5.1.2.5 Ensure journald is not configured to send logs to rsyslog

Information

Data from journald should be kept in the confines of the service and not forwarded on to other services.

IF journald is the method for capturing logs, all logs of the system should be handled by journald and not forwarded to other logging mechanisms.

Note: This recommendation only applies if journald is the chosen method for client side logging. Do not apply this recommendation if rsyslog is used.

Solution

Edit the /etc/systemd/journald.conf file and ensure that ForwardToSyslog=yes is removed.

Restart the service:

# systemctl restart systemd-journald.service

See Also

https://workbench.cisecurity.org/benchmarks/15288