[rsyslog-notify] Forum Thread: Re: Why are all my logs going to /var/log/audit/audit.log - (Mode 'edit_last_post')
noreply at adiscon.com
noreply at adiscon.com
Thu Feb 25 20:40:24 CET 2016
User: reswob
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26376#p26376
Message:
----------
Your mention of the audit process gave me the lead I needed. After
reviewing the link you gave me, I then searched for the error messages I
found in the audit.log
With that search, I found the following site:
<!-- m --><a class="postlink"
href="http://www.linuxforums.org/articles/accomodating-avc-denied-messages-selinux_355.html">http://www.linuxforums.org/articles/acc
... x_355.html</a><!-- m -->
Which described the error messages I was getting exactly. From there I did
some more searching and found this site:
<!-- m --><a class="postlink"
href="https://wiki.centos.org/HowTos/SELinux">https://wiki.centos.org/HowTos/SELinux</a><!--
m -->
Which told me how to troubleshoot and fix the permission problems.
All logs are now being saved in the file I have designated in rsyslog.conf
So it looks like somehow the files created by rsyslog ended up in the wrong
selinux context and thus selinux was blocking access. I'm not sure if this
happened cause I was mucking with the files (chown and chmoding them) or
reviewing them or what.
Thanks for the help!
More information about the rsyslog-notify
mailing list