How avoid unwanted systemd-journald?
Olav Vitters
olav at vitters.nl
Mon Nov 18 20:11:44 UTC 2013
On Mon, Nov 18, 2013 at 04:48:32PM +1030, Tim wrote:
> Tim:
> >> And if logs are in a format that you cannot read, you cannot safely
> >> submit them to an outside server. You don't know what they contain.
> >> Logon credentials, confidential data that you're working on, etc.
>
> Patrick Lists:
> > IIRC that's the reason why journald supports encryption. I don't
> > recall the link but there's a blog post somewhere (on redhat.com?)
> > where the reasons for moving to journald were outlined. Might be worth
> > a search if you want to know more.
>
> If my logs might contain confidential data, there's no way I'm
> submitting them to something else to assess (e.g. bug reports).
> Encrypting isn't the issue, it's (me) being unable to tell what's in
> them, nor edit the confidential stuff out of it beforehand.
You can read it with journalctl. You can have syslog running beside it.
You can still inspect it with strings (because there isn't any
compression). You can forward it to another server (like syslog) or just
use syslog itself.
AFAIK there is no encryption in the journal, only Forward Secure Sealing
(FSS), where things are hashed. See man journalctl for more information
on that.
--
Regards,
Olav
More information about the users
mailing list