[prev in list] [next in list] [prev in thread] [next in thread]
List: selinux
Subject: setroubleshooter/sealert on central loghost?
From: "Jan-Frode Myklebust" <janfrode () tanso ! net>
Date: 2007-07-31 14:50:27
Message-ID: 911f42990707310750r349d11c4x9132c68d83cf8cfc () mail ! gmail ! com
[Download RAW message or body]
We run a centralized syslog server, and separate all syslogged avc
into a separate log file. Is it possible to have setroubleshooter/sealert
use this log file ?
Also it would be nice if one could get the correct "Host Name" in
the setroubleshhot browser and alerts. Guess that also will have
to be added to the avc-log lines is some format.. I tried faking it
with:
type=AVC msg=audit(1185725759.359:2945): avc: denied { search } for
pid=2077 hostname="my.hostname.com" comm="snmpd" name="fs" dev=proc
ino=4026531869 scontext=system_u:system_r:snmpd_t:s0
tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=dir
But the troubleshooter doesn't pick up the hostname. Any ideas ?
-jf
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic