On 03/19/2012 03:28 PM, Daniel J Walsh wrote:
On 03/19/2012 10:36 AM, Michael Cronenworth wrote:
Daniel J Walsh wrote:
We could put the info into systemd-journal.
Back when sendmail and logwatch were part of the default install,
it would have been nice to have SELinux activity reported in it. I
still use logwatch so it would still be useful for me to see log
data there.
Unless, of course, logwatch is obsolete and there's some new,
flashy systemd mail log that I'm supposed to be using that I wasn't
told of.
Well setroubleshoot-server does write to syslog when it interprets and
AVC.
On 03/19/2012 03:37 PM, Michał Piotrowski wrote:
W dniu 19 marca 2012 15:27 użytkownik Daniel J Walsh
<dwalsh@xxxxxxxxxx> napisał:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/19/2012 10:16 AM, Michał Piotrowski wrote:
setroubleshoot-server is the server componant. (dbus service)
setroubleshoot is the client componant.
We could put the info into systemd-journal.
It would be great if there was a possibility to send logs to other machines.
Lennart, what do you think about it? Centralized log system is nice feature.
Why not use rsyslog?
It certainly supports forwarding messages over network with something as
simple as:
/etc/rsyslog.d/remote.conf: :msg,contains,"avc:" @@central-box
You can consume the audit logs with the imfile input module and send out
messages as emails with ommail output module.
This is an existing infrastructure that you can probably leverage to
solve your use case.
Tomas
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
