FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support
Reload this Page Directing SElinux related logs to a dedicated log file

 
 
LinkBack Thread Tools
 
Old 03-16-2010, 10:48 PM
"Anamitra Dutta Majumdar (anmajumd)"
 
Default Directing SElinux related logs to a dedicated log file
Hello
All,
*
We are trying to
ascertain if there is a way to make changes to the syslog configuration file and
direct all selinux related messages including sealerts to a separate dedicated
log file for SElinux.
*
Any pointers would
be greatly appreciated.
*
Thanks
Radha &
Anamitra
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-17-2010, 07:23 PM
"Anamitra Dutta Majumdar (anmajumd)"
 
Default Directing SElinux related logs to a dedicated log file
Hi Sai,
Â*
We know that selinux messages get logged to
/var/log/messages. But what we want is to configure syslog such that the selinux
messages go to a dedicated file
e.g /var/log/selinux.log instead of getting logged to
/var/log/messages .. etc. In other words we want to find out if there is a well
defined syslog facility for the selinux
related messages.
Â*
Thanks
Anamitra



From: sai ganesh [mailto:ganesai@gmail.com]

Sent: Wednesday, March 17, 2010 5:57 AM
To: Anamitra Dutta
Majumdar (anmajumd)
Subject: Re: Directing SElinux related logs to a
dedicated log file





On Wed, Mar 17, 2010 at 5:18 AM, Anamitra Dutta Majumdar
(anmajumd) <anmajumd@cisco.com> wrote:



Hello All,
Â*
We are trying to ascertain if there is a
way to make changes to the syslog configuration file and direct all selinux
related messages including sealerts to a separate dedicated log file for
SElinux.
Â*
Any pointers would be greatly
appreciated.


Check the audit log which is /var/log/audit/audit.log if auditd is running,
all the logs related to se-linux must be appended there,otherwise
/var/log/messages.Â*--
s.saiganesh
“<--------May the
source be with you, but remember the KISS principle ;-)-------------->.
<-Fighting 4 Freedom->"


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-17-2010, 07:28 PM
Stephen Smalley
 
Default Directing SElinux related logs to a dedicated log file
On Tue, 2010-03-16 at 16:48 -0700, Anamitra Dutta Majumdar (anmajumd)
wrote:
> Hello All,
>
> We are trying to ascertain if there is a way to make changes to the
> syslog configuration file and direct all selinux related messages
> including sealerts to a separate dedicated log file for SElinux.
>
> Any pointers would be greatly appreciated.

It looks like rsyslog supports filters on the msg itself, in which case
you could have it redirect avc and SELinux messages. man rsyslog.conf

Alternatively you could use auditd and use audispd with your own plugin
to capture messages with type=AVC,USER_AVC, or SELINUX_ERR.

--
Stephen Smalley
National Security Agency

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 11:14 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org

Contact Us - Linux Archive - Archive - Top -