Description:Journald includes the capability of rotating log files regularly to avoid filling up the system with logs or making the logs unmanageably large. The file /etc/systemd/journald.conf is the configuration file used to specify how logs generated by Journald should be rotated. Rationale: By keeping the log files smaller and more manageable, a system administrator can easily archive these files to another system and spend less time looking through inordinately large log files. Audit: Review /etc/systemd/journald.conf and verify logs are rotated according to site policy. The SystemMaxUse parameter for log rotation sets the maximum disk space that journal files may use up. The default is 10% of the size of the respective file system. You can set it to a specific size or percentage according to your preferences and available disk space.Remediation:Review /etc/systemd/journald.conf and verify logs are rotated according to site policy. The settings should be carefully understood as there are specific edge cases and prioritization of parameters.Here value for SystemMaxUse is set to 500M. The "M" stands for megabytes.You can use other size units as well.

[Size in MB, Size in MB, Size in MB, Size in MB, Max days]

Review /etc/systemd/journald.conf and verify logs are rotated according to site policy. The settings should be carefully understood as there are specific edge cases and prioritization of parameters