ausearch_clear - Linux


ausearch_clear is a privileged command used to remove filtered audit records from audit caches. It operates on audit records that have been matched by the ausearch command.


ausearch_clear [-h] [-a] [-p] [-e] [-n] [-H HANDLE] [-f PATTERN] [-s] [-d] [-x] [-i] [-b]


  • -h, –help: Display the help message.
  • -a, –all: Clear all audit records.
  • -p, –pending: Clear pending audit records.
  • -e, –error: Clear error audit records.
  • -n, –new: Clear new audit records.
  • -H HANDLE, –handle HANDLE: Handle to the audit session.
  • -f PATTERN, –pattern PATTERN: Pattern to match against path name.
  • -s, –success: Include successful audit records.
  • -d, –describe: Display the audit record.
  • -x, –exclude: Exclude audit records that match PATTERN.
  • -i, –include: Include audit records that match PATTERN.
  • -b, –backlog: Clear the audit backlog.


Clear all audit records:

ausearch_clear -a

Clear pending audit records:

ausearch_clear -p

Clear new audit records:

ausearch_clear -n

Clear audit records matching a specific pattern:

ausearch_clear -f /home/user

Clear successful audit records:

ausearch_clear -s

Common Issues


  • Permission denied: Ensure that you have sufficient permissions to run the command.
  • Invalid pattern: Verify that the specified pattern is valid.


ausearch_clear can be used in conjunction with other Linux audit commands such as ausearch to filter and manage audit records.

Related Commands