4.2.2.5 Ensure journald is not configured to send logs to rsyslog

Information

Data from journald should be kept in the confines of the service and not forwarded on to other services.

IF journald is the method for capturing logs, all logs of the system should be handled by journald and not forwarded to other logging mechanisms.

Solution

Edit the /etc/systemd/journald.conf file and ensure that ForwardToSyslog=yes is removed.

Restart the service:

# systemctl restart systemd-journal-upload

See Also

https://workbench.cisecurity.org/files/3796