AVC messages
Stephen Smalley
sds at epoch.ncsc.mil
Tue Jan 4 19:51:49 UTC 2005
On Tue, 2005-01-04 at 14:53, Steve Grubb wrote:
> I was looking at my audit logs and have a question. Does the SE Linux AVC
> denial messages constitute something that ought to be in the audit logs? Or
> does it belong in syslog?
>
> I agree that it is important information...just curious where it should really
> live.
It belongs in an audit log, but you could certainly have multiple audit
logs, with one dedicated to SELinux (i.e. MAC) audit messages.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the Linux-audit
mailing list