[systemd-devel] how to encrypt journalctl metadata
Lennart Poettering
lennart at poettering.net
Thu Aug 18 11:25:41 UTC 2016
On Wed, 17.08.16 12:10, Divya Thaluru (divya.thaluru at gmail.com) wrote:
> Hi,
>
> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…"
> for each message. Is there any way, can we encrypt metadata (commandline
> info) so sensitive information wont be stored.
>
> If encryption of metadata is not possible, can we disable collecting the
> metadata?
The journal does not support encryption, and it does not disable
collecting metadata implicitly. You may however turn off all storage
by the journal by setting Storage=none in journald.conf. In that mode
you may optionally connect another syslog daemon to it via
ForwardToSyslog=yes, which implements the features you are looking for.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list