Skip to content

4.2.1.5 Ensure journald is not configured to send logs to rsyslog

Audit#

IF journald is the method for capturing logs

Review /etc/systemd/journald.conf and verify that logs are not forwarded to rsyslog. 

# grep ^\s*ForwardToSyslog /etc/systemd/journald.conf

Verify that there is no output.

Remediation#

Edit the /etc/systemd/journald.conf file and ensure that ForwardToSyslog=yes is removed.

Restart the service: 

# systemctl restart systemd-journald