[systemd-devel] how to encrypt journalctl metadata

Lennart Poettering lennart at poettering.net
Thu Aug 18 15:00:41 UTC 2016

On Thu, 18.08.16 15:55, Mikhail Kasimov (mikhail.kasimov at gmail.com) wrote:

> Hello!
> Personally, don't we have philosophical contradiction here? -- Journal is
> positioned as syslog alternative with more wide functionality, but in
> current case we offer to turn off whole journal to make functionality only
> as transport. No problem, but is RFE to incorporate ExcludeMetaData=
> parameter to /journald.conf acceptable here?

No, we explicitly never had the goal to be as featureful as rsyslog or
syslog-ng. The journal has a different feature set, and puts a strong
emphasis on structured log events, implicit metadata and indexed
lookups. It's completely OK if people look for a different feature set
and it's easy to install a different logger side-by-side to journald
and it will get all the same data the journal gets.

Quite frankly, I am very much against turning the journal into
something that processes log data at collection time with matches and
regexes and suchlike. If you don't want the journal to collect
metadata, then the journal is probably not the tool you want, but
something else, and in that case turn stroage in it off, and just use
it as a multiplexer that collects data from all the various sources
and passes it to the syslog implementation of your choice.

Of course, you'll lose all the journal hook-up in tools like
"systemctl status" if you don#t use the journal, but I think that's a
fair deal. 


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list