On Tue, Jul 05, 2016 at 01:15:30AM +0200, Michał Zegan wrote: > Hello. > > There is a problem with current audit support in journald. it listens > for audit events, but those same audit events go to dmesg, making a lot > of garbage. There were patches for the kernel to not log to dmesg when journald is listening over netlink. I think they went in a while ago, so this should be fixed if you're using a new enough kernel.
> Also, in case of a selinux enabled system, it generates huge amount of > audit output even if you do not want that, for example, pam generates > audit events for all pam stacks being traversed during user login, and > in addition this is doubled because dmesg. > This is even more of a problem because you cannot for example tell > journalctl to get all logs except audit and things like that, so it hits > readability. Yeah. Zbyszek _______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
