I would guess that it's trying to get info on the process connecting to it to
get full metadata. But I wouldn't expect that if you are using imjournal.
full rsyslog config please?
David Lang
On Tue, 20 Aug 2024, Andreas Hasenack via rsyslog wrote:
Date: Tue, 20 Aug 2024 11:58:24 -0300
From: Andreas Hasenack via rsyslog <rsyslog@lists.adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>
Cc: Andreas Hasenack <andr...@canonical.com>
Subject: [rsyslog] rsyslog trying to read /run/systemd/sessions/*
Hi,
I use an apparmor profile for rsyslogd, and recently became aware then
when an event like one triggered by this logger command:
logger -p user.emerg --tag check-journal EMERGENCY_MESSAGE
Will have rsyslogd (possibly via libsystemd?) try to read
/run/systemd/sessions/ and files therein.
Even though that read is denied by apparmor, I see the log message in
my terminal, and in the logs on disk as expected.
Does anybody know why it's reading those session files? Maybe to get a
list of TTYs in use in the system?
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
