Jonathan Billings wrote:
> On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth@xxxxxxxxx wrote:
>> I really am going crazy, trying to deal with the hourly logs from the
>> loghost. We've got 170+ servers and workstations... but a *very* large
>> percentage of what's showing up is from his bloody new fedora 22, with
>> its
>> idiot systemd logging of *ever* selinux message to /var/log/messages.
>
> systemctl enable auditd
> systemctl start auditd
>
> Now your SELinux (and other audit) logs are going to
> /var/log/audit/audit.log.
Um, no. That was where I started this thread - my manager updated his
fedora box from 20 to 22, and there's a bug about it
<https://bugzilla.redhat.com/show_bug.cgi?id=1227379>, where it appears
that the systemd folks have demanded *all* logs, and are multicast
spitting out the selinux logs *als0* to /var/log/messages.
And I just checked, and yes, auditd is running.
So I'm back to trying to find the correct syntax to filter all the
successes seen by auditd from getting to messages....
mark
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
