diff --git a/modules/journalwatch.nix b/modules/journalwatch.nix
index 535aa96..569433e 100644
--- a/modules/journalwatch.nix
+++ b/modules/journalwatch.nix
@@ -67,18 +67,6 @@
         match = "_TRANSPORT = kernel";
       }
 
-      #
-      # _EXE
-      #
-
-      { # yodaNas
-        filters = ''
-          # Ignore any invocation of sudo.
-          .*
-        '';
-        match = "_EXE = //nix/store/[a-z0-9]+-sudo-[0-9]+\\.[0-9]+\\.[0-9]+[a-z0-9]+/bin/sudo/";
-      }
-
       #
       # _SYSTEMD_CGROUP
       #
@@ -405,9 +393,13 @@
         '';
         match = "SYSLOG_IDENTIFIER = sshd";
       }
-      { # yodaTux. If the user `yoda` runs a command with `sudo`.
+      {
         filters = ''
+          # yodaTux. If the user `yoda` runs a command with `sudo`.
           \s+yoda : TTY=pts/[0-9] ; PWD=/\S+ ; USER=root ; COMMAND=/.+
+          # yodaNas. If the btrbk service is run.
+          \s+btrbk : PWD=/ ; USER=root ; COMMAND=/.+
+          \s+root : PWD=/ ; USER=root ; COMMAND=/nix/store/[a-z0-9]+-btrfs-progs-[0-9\.]+/bin/btrfs (subvolume show|subvolume delete --commit-each|send|receive) .+
         '';
         match = "SYSLOG_IDENTIFIER = sudo";
       }