On Thu, Jul 23, 2015 at 01:19:44PM -0400, m.roth at 5-cent.us wrote: > I really am going crazy, trying to deal with the hourly logs from the > loghost. We've got 170+ servers and workstations... but a *very* large > percentage of what's showing up is from his bloody new fedora 22, with its > idiot systemd logging of *ever* selinux message to /var/log/messages. systemctl enable auditd systemctl start auditd Now your SELinux (and other audit) logs are going to /var/log/audit/audit.log. -- Jonathan Billings <billings at negate.org>