Your software write logs to journalctl anyway, so it doesn't make sense to make another file.
Because of this (and others who're already disabled logs like below) I suggest adding none as AuditBackend option:
#
# USBGuard Audit events log backend
#
# One of:
#
# * FileAudit - Log audit events into a file specified by
# AuditFilePath setting (see below)
# * LinuxAudit - Log audit events using the Linux Audit
# subsystem (using audit_log_user_message)
#
AuditBackend=FileAudit
#
# USBGuard audit events log file path.
#
AuditFilePath=/dev/null
Is equivalent to:
#
# USBGuard Audit events log backend
#
# One of:
#
# * FileAudit - Log audit events into a file specified by
# AuditFilePath setting (see below)
# * LinuxAudit - Log audit events using the Linux Audit
# subsystem (using audit_log_user_message)
# * None - Does not create a file. Logs will be written to journal anyway.
#
AuditBackend=None
#
# USBGuard audit events log file path.
#
AuditFilePath=/var/log/usbguard/audit.log <------------ this won't be used at all
See https://spectrum-os.org/git/nixpkgs/diff/nixos/modules/services/security/usbguard.nix?h=archive&id=afde337f4a931e879e0d7a6af5e077687ace926a&id2=eace830aa373518548aa5a4e00b87d62fbf20d04
+ # HACK: that way audit logs still land in the journal
+ AuditFilePath=/dev/null
Your software write logs to
journalctlanyway, so it doesn't make sense to make another file.Because of this (and others who're already disabled logs like below) I suggest adding none as AuditBackend option:
Is equivalent to:
See https://spectrum-os.org/git/nixpkgs/diff/nixos/modules/services/security/usbguard.nix?h=archive&id=afde337f4a931e879e0d7a6af5e077687ace926a&id2=eace830aa373518548aa5a4e00b87d62fbf20d04