Hello there! I just wanted to ask about the sealing log feature because I can't make it work. I tried to set it up in the following way:
I stopped the journald service: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald-dev-log.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald-audit.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop systemd-journald.service Then I removed all files from the journal directory: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# rm -R * Then next thing was to change the config file: # egrep -v "^#" /etc/systemd/journald.conf [Journal] Storage=persistent Compress=yes Seal=yes SplitMode=login SyncIntervalSec=10m RateLimitInterval=10s RateLimitBurst=500 SystemMaxUse=300M SystemMaxFileSize=16M RuntimeMaxUse=16M RuntimeMaxFileSize=8M MaxFileSec=2week ForwardToSyslog=no ForwardToKMsg=no ForwardToConsole=no Then I generated the keys: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --setup-keys --interval=60s Generating seed... Generating key pair... Generating sealing key... The new key pair has been generated. The secret sealing key has been written to the following local file. This key file is automatically updated when the sealing key is advanced. It should not be used on multiple hosts. /var/log/journal/159815709bbc46c29ef786cfc497afd4/fss Please write down the following secret verification key. It should be stored at a safe location and should not be saved locally on disk. 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 The sealing key is automatically changed every 1min. The keys have been generated for host morfikownia/159815709bbc46c29ef786cfc497afd4. root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al total 12K drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:00:52 ./ drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../ -rw-------+ 1 root systemd-journal 482 2015-02-10 02:00:52 fss Then I started the service: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald-dev-log.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald-audit.socket root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start systemd-journald.service root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl status systemd-journald.service ● systemd-journald.service - Journal Service Loaded: loaded (/lib/systemd/system/systemd-journald.service; static; vendor preset: enabled) Active: active (running) since Tue 2015-02-10 02:03:14 CET; 6s ago Docs: man:systemd-journald.service(8) man:journald.conf(5) Main PID: 15359 (systemd-journal) Status: "Processing requests..." CGroup: /system.slice/systemd-journald.service └─15359 /lib/systemd/systemd-journald Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using 8.0M (max allowed 300.0M, trying to leave 1…00.0M). Feb 10 02:03:14 morfikownia systemd-journal[15359]: Journal started Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable. Hint: Some lines were ellipsized, use -l to show in full. root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al total 8.1M drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:03:14 ./ drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../ -rw-------+ 1 root systemd-journal 482 2015-02-10 02:03:14 fss -rw-r-----+ 1 root systemd-journal 8.0M 2015-02-10 02:03:14 system.journal And here's the thing -- before sealing, there's no problem with the log file: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify --verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 PASS: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal => No sealing yet, 1.794ms of entries not sealed. But after the sealing: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify --verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700 0747c0: tag failed verification File corruption detected at /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal:0747c0 (of 8388608 bytes, 5%). FAIL: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal (Bad message) I checked the journal in order to see what's in there: root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl -- Logs begin at Tue 2015-02-10 02:03:14 CET, end at Tue 2015-02-10 02:03:14 CET. -- Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using 8.0M (max allowed 300.0M, trying to leave 1.7G f Feb 10 02:03:14 morfikownia systemd-journald[259]: Received SIGTERM from PID 1 (systemd). Feb 10 02:03:14 morfikownia systemd-journal[15359]: Journal started And that's pretty much it. I don't know why this isn't working, and it's always the same thing. No matter what I try, it always fails to verify the log file. I used the following versions (both of them): # apt-cache policy systemd systemd: Installed: 218-7 Candidate: 218-7 Package pin: 218-7 Version table: *** 218-7 995 130 http://ftp.pl.debian.org/debian/ experimental/main amd64 Packages 100 /var/lib/dpkg/status 215-11 995 500 http://ftp.pl.debian.org/debian/ sid/main amd64 Packages Any ideas?
pgpQTotBkob0t.pgp
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel