Hello there! I just wanted to ask about the sealing log feature because I can't make it work. I tried to set it up in the following way:
I stopped the journald service:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop
systemd-journald-dev-log.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop
systemd-journald-audit.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop
systemd-journald.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl stop
systemd-journald.service
Then I removed all files from the journal directory:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# rm -R *
Then next thing was to change the config file:
# egrep -v "^#" /etc/systemd/journald.conf
[Journal]
Storage=persistent
Compress=yes
Seal=yes
SplitMode=login
SyncIntervalSec=10m
RateLimitInterval=10s
RateLimitBurst=500
SystemMaxUse=300M
SystemMaxFileSize=16M
RuntimeMaxUse=16M
RuntimeMaxFileSize=8M
MaxFileSec=2week
ForwardToSyslog=no
ForwardToKMsg=no
ForwardToConsole=no
Then I generated the keys:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --setup-keys
--interval=60s
Generating seed...
Generating key pair...
Generating sealing key...
The new key pair has been generated. The secret sealing key has been written to
the following local file. This key file is automatically updated when the
sealing key is advanced. It should not be used on multiple hosts.
/var/log/journal/159815709bbc46c29ef786cfc497afd4/fss
Please write down the following secret verification key. It should be stored
at a safe location and should not be saved locally on disk.
4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700
The sealing key is automatically changed every 1min.
The keys have been generated for host
morfikownia/159815709bbc46c29ef786cfc497afd4.
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al
total 12K
drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:00:52 ./
drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../
-rw-------+ 1 root systemd-journal 482 2015-02-10 02:00:52 fss
Then I started the service:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start
systemd-journald.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start
systemd-journald-dev-log.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start
systemd-journald-audit.socket
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl start
systemd-journald.service
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# systemctl status
systemd-journald.service
● systemd-journald.service - Journal Service
Loaded: loaded (/lib/systemd/system/systemd-journald.service; static; vendor
preset: enabled)
Active: active (running) since Tue 2015-02-10 02:03:14 CET; 6s ago
Docs: man:systemd-journald.service(8)
man:journald.conf(5)
Main PID: 15359 (systemd-journal)
Status: "Processing requests..."
CGroup: /system.slice/systemd-journald.service
└─15359 /lib/systemd/systemd-journald
Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using
8.0M (max allowed 300.0M, trying to leave 1…00.0M).
Feb 10 02:03:14 morfikownia systemd-journal[15359]: Journal started
Warning: Journal has been rotated since unit was started. Log output is
incomplete or unavailable.
Hint: Some lines were ellipsized, use -l to show in full.
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# ls -al
total 8.1M
drwxr-sr-x+ 2 root systemd-journal 4.0K 2015-02-10 02:03:14 ./
drwxr-sr-x+ 3 root systemd-journal 4.0K 2015-02-03 01:25:36 ../
-rw-------+ 1 root systemd-journal 482 2015-02-10 02:03:14 fss
-rw-r-----+ 1 root systemd-journal 8.0M 2015-02-10 02:03:14 system.journal
And here's the thing -- before sealing, there's no problem with the log file:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify
--verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700
PASS: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal
=> No sealing yet, 1.794ms of entries not sealed.
But after the sealing:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl --verify
--verify-key 4d1177-5d7b1f-c524c8-36150a/16a05bc-3938700
0747c0: tag failed verification
File corruption detected at
/var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal:0747c0 (of
8388608 bytes, 5%).
FAIL: /var/log/journal/159815709bbc46c29ef786cfc497afd4/system.journal (Bad
message)
I checked the journal in order to see what's in there:
root:/var/log/journal/159815709bbc46c29ef786cfc497afd4# journalctl
-- Logs begin at Tue 2015-02-10 02:03:14 CET, end at Tue 2015-02-10 02:03:14
CET. --
Feb 10 02:03:14 morfikownia systemd-journal[15359]: Permanent journal is using
8.0M (max allowed 300.0M, trying to leave 1.7G f
Feb 10 02:03:14 morfikownia systemd-journald[259]: Received SIGTERM from PID 1
(systemd).
Feb 10 02:03:14 morfikownia systemd-journal[15359]: Journal started
And that's pretty much it.
I don't know why this isn't working, and it's always the same thing. No matter
what I try, it always fails to verify the log file.
I used the following versions (both of them):
# apt-cache policy systemd
systemd:
Installed: 218-7
Candidate: 218-7
Package pin: 218-7
Version table:
*** 218-7 995
130 http://ftp.pl.debian.org/debian/ experimental/main amd64 Packages
100 /var/lib/dpkg/status
215-11 995
500 http://ftp.pl.debian.org/debian/ sid/main amd64 Packages
Any ideas?
pgpQTotBkob0t.pgp
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
