[rsyslog] rsyslog v3 and selinux
janfrode at tanso.net
Fri Mar 14 15:29:46 CET 2008
On 2008-03-14, Johnny Tan <linuxweb at gmail.com> wrote:
> The format is NOT kept due to the syslog prefix. However
> audit2allow can still read and process the file.
> If I need the original format (like for ausearch, and maybe
> other tools), I would need to run something like this on the
> server side, in the directory for the host I'm wanting to do
> the analysis on:
> sed 's/^.*tag_audit_log://' audit_log | ausearch -i
> Is that what you meant?
More information about the rsyslog