Directing SElinux related logs to a dedicated log file
Stephen Smalley
sds at tycho.nsa.gov
Wed Mar 17 20:28:41 UTC 2010
On Tue, 2010-03-16 at 16:48 -0700, Anamitra Dutta Majumdar (anmajumd)
wrote:
> Hello All,
>
> We are trying to ascertain if there is a way to make changes to the
> syslog configuration file and direct all selinux related messages
> including sealerts to a separate dedicated log file for SElinux.
>
> Any pointers would be greatly appreciated.
It looks like rsyslog supports filters on the msg itself, in which case
you could have it redirect avc and SELinux messages. man rsyslog.conf
Alternatively you could use auditd and use audispd with your own plugin
to capture messages with type=AVC,USER_AVC, or SELINUX_ERR.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list