+1 to the centralized syslog server.
We take advantage of logstatsh and have looked at graylog2.
http://graylog2.org/
http://logstash.net/
Bonus link: selinux in puppet: https://forge.puppetlabs.com/tags/selinuxWe take advantage of logstatsh and have looked at graylog2.
http://graylog2.org/
http://logstash.net/
On Tue, Sep 16, 2014 at 3:40 PM, David Cafaro <dac@xxxxxxxxxx> wrote:
You can tell audisp ( http://man7.org/linux/man-pages/man8/audispd.8.html ) to send all audit messages to syslog and then use a centralized syslog system to collect your logs into a central repository. At that point you can use your favorite log parsing tools to review your SELinux audit messages (not to mention other items) at will.
Cheers,
David
On 09/16/2014 05:28 AM, Maurizio Pagani wrote:
Hi everybody.
I'll want configure SELinux in 1000+ Systems, but i need to know, if there is a method or product that collect all logs of SELinux and create a mirror of what are happening in the systems.
An example is snorby for suricata or snort (IDS/IPS):
Let me know.
Thanks in advance.
Maurizio Pagani
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
