
Re: fetch journal from remote server / secure systemd-journal-gatewayd?
Perhaps it would be better if you post this on some systemd related mailing list. I doubt many people use this feature.
Offline