-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2011 11:07 PM, Jason Axelson wrote: > Hi, > > I am writing a program that will monitor the SELinux log for AVC > violations and deal with them appropriately. Currently I am looking > at approaches to monitor the SELinux log. > > One approach is to do raw monitoring of /var/log/audit/audit.log > with something like: tail -f /var/log/audit/audit.log | ausearch -m > avc > > A second approach may be to implement an SETroubleShoot plugin: > https://fedorahosted.org/setroubleshoot/wiki/SETroubleShoot%20Overview > > I'm kind of leaning towards an SETroubleShoot plugin since it > seems like less new development and the infrastructure seems to be > already there. > > Is this a valid approach? Is there a better way? > > Thanks, Jason > > -- This message was distributed to subscribers of the selinux > mailing list. If you no longer wish to subscribe, send mail to > majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" > without quotes as the message. > > I would say either just write an setroubleshoot plugin or copy the code in sedispatch from setroubleshoot to build your own audit dispatcher, that watches for SELinux messages. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6VifkACgkQrlYvE4MpobM27QCcCOIwbMVqj4sdBmhwOuUZ0G1f jOYAoKtoyaQVKo04heYaRAfoI2QMNKfw =0DCd -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
