[systemd-devel] audit support weirdness

MichaƂ Zegan webczat_200 at poczta.onet.pl
Mon Jul 4 23:15:30 UTC 2016


Hello.

There is a problem with current audit support in journald. it listens
for audit events, but those same audit events go to dmesg, making a lot
of garbage.
Also, in case of a selinux enabled system, it generates huge amount of
audit output even if you do not want that, for example, pam generates
audit events for all pam stacks being traversed during user login, and
in addition this is doubled because dmesg.
This is even more of a problem because you cannot for example tell
journalctl to get all logs except audit and things like that, so it hits
readability.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 510 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20160705/699d452b/attachment-0001.sig>


More information about the systemd-devel mailing list