audit_log_user_avc_message - Linux
Overview
audit_log_user_avc_message enables or disables the logging of a special message when an AVC denial occurs for a user session. This can be useful for troubleshooting and security audits, as it provides more detailed information about the events leading up to an AVC denial.
Syntax
audit_log_user_avc_message [-e | -d]
Options/Flags
- -e: Enable the logging of user AVC messages.
- -d: Disable the logging of user AVC messages. (default)
Examples
Enable logging of user AVC messages:
audit_log_user_avc_message -e
Disable logging of user AVC messages:
audit_log_user_avc_message -d
Common Issues
No messages are being logged after enabling the setting:
Ensure that the audit daemon is running and that the audit rules are set to log AVC messages.
Integration
Use with ‘ausearch’ to retrieve AVC messages:
ausearch -m AVC -ts event
Related Commands
- auditctl – Controls the audit system.
- ausearch – Searches the audit trail for matching events.