Thanks Mantas!!! In my case, metadata "cmdline" had sensitive information
which I am not intended to store. Is there any way to disable collecting
metadata?

Thanks,
Divya



On Wed, Aug 17, 2016 at 12:55 PM, Mantas Mikulėnas <graw...@gmail.com>
wrote:

> On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru <divya.thal...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP
>> etc…" for each message. Is there any way, can we encrypt metadata
>> (commandline info) so sensitive information wont be stored.
>>
>> If encryption of metadata is not possible, can we disable collecting the
>> metadata?
>>
>
> Store your logs in a LUKS volume. There's no built-in encryption in
> journald.
>
> And... quite frankly, I cannot imagine how service name or its UID would
> be more sensitive than the messages themselves? It seems the opposite of
> every single system I've seen. The *messages* often contain sensitive
> information, whereas PIDs or service names are mostly generic info.
>
> Just set up a LUKS container for /var/log.
>
> --
> Mantas Mikulėnas <graw...@gmail.com>
>
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to