Thanks Mantas!!! In my case, metadata "cmdline" had sensitive information which I am not intended to store. Is there any way to disable collecting metadata?
Thanks, Divya On Wed, Aug 17, 2016 at 12:55 PM, Mantas Mikulėnas <graw...@gmail.com> wrote: > On Wed, Aug 17, 2016 at 10:10 PM, Divya Thaluru <divya.thal...@gmail.com> > wrote: > >> Hi, >> >> Journalctl stores metadata like "_UID,_GID,_CMDLINE,_SYSTEMD_CGROUP >> etc…" for each message. Is there any way, can we encrypt metadata >> (commandline info) so sensitive information wont be stored. >> >> If encryption of metadata is not possible, can we disable collecting the >> metadata? >> > > Store your logs in a LUKS volume. There's no built-in encryption in > journald. > > And... quite frankly, I cannot imagine how service name or its UID would > be more sensitive than the messages themselves? It seems the opposite of > every single system I've seen. The *messages* often contain sensitive > information, whereas PIDs or service names are mostly generic info. > > Just set up a LUKS container for /var/log. > > -- > Mantas Mikulėnas <graw...@gmail.com> >
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel