If selinux is causing you a headache, then disable it. -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of James B. Byrne Sent: Friday, July 24, 2015 8:16 AM To: CentOS mailing list Subject: Re: [CentOS] rsyslog.conf On Thu, July 23, 2015 13:19, m.roth at 5-cent.us wrote: > Physically dragging the thread back on topic... > > I really am going crazy, trying to deal with the hourly logs from the > loghost. We've got 170+ servers and workstations... but a *very* large > percentage of what's showing up is from his bloody new fedora 22, with > its idiot systemd logging of *ever* selinux message to > /var/log/messages. > > I tried creating a rule, /etc/rsyslog.d/audit.conf, that reads: > > if $msg contains "audit" and $msg,contains,'res=success' then - > > but that seemed to send *everything* to /dev/null. That was my best > guess, based on googling (yahooing?) and man pages. Can anyone tell me > what's wrong with that syntax? > > mark > > > And Lennart blames Linus[1] for why he gets hate mail. We are giving RHEL-7 a pass on this iteration. We have installed it on a couple of test hosts and are not favourably impressed with much of the user interface. At least not from the sys-admin side of things. This is not to imply that there is nothing good in 7. There are at lot of improvements that we certainly value. But it is too early in systemd development for us to waste time debugging somebody else's pipe-dream on our dime. We will see what 8 offers and decide then whether to move to something else. [1]. https://plus.google.com/app/basic/stream/z13rdjryqyn1xlt3522sxpugoz3gujbhh04 -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos