[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: audit2allow -M local < /tmp/avcs ?

From: Paul Howarth <paul city-fan org>
To: Frank Murphy <frankly3d gmail com>
Cc: fedora-selinux-list <fedora-selinux-list redhat com>
Subject: Re: audit2allow -M local < /tmp/avcs ?
Date: Tue, 08 Jul 2008 09:37:15 +0100

Frank Murphy wrote:

On Mon, 2008-07-07 at 11:27 +0200, drago01 wrote:

The logs are either in /var/log/audit.log (if audit is running)
otherwise in syslog (in this case passing -D to audit2allow will use
them)

audit2allow /var/log/audit/audit.log?

yes just use this file instead of /tmp/avcs
audit2allow -M local < /your/log/file


How long mush one give to the command?
I cleared the log, waited for two avc alerts.
ran: [root frank-03 ~]# audit2allow -M local /var/log/audit/audit.log

It's been an hour so far.


What you typed isn't what was suggested. You missed the "<".

It's waiting for the end of file on stdin, which is your terminal.

Paul.

Follow-Ups:
- Re: audit2allow -M local < /tmp/avcs ?
  - From: Frank Murphy

References:
- audit2allow -M local < /tmp/avcs ?
  - From: Frank Murphy
- Re: audit2allow -M local < /tmp/avcs ?
  - From: drago01
- Re: audit2allow -M local < /tmp/avcs ?
  - From: Frank Murphy
- Re: audit2allow -M local < /tmp/avcs ?
  - From: drago01
- Re: audit2allow -M local < /tmp/avcs ?
  - From: Frank Murphy

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]