On 7/13/21 8:29 AM, swarna latha wrote: > Hi, > > I would like to redirect the apparmor logs from journalctl to my log file, so > that i > get only apparmor logs, i can act on. > > Can you please let me know if there is any config option for this, or point > me to the code where I can specify my log file. >
apparmor uses the kernel audit subsystem. If you install auditd its messages will go through auditd and you would configure filtering rules there. If you are not using auditd then the messages will go through the kernel dmesg buffer and be picked up as part of the kernel log. In this case you will need to configure your userspace audit system, systemd, syslog, rsyslog ... to filter the rules to a separate file. Each of these systems are capable of doing this, however the details of doing it in each one are different. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
