vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
Is your feature request related to a problem? Please describe.
If the system has enabled the auditd service, it will handle the audit logs that come from the kernel. In this situation, we can no longer consume the audit events of AppArmor and Seccomp through systemd-journald or syslog.
People have to either shut down the auditd service or configure an audisp plugin to forward the logs. However, it leads to a poor user experience and performance issues.
Describe the solution you'd like
Use a method similar to tail -F to retrieve the audit events.
Is your feature request related to a problem? Please describe. If the system has enabled the auditd service, it will handle the audit logs that come from the kernel. In this situation, we can no longer consume the audit events of AppArmor and Seccomp through systemd-journald or syslog. People have to either shut down the auditd service or configure an audisp plugin to forward the logs. However, it leads to a poor user experience and performance issues.
Describe the solution you'd like Use a method similar to
tail -Fto retrieve the audit events.