On So, 25.11.18 15:07, Michał Zegan (webczat_200@xxxxxxxxxxxxxx) wrote: > Well, actually I would like a feature to filter out audit data when > looking at logs. I often do things like journalctl -o cat -f or > journalctl -o cat -b | less or something without targetting a single > unit or whatever, and in some cases I see a ton of those. I believe > there is no way to filter only audit messages but show the rest? journalctl currently does not implement negative filtering. However, since the set of transports journald supports is relatively small you can simply list them, thus putting together a positive filter instead. $ journalctl _TRANSPORT=driver _TRANSPORT=syslog _TRANSPORT=journal _TRANSPORT=kernel _TRANSPORT=stdout Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: journald vs auditd
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: journald vs auditd
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Mon, 26 Nov 2018 12:30:04 +0100
- Cc: systemd Mailing List <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <c268908e-bec6-379e-c48c-7c61d52a7f38@poczta.onet.pl>
- References: <ee5b7a71-7b97-7f74-1591-f4f96ca8dfc2@poczta.onet.pl> <20181125125325.GA24586@gardel-login> <c268908e-bec6-379e-c48c-7c61d52a7f38@poczta.onet.pl>
- References:
- journald vs auditd
- From: Michał Zegan
- Re: journald vs auditd
- From: Lennart Poettering
- Re: journald vs auditd
- From: Michał Zegan
- journald vs auditd
- Prev by Date: Re: journald vs auditd
- Next by Date: Re: systemd behavior during shutdown
- Previous by thread: Re: journald vs auditd
- Next by thread: [RFC PATCH 2/2] dt-bindings: allow suggesting usb bus number for usb platform busses
- Index(es):
 |