[rsyslog] rsyslog v3 and selinux

Jan-Frode Myklebust janfrode at tanso.net
Fri Mar 14 00:58:55 CET 2008


On 2008-03-12, Johnny Tan <linuxweb at gmail.com> wrote:
>
> This is custom. I prefer to install auditd and have the 
> SELinux logs separated out from /var/log/messages. Then I 
> use imfile to convert the audit logs to syslog in order to 
> send it over to the central logger.
>
> Yes, it's a waste of a syslog "local" facility, but I'm not 
> aware of any other way unless I remove auditd and have those 
> go back into /var/log/messages.

Hmmm.. I have been wondering about how to collect the auditd logs
centrally. Could you please share how you do it ? Would be great
if you manage to keep the format on the receiving host..



  -jf




More information about the rsyslog mailing list