missing avc message field names
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Tue Jan 30 17:28:09 UTC 2007
On Tue, 30 Jan 2007 12:06:06 EST, Joshua Brindle said:
>
> This is fairly off topic here (selinux list) but I agree with Karl. As a
> recovering admin I think I can say that admins expect to be able to use
> various unix utilities to inspect log files, particularly tail -f.
As a counter-example - lastcomm and last.
If you want to use tail -f, don't run auditd, and use syslog-ng(*) or similar
to send the msgs you're interested in to a file that you can tail -f.
Or you *can* tail -f the file, just be ready to deal with the fact that it
contains binary data, same as the process accounting file and the last-login
file.
(*) syslog-ng can route to logfiles based on a regexp, so you don't have to
send all kernel output to the same file...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20070130/bf2f57d2/attachment.sig>
More information about the Linux-audit
mailing list