, but setroubleshoot is *not* > installed. Is there be some kind of dependency or group that it should be > part of that's missing? I don't see why I need to manually install it.... > On EL5 (don't have a EL6 box to hand to check) it is the setroubleshoot-server package you need. Use yum provides "*/setroubleshootd" to verify. > Second - and I thought I knew the answer to this, but guess I don't - I > see AVC's in the log file, but no sealerts - how do I start it up to give > me them in messages? I see auditd is running.... > Well auditd writes to /var/log/audit/audit.log ... The sealerts in /var/log/messages you are thinking of get generated/etc by setroubleshootd.