[systemd-devel] journald vs auditd
Lennart Poettering
lennart at poettering.net
Mon Nov 26 11:30:04 UTC 2018
On So, 25.11.18 15:07, MichaĆ Zegan (webczat_200 at poczta.onet.pl) wrote:
> Well, actually I would like a feature to filter out audit data when
> looking at logs. I often do things like journalctl -o cat -f or
> journalctl -o cat -b | less or something without targetting a single
> unit or whatever, and in some cases I see a ton of those. I believe
> there is no way to filter only audit messages but show the rest?
journalctl currently does not implement negative filtering. However,
since the set of transports journald supports is relatively small you
can simply list them, thus putting together a positive filter instead.
$ journalctl _TRANSPORT=driver _TRANSPORT=syslog _TRANSPORT=journal _TRANSPORT=kernel _TRANSPORT=stdout
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list