[CentOS] rsyslog.conf
m.roth at 5-cent.us
m.roth at 5-cent.us
Thu Jul 23 20:17:01 UTC 2015
Jonathan Billings wrote:
> On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth at 5-cent.us wrote:
>> I really am going crazy, trying to deal with the hourly logs from the
>> loghost. We've got 170+ servers and workstations... but a *very* large
>> percentage of what's showing up is from his bloody new fedora 22, with
>> its
>> idiot systemd logging of *ever* selinux message to /var/log/messages.
>
> systemctl enable auditd
> systemctl start auditd
>
> Now your SELinux (and other audit) logs are going to
> /var/log/audit/audit.log.
Um, no. That was where I started this thread - my manager updated his
fedora box from 20 to 22, and there's a bug about it
<https://bugzilla.redhat.com/show_bug.cgi?id=1227379>, where it appears
that the systemd folks have demanded *all* logs, and are multicast
spitting out the selinux logs *als0* to /var/log/messages.
And I just checked, and yes, auditd is running.
So I'm back to trying to find the correct syntax to filter all the
successes seen by auditd from getting to messages....
mark
More information about the CentOS
mailing list