Hello. There is a problem with current audit support in journald. it listens for audit events, but those same audit events go to dmesg, making a lot of garbage. Also, in case of a selinux enabled system, it generates huge amount of audit output even if you do not want that, for example, pam generates audit events for all pam stacks being traversed during user login, and in addition this is doubled because dmesg. This is even more of a problem because you cannot for example tell journalctl to get all logs except audit and things like that, so it hits readability.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
