Head-banging targets, please
Stephen Smalley
sds at epoch.ncsc.mil
Mon Jan 3 15:42:45 UTC 2005
On Thu, 2004-12-30 at 20:03, Karsten Wade wrote:
> aiui, this is just /var/log/messages.
>
> Flask is a framework, and the documentation tends to be vague about
> particulars like where you choose to put audit logs. SELinux, the
> implementation of Flask, generally uses /var/log/messages, but I'm sure
> even that could be different if you wanted.
By default, SELinux (via the kernel audit framework) logs using the
normal kernel logging facility, i.e. kernel -> klogd -> syslogd, and
then syslogd dispatches based on /etc/syslog.conf, typically to
/var/log/messages. However, the kernel audit framework will instead
dispatch the audit messages to an audit daemon if one is present; work
on an audit daemon is ongoing - see the linux-audit mailing list.
--
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the fedora-selinux-list
mailing list