[apparmor] Reg. Apparmor logging query
Murali Selvaraj
murali.selvaraj2003 at gmail.com
Tue Feb 28 19:39:01 UTC 2023
Hi John,
I added below entries in one of my profiles which runs under complain mode.
*audit /var/** wl,*
As per my script to capture Apparmor logs, I am capturing journalctl -k for
every 30 mins in my log path (for instance, /tmp/logs/).
However, I could NOT see the expected log entry for this rule audit
"/var/** wl," from journalctl -k output.
I could see the logs seen if we use *journalctl -a*, but I do not want to
copy (to avoid the space) journalctl -a for every 30 mins as it has other
additional/debug log information.
Do we have any options/configuration to get these logs from
*journalctl -k *instead
of* journalctl -a*?
Thanks
Murali.S
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20230228/5bb6fd14/attachment.html>
More information about the AppArmor
mailing list