Re: rsyslog.conf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Jonathan Billings wrote:
> On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth@xxxxxxxxx wrote:
>> I really am going crazy, trying to deal with the hourly logs from the
>> loghost. We've got 170+ servers and workstations... but a *very* large
>> percentage of what's showing up is from his bloody new fedora 22, with
>> its
>> idiot systemd logging of *ever* selinux message to /var/log/messages.
>
> systemctl enable auditd
> systemctl start auditd
>
> Now your SELinux (and other audit) logs are going to
> /var/log/audit/audit.log.

Um, no. That was where I started this thread - my manager updated his
fedora box from 20 to 22, and there's a bug about it
<https://bugzilla.redhat.com/show_bug.cgi?id=1227379>, where it appears
that the systemd folks have demanded *all* logs, and are multicast
spitting out the selinux logs *als0* to /var/log/messages.

And I just checked, and yes, auditd is running.

So I'm back to trying to find the correct syntax to filter all the
successes seen by auditd from getting to messages....

       mark

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux