[rsyslog] rsyslog v3 and selinux

Jan-Frode Myklebust janfrode at tanso.net
Fri Mar 14 15:29:46 CET 2008


On 2008-03-14, Johnny Tan <linuxweb at gmail.com> wrote:
>==
> The format is NOT kept due to the syslog prefix. However 
> audit2allow can still read and process the file.
>
> If I need the original format (like for ausearch, and maybe 
> other tools), I would need to run something like this on the 
> server side, in the directory for the host I'm wanting to do 
> the analysis on:
>
> sed 's/^.*tag_audit_log://' audit_log | ausearch -i
>
> Is that what you meant?

Yes, thanks! 




  -jf




More information about the rsyslog mailing list