On Wed, 2005-11-30 at 05:38 -0800, Steve G wrote: > >You should do > > > >audit2allow -l < /var/log/audit/audit.log > > I would like to take this opportunity to point out that you should not be using > the audit logs directly. ausearch is the correct way to access the logs. I would > recommend: > > ausearch -m avc,selinux_err | audit2allow -l > > There's 3 reasons for this. 1) There may be more than 1 log file that needs to be > examined. ausearch automatically looks at all of them. You can restrict its > search by using the -ts & -te parameters. 2) Sometimes file names or sockets get > encoded and cannot be read without ausearch's interpretation...and 3) we may be > changing to binary log format at some point during fc5/6 time frame. Hmm...this should likely get reflected in the audit2allow man page... -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
