Re: How to enable remote logging for syslog

[Paul Howarth <paul@xxxxxxxxxxxx>]

Dan Track wrote:
> Hi
>
> I'm having a problem getting remote logging working, and I've got a
> funny feeling its to do with selinux. When restarting syslog I get the
> following error:
>
> kernel: audit(1142611035.568:0): avc:  denied  { write } for 
> pid=23205 comm=syslogd name=log dev=hda1 ino=3637424
> scontext=root:system_r:syslogd_t tcontext=root:object_r:usr_t
> tclass=dir
>
> In my syslog.conf file I have:
>
> local4.*                                               
> /opt/log/cisco-firewall.log
>
> Can someone please help me solve this.

Try:

# chcon -t var_log_t /opt/log/cisco-firewall.log

Paul.