[systemd-devel] filtering journal logs

[Michał Zegan]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are audit messages in _TRANSPORT=audit in systemd 219, or later only?

W dniu 2015-06-22 o 23:07, Lennart Poettering pisze:
> On Sat, 20.06.15 00:57, Michał Zegan (webczat_200 at poczta.onet.pl)
> wrote:
> 
>> Hello.
>> 
>> I am curious if it is possible or planned to add support for
>> pattern matching and/or negation matching in journal? for example
>> I would like to view everything except audit entries. Actually,
>> when we are at it, are audit entries actually distinguished now,
>> or not?
> 
> Yes, audit messages have _TRANSPORT=audit set.
> 
> There's currently no "negative" field matching, but we should add
> it, and it's on the TODO list for a while. It's not trivial to do
> nicely unfortunately, since the data structures are designed to
> find things effectively, but not skip things effectively... But
> certainly doable.
> 
> Lennart
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJViHsQAAoJEHb1CzgxXKwYTy4P/2zshMvx+fGgpXo/kwnQnA8W
EQhDl/W5j08+BNJ1NEsGhEyYNYYqR8h7aP7BRpNiz5PJ3ESUwfK09yy82NCD9WPX
4Ri/TU282vVg/v+HpPUBHbAZ09Bw4nXGYU+9jGfY9kUnC44dTHfzjEFbRbJzK80Q
rl26PKF7+Qq60qN3en52/mNSC/lVLGhuilklMQ2hEtlsAyD8VQUKeRdjzoP+izM8
nF1tl7M6cQwqQxBCKm7FR643k4GWzrIDWLtptjP43rysTwnunmN9dXuJnV0Tg4Jm
jqFHUQUkAPuQYG3Csv4d7WGuu8Esrn+C6oYVlsdonw1dvQo9lgyGhzYT+KNMWKFH
HSie7XjLvftq7xNSYDYnXNGZDCVRUMez6Ut8yeJwGe+9jeQyY1m/h8ajNdzRT3wy
Em6PbUrpdoo3tAt9/AKAiPLudKu/CQbqjC41JJWuTAZV0CJ5Vw3qqMlWXbgmrKNa
fKLbOwBoTQ8Q0as2iasl+F4UpCRrq8TIzALQOK5x668qmxNWytiO6Rua5FVsSb8M
oDC3rcKwWcHB4qI6i0kx1leUmcClSIybhM9XydQVT3xJch3/YE0J6wqccj3F/ytp
H+5LOoF++OseGVGoEiT1H5iCkAx8gaXEYrMB2xw6zmkcQ/SmRQP5bfUqPmyU8mnm
VIqdx87j1x3VLJXzCzzy
=dfuB
-----END PGP SIGNATURE-----