[systemd-devel] How to get rid of audit logs only from the systemd journal?
Mikhail Morfikov
mmorfikov at gmail.com
Tue Apr 10 10:02:46 UTC 2018
I'm using AppArmor and it sometimes returns many audit logs. By default there
was something like this in the journal:
... audit[1397]: AVC apparmor= ...
... kernel: audit: type=1400 audit(1523275695.613:76): apparmor= ...
So there are two entries and they carry the same message. So the message is
doubled. The first message disappears when systemd-journald-audit.socket is
masked, but what about the second message?
Basically I want to remove the AppArmor logs only from the journal and not from
the whole system. They could be logged by rsyslog and placed in some file/FIFO
device.
Is there a way to get rid of the second message from the journal only somehow?
--
Morfik
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20180410/5933e751/attachment.sig>
More information about the systemd-devel
mailing list