Apparently arbitrary messages are described as "Security"
Prompted by https://github.com/flathub/com.valvesoftware.Steam/issues/1166.
In Logs 45.beta, if I go to the Security tab, I see messages like:
JS LOG: Characters Application exiting
vte-spawn-[UUID].scope: Consumed 18.697s CPU time.
Started app-gnome-firefox-[PID].scope - Application launched by gsd-media-keys.
[session uid=1000 pid=2847] Successfully activated service 'org.freedesktop.Tracker3.Miner.Extract'
I don't understand on what basis these are treated as security-relevant. I would have expected something involving maybe high priorities and/or LOG_AUTH|LOG_AUTHPRIV
? But these messages are neither high-priority nor authentication-related.
For the one prefixed with [session uid=1000 pid=2847]
, in particular, I know that it's been logged by dbus-daemon with DBUS_SYSTEM_LOG_INFO
, which translates to LOG_DAEMON | LOG_INFO
.
I had a quick look at the Gnome Logs source code and it seems to be matching on _AUDIT_SESSION
? But that surely can't be right, and I must be misreading, because looking at journalctl -b -o json
, it seems that _AUDIT_SESSION
just means "this was logged by a process inside a user's session", with no particular indication of high (or low) relevance to security?