/etc/default in Fedora

[Tomas Heinrich]

On 03/19/2012 03:28 PM, Daniel J Walsh wrote:
> On 03/19/2012 10:36 AM, Michael Cronenworth wrote:
>> Daniel J Walsh wrote:
>>> We could put the info into systemd-journal.
>>
>> Back when sendmail and logwatch were part of the default install,
>> it would have been nice to have SELinux activity reported in it. I
>> still use logwatch so it would still be useful for me to see log
>> data there.
>>
>> Unless, of course, logwatch is obsolete and there's some new,
>> flashy systemd mail log that I'm supposed to be using that I wasn't
>> told of.
>
> Well setroubleshoot-server does write to syslog when it interprets and
> AVC.

On 03/19/2012 03:37 PM, Michał Piotrowski wrote:
> W dniu 19 marca 2012 15:27 użytkownik Daniel J Walsh
> <dwalsh at redhat.com>  napisał:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 03/19/2012 10:16 AM, Michał Piotrowski wrote:
>> setroubleshoot-server is the server componant. (dbus service)
>> setroubleshoot is the client componant.
>>
>> We could put the info into systemd-journal.
>
> It would be great if there was a possibility to send logs to other machines.
>
> Lennart, what do you think about it? Centralized log system is nice feature.

Why not use rsyslog?
It certainly supports forwarding messages over network with something as 
simple as:
/etc/rsyslog.d/remote.conf: :msg,contains,"avc:" @@central-box

You can consume the audit logs with the imfile input module and send out 
messages as emails with ommail output module.

This is an existing infrastructure that you can probably leverage to 
solve your use case.

Tomas