Well it is just the audit.log so any tool that could collect the audit.log would collect the SELinux logs.

You might want to look at http://linux.die.net/man/5/audisp-remote.conf

Which I believe can be setup to remote the logs.

On 09/16/2014 05:28 AM, Maurizio Pagani wrote:

Hi everybody.

I'll want configure SELinux in 1000+ Systems, but i need to know, if there is a method or product that collect all logs of SELinux and create a mirror of what are happening in the systems.

An example is snorby for suricata or snort (IDS/IPS):

http://www.rivy.org/wp-content/uploads/2013/03/snorby-screenshot.png

Let me know.

Thanks in advance.

Maurizio Pagani
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux