[rsyslog] rsyslog v3 and selinux
janfrode at tanso.net
Fri Mar 14 00:58:55 CET 2008
On 2008-03-12, Johnny Tan <linuxweb at gmail.com> wrote:
> This is custom. I prefer to install auditd and have the
> SELinux logs separated out from /var/log/messages. Then I
> use imfile to convert the audit logs to syslog in order to
> send it over to the central logger.
> Yes, it's a waste of a syslog "local" facility, but I'm not
> aware of any other way unless I remove auditd and have those
> go back into /var/log/messages.
Hmmm.. I have been wondering about how to collect the auditd logs
centrally. Could you please share how you do it ? Would be great
if you manage to keep the format on the receiving host..
More information about the rsyslog