How do I redirect Google Chrome Logs out of my kern.log

google-chrome logging

I have hundreds of these log entries:

Feb 13 16:46:56 XXXX kernel: [42982.178922] type=1701 audit(1360799216.852:1514): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5529 comm="chrome" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f3060b476b0 code=0x50000
Feb 13 16:46:56 XXXX kernel: [42982.178943] type=1701 audit(1360799216.852:1515): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=5529 comm="chrome" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f3060b476b0 code=0x50000

This behavior is explained here: Why is there "seccomp" events related to Google Chrome in syslog?.

How do I redirect them out of my kern.log file?

I plan to figure out this log later, but I have other projects that would be easier with a smaller kern.log file.

I have seen this: How to enable logging for Google Chrome in Ubuntu 12.04?

The file mentioned is not under my home folder.

Default install. Edit: Basic plug-ins. Single profile. Checked the menu item and the only option %U (no --debug or anything like that)

about:

Google Chrome   24.0.1312.69 (Official Build 180721)
OS  Linux 
WebKit  537.17 (@140072)
JavaScript  V8 3.14.5.6
Flash   11.5.31.139
User Agent  Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko)
Chrome/24.0.1312.69 Safari/537.17

Solution 1:

If using an open source version of Chrome (like on Ubuntu the version installed with sudo apt-get install chromium-browser) then redirecting the seccomp logging requires a slightly-different rsyslogd filter.

For reference Chromium syslog messages look like this:

Feb 23 17:33:16 XXX kernel: [507549.071917] type=1701 audit(1393194796.933:3999): auid=4294967295 uid=1000 gid=1000 ses=4294967295 pid=21016 comm="chromium-browse" reason="seccomp" sig=0 syscall=2 compat=0 ip=0x7f2b40940eb0 code=0x50001

And building on stsquad's answer, here is an /etc/rsyslog.d/30-seccomp.conf that's been generalized to work with both Google Chrome and open source Chromium:

if $msg contains ' reason="seccomp"' and $msg contains ' comm="chrom' \
  then -/var/log/chrome-seccomp.log
& ~

Related

How do I use Wubi in a "Frozen Disk" environment (aka computer labs)
ASP.NET Core MVC - Opening a Bootstrap modal view using a hyperlink
Link to specific line(s) of code in stash / bitbucket?
Why does the length of the elements in the list shrink? [closed]
Different colors for different keywords in listing environment doesn't work
Go vanity imports, unrecognized import path, no-import meta tags
How to dynamically register class in a factory class at runtime period with c++
Redirect to login when unauthorized in ASP.NET Core
SELECTING multiple copies of some rows, single copies of others for INSERT
Union all not returning data
Reduce memory usage of AVAssetWriter
TypeScript type to string literal [duplicate]