<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3660" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>Hi Sai,</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>We know that selinux messages get logged to
/var/log/messages. But what we want is to configure syslog such that the selinux
messages go to a dedicated file</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>e.g /var/log/selinux.log instead of getting logged to
/var/log/messages .. etc. In other words we want to find out if there is a well
defined syslog facility for the selinux</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>related messages.</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010></SPAN></FONT> </DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>Thanks</SPAN></FONT></DIV>
<DIV dir=ltr align=left><FONT face=Arial color=#0000ff size=2><SPAN
class=426561720-17032010>Anamitra</SPAN></FONT></DIV><BR>
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> sai ganesh [mailto:ganesai@gmail.com]
<BR><B>Sent:</B> Wednesday, March 17, 2010 5:57 AM<BR><B>To:</B> Anamitra Dutta
Majumdar (anmajumd)<BR><B>Subject:</B> Re: Directing SElinux related logs to a
dedicated log file<BR></FONT><BR></DIV>
<DIV></DIV><BR><BR>
<DIV class=gmail_quote>On Wed, Mar 17, 2010 at 5:18 AM, Anamitra Dutta Majumdar
(anmajumd) <SPAN dir=ltr><<A
href="mailto:anmajumd@cisco.com">anmajumd@cisco.com</A>></SPAN> wrote:<BR>
<BLOCKQUOTE class=gmail_quote
style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<DIV>
<DIV><FONT face=Arial size=2><SPAN>Hello All,</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN>We are trying to ascertain if there is a
way to make changes to the syslog configuration file and direct all selinux
related messages including sealerts to a separate dedicated log file for
SElinux.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN>Any pointers would be greatly
appreciated.</SPAN></FONT></DIV>
<DIV><BR></DIV></DIV></BLOCKQUOTE>
<DIV>Check the audit log which is /var/log/audit/audit.log if auditd is running,
all the logs related to se-linux must be appended there,otherwise
/var/log/messages. </DIV></DIV>-- <BR>s.saiganesh<BR>“<--------May the
source be with you, but remember the KISS principle ;-)-------------->.
<-Fighting 4 Freedom->"<BR><BR></BODY></HTML>