On Thu, 2004-12-30 at 20:03, Karsten Wade wrote: > aiui, this is just /var/log/messages. > > Flask is a framework, and the documentation tends to be vague about > particulars like where you choose to put audit logs. SELinux, the > implementation of Flask, generally uses /var/log/messages, but I'm sure > even that could be different if you wanted. By default, SELinux (via the kernel audit framework) logs using the normal kernel logging facility, i.e. kernel -> klogd -> syslogd, and then syslogd dispatches based on /etc/syslog.conf, typically to /var/log/messages. However, the kernel audit framework will instead dispatch the audit messages to an audit daemon if one is present; work on an audit daemon is ongoing - see the linux-audit mailing list. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
