[prev in list] [next in list] [prev in thread] [next in thread] 

List:       selinux
Subject:    Re: setroubleshooter/sealert on central loghost?
From:       Steve G <linux_4ever () yahoo ! com>
Date:       2007-07-31 18:19:30
Message-ID: 946030.39450.qm () web51506 ! mail ! re2 ! yahoo ! com
[Download RAW message or body]


>We run a centralized syslog server, and separate all syslogged avc
>into a separate log file. Is it possible to have setroubleshooter/sealert
>use this log file ?

setroubleshoot can be told to use a particular file for an analysis. It normally
does analysis using the realtime audit stream. So I suspect you'd have to
manually run the analysis.

That said, we are working on centrally logging the audit events and reworking
setroubleshoot to work off that new datastream including the host names so that
you can do analysis correctly per machine.

-Steve


       
____________________________________________________________________________________
Choose the right car based on your needs.  Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
[prev in list] [next in list] [prev in thread] [next in thread]