AVC messages

Stephen Smalley sds at epoch.ncsc.mil
Tue Jan 4 19:51:49 UTC 2005


On Tue, 2005-01-04 at 14:53, Steve Grubb wrote:
> I was looking at my audit logs and have a question. Does the SE Linux AVC 
> denial messages constitute something that ought to be in the audit logs? Or 
> does it belong in syslog?
> 
> I agree that it is important information...just curious where it should really 
> live.

It belongs in an audit log, but you could certainly have multiple audit
logs, with one dedicated to SELinux (i.e. MAC) audit messages.
  
-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the Linux-audit mailing list