.svg "Rudd-O.com"){kind=logo}
How to view audit logs in systemd journal
Note to self: hard trick to solve.
Sometimes you want to check the journal for audit events (e.g. you're diagnosing a SELinux issue). This is the magic trick:
journalctl _TRANSPORT=audit
The _TRANSPORT query limits the journal output to only audit log entries.