[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    setroubleshooter/sealert on central loghost?
From:       "Jan-Frode Myklebust" <janfrode () tanso ! net>
Date:       2007-07-31 14:50:27
Message-ID: 911f42990707310750r349d11c4x9132c68d83cf8cfc () mail ! gmail ! com
[Download RAW message or body]

We run a centralized syslog server, and separate all syslogged avc
into a separate log file. Is it possible to have setroubleshooter/sealert
use this log file ?

Also it would be nice if one could get the correct "Host Name" in
the setroubleshhot browser and alerts. Guess that also will have
to be added to the avc-log lines is some format.. I tried faking it
with:

type=AVC msg=audit(1185725759.359:2945): avc:  denied  { search } for
pid=2077 hostname="my.hostname.com" comm="snmpd" name="fs" dev=proc
ino=4026531869 scontext=system_u:system_r:snmpd_t:s0
tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir

But the troubleshooter doesn't pick up the hostname. Any ideas ?


 -jf

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]