Hello all, systemd 218 now enables audit in the kernel unconditionally [1]. While these messages might be nice to have in the journal, they literally flood dmesg and thus /var/log/syslog and friends with messages like
[39098.129349] audit: type=1105 audit(1419765421.403:4233): pid=25633 uid=0 auid=0 ses=20 msg='op=PAM:session_open acct="root" exe="/usr/sbin/cron" hostname=? addr=? terminal=cron res=success' $ dmesg |grep -c audit 786 and more importantly, eats a lot of real kernel/daemon messages due to rate limiting: I have many dozen messages like [37444.978307] audit_printk_skb: 222 callbacks suppressed and they demonstrably cause e. g. AppArmor violations to not get shown due to this. Is there a way to make the audit messages *only* go to the journal, but not to dmesg and sysloggers? If not, could we perhaps add a ./configure or config file option for this, to disable audit on systems where we don't need it? Thanks, Martin [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=4d9ced995 -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel