+1 to the centralized syslog server.
We take advantage of logstatsh and have looked at graylog2.
http://graylog2.org/
http://logstash.net/
Bonus link: selinux in puppet:
https://forge.puppetlabs.com/tags/selinux
Hope this helps your R&D let us know how you solve this.
George
On Tue, Sep 16, 2014 at 3:40 PM, David Cafaro <dac(a)cafaro.net> wrote:
You can tell audisp (
http://man7.org/linux/man-pages/man8/audispd.8.html
) to send all audit messages to syslog and then use a centralized syslog
system to collect your logs into a central repository. At that point you
can use your favorite log parsing tools to review your SELinux audit
messages (not to mention other items) at will.
Cheers,
David
On 09/16/2014 05:28 AM, Maurizio Pagani wrote:
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if
there is a method or product that collect all logs of SELinux and create a
mirror of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png
Let me know.
Thanks in advance.
Maurizio Pagani
--
selinux mailing
listselinux@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux