Selinux audit log - translate

Question

I would like to centralize all audit logs trough syslog in one server. I did setup it up and install setroubleshoot-server.

In order to translate audit.log into human language, I would like to use sealert.

Command : sealert -a /var/log/audit/audit.log

But I got error [Errno 22] Invalid argument

score 1 · Accepted Answer · answered Oct 05 '16 at 17:42

1

setroubleshoot-server and sealert are for investigating SELinux denials. /var/log/audit/audit.log is generated by auditd and can be parsed using ausearch and aureport.

Check the relevant manpages: auditd, ausearch, aureport.

answered Oct 05 '16 at 17:42

MikeA

362
2
5

If this helped, please select it as an accepted answer to help others in the future. – MikeA Oct 06 '16 at 16:01

Selinux audit log - translate

1 Answers1