On Tue, 2010-03-16 at 16:48 -0700, Anamitra Dutta Majumdar (anmajumd) wrote: > Hello All, > > We are trying to ascertain if there is a way to make changes to the > syslog configuration file and direct all selinux related messages > including sealerts to a separate dedicated log file for SElinux. > > Any pointers would be greatly appreciated. It looks like rsyslog supports filters on the msg itself, in which case you could have it redirect avc and SELinux messages. man rsyslog.conf Alternatively you could use auditd and use audispd with your own plugin to capture messages with type=AVC,USER_AVC, or SELINUX_ERR. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
