4:28 a.m.
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if there
is a method or product that collect all logs of SELinux and create a mirror
of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png
Let me know.
Thanks in advance.
Maurizio Pagani
7:10 a.m.
Well it is just the audit.log so any tool that could collect the
audit.log would collect the SELinux logs.
You might want to look at http://linux.die.net/man/5/audisp-remote.conf
Which I believe can be setup to remote the logs.
On 09/16/2014 05:28 AM, Maurizio Pagani wrote:
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if
there is a method or product that collect all logs of SELinux and
create a mirror of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png
Let me know.
Thanks in advance.
Maurizio Pagani
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
3:40 p.m.
You can tell audisp (
http://man7.org/linux/man-pages/man8/audispd.8.html ) to send all audit
messages to syslog and then use a centralized syslog system to collect
your logs into a central repository. At that point you can use your
favorite log parsing tools to review your SELinux audit messages (not to
mention other items) at will.
Cheers,
David
On 09/16/2014 05:28 AM, Maurizio Pagani wrote:
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if
there is a method or product that collect all logs of SELinux and
create a mirror of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png
Let me know.
Thanks in advance.
Maurizio Pagani
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
4:16 p.m.
+1 to the centralized syslog server.
We take advantage of logstatsh and have looked at graylog2.
http://graylog2.org/
http://logstash.net/
Bonus link: selinux in puppet: https://forge.puppetlabs.com/tags/selinux
Hope this helps your R&D let us know how you solve this.
George
On Tue, Sep 16, 2014 at 3:40 PM, David Cafaro <dac(a)cafaro.net> wrote:
You can tell audisp (
http://man7.org/linux/man-pages/man8/audispd.8.html
) to send all audit messages to syslog and then use a centralized syslog
system to collect your logs into a central repository. At that point you
can use your favorite log parsing tools to review your SELinux audit
messages (not to mention other items) at will.
Cheers,
David
On 09/16/2014 05:28 AM, Maurizio Pagani wrote:
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if
there is a method or product that collect all logs of SELinux and create a
mirror of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png
Let me know.
Thanks in advance.
Maurizio Pagani
--
selinux mailing
listselinux@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
3510
days inactive
3510
days old
selinux@lists.fedoraproject.org
3 comments
4 participants
participants (4)
-
Daniel J Walsh -
David Cafaro -
Maurizio Pagani -
Robb III, George B.