On Sun, Oct 07, 2007 at 11:48:53AM +1000, Alex Samad wrote:
> Hi
>
> Just thought I would try out selinux, what is the best mailing list to ask
> questions about this deb-users or here on amd64.
>
> right now I am looking at how to forward all the audit messages to a seperate
> log file instead of syslog
>
> Oct 7 11:45:18 hufpuf kernel: audit(1191721518.548:757): avc: denied {
> search } for pid=8080 comm="spamd" name="/" dev=sdc1 ino=2
> scontext=user_u:system_r:spamd_t:s0 tcontext=system_u:object_r:var_log_t:s0
> tclass=dir
>
> is an example output in syslog and it looks like its the kernel that is sending
> the message, but I would like only my selinux audit lines to go into the
> audit.log log
for the record, looks like auditd is the packages to install
>
>
> Alex
Attachment:
signature.asc
Description: Digital signature