Create AppArmorJournald

2025-03-04 08:24:42 +01:00 · 2022-02-04 21:05:23 +00:00 · 2022-02-04 21:05:23 +00:00 · 5d29bfcd08
commit 5d29bfcd08
parent c364cdd9e6
1 changed files with 45 additions and 0 deletions
--- a/AppArmorJournald.md
+++ b/AppArmorJournald.md
@ -0,0 +1,45 @@
+# Introduction
+
+???
+
+# AppArmor tools
+
+Some versions of the AppArmor tools do not directly support systemd journal. When this is the case there are 3 possible workaround that will enable the use of the AppArmor tools on such a system.
+
+
+## 1. Redirect systemd logout into aa-logprof
+
+```
+aa-logprof -f <(journalctl -b --no-tail | grep -i apparmor)
+```
+
+or when using sudo
+
+```
+sudo bash -c "aa-logprof -f <(journalctl -b --no-tail | grep -i apparmor)"
+```
+
+
+## 2. Install auditd
+
+If auditd is install and enabled AppArmor messages will then go to the audit log which is directly supported by the AppArmor tools.
+
+## 3. enable forwarding to syslog
+
+If there is a syslog daemon running on the system journald can forward log messages to syslog. Edit the journald conf
+
+```
+sudo nano /etc/systemd/journald.conf
+
+and add
+
+...
+
+[Journal]
+
+ForwardToSyslog=yes
+
+MaxLevelSyslog=debug
+```
+
+aa-logprof can then pickup the messages from the syslog.