On Tue, 2010-03-16 at 16:48 -0700, Anamitra Dutta Majumdar (anmajumd)
We are trying to ascertain if there is a way to make changes to the
syslog configuration file and direct all selinux related messages
including sealerts to a separate dedicated log file for SElinux.
Any pointers would be greatly appreciated.
It looks like rsyslog supports filters on the msg itself, in which case
you could have it redirect avc and SELinux messages. man rsyslog.conf
Alternatively you could use auditd and use audispd with your own plugin
to capture messages with type=AVC,USER_AVC, or SELINUX_ERR.
National Security Agency