[systemd-devel] how to encrypt journalctl metadata

Lennart Poettering lennart at poettering.net
Thu Aug 18 11:25:41 UTC 2016


On Wed, 17.08.16 12:10, Divya Thaluru (divya.thaluru at gmail.com) wrote:

> Hi,
> 
> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP etc…"
> for each message. Is there any way, can we encrypt metadata (commandline
> info) so sensitive information wont be stored.
> 
> If encryption of metadata is not possible, can we disable collecting the
> metadata?

The journal does not support encryption, and it does not disable
collecting metadata implicitly. You may however turn off all storage
by the journal by setting Storage=none in journald.conf. In that mode
you may optionally connect another syslog daemon to it via
ForwardToSyslog=yes, which implements the features you are looking for.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list