Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora SELinux Support (http://www.linux-archive.org/fedora-selinux-support/)
-   -   Directing SElinux related logs to a dedicated log file (http://www.linux-archive.org/fedora-selinux-support/342629-directing-selinux-related-logs-dedicated-log-file.html)

"Anamitra Dutta Majumdar (anmajumd)" 03-16-2010 10:48 PM

Directing SElinux related logs to a dedicated log file
 
Hello
All,
*
We are trying to
ascertain if there is a way to make changes to the syslog configuration file and
direct all selinux related messages including sealerts to a separate dedicated
log file for SElinux.
*
Any pointers would
be greatly appreciated.
*
Thanks
Radha &
Anamitra
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

"Anamitra Dutta Majumdar (anmajumd)" 03-17-2010 07:23 PM

Directing SElinux related logs to a dedicated log file
 
Hi Sai,
*
We know that selinux messages get logged to
/var/log/messages. But what we want is to configure syslog such that the selinux
messages go to a dedicated file
e.g /var/log/selinux.log instead of getting logged to
/var/log/messages .. etc. In other words we want to find out if there is a well
defined syslog facility for the selinux
related messages.
*
Thanks
Anamitra



From: sai ganesh [mailto:ganesai@gmail.com]

Sent: Wednesday, March 17, 2010 5:57 AM
To: Anamitra Dutta
Majumdar (anmajumd)
Subject: Re: Directing SElinux related logs to a
dedicated log file





On Wed, Mar 17, 2010 at 5:18 AM, Anamitra Dutta Majumdar
(anmajumd) <anmajumd@cisco.com> wrote:



Hello All,
*
We are trying to ascertain if there is a
way to make changes to the syslog configuration file and direct all selinux
related messages including sealerts to a separate dedicated log file for
SElinux.
*
Any pointers would be greatly
appreciated.


Check the audit log which is /var/log/audit/audit.log if auditd is running,
all the logs related to se-linux must be appended there,otherwise
/var/log/messages.*--
s.saiganesh
“<--------May the
source be with you, but remember the KISS principle ;-)-------------->.
<-Fighting 4 Freedom->"


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux

Stephen Smalley 03-17-2010 07:28 PM

Directing SElinux related logs to a dedicated log file
 
On Tue, 2010-03-16 at 16:48 -0700, Anamitra Dutta Majumdar (anmajumd)
wrote:
> Hello All,
>
> We are trying to ascertain if there is a way to make changes to the
> syslog configuration file and direct all selinux related messages
> including sealerts to a separate dedicated log file for SElinux.
>
> Any pointers would be greatly appreciated.

It looks like rsyslog supports filters on the msg itself, in which case
you could have it redirect avc and SELinux messages. man rsyslog.conf

Alternatively you could use auditd and use audispd with your own plugin
to capture messages with type=AVC,USER_AVC, or SELINUX_ERR.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux


All times are GMT. The time now is 10:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.