audit_log_user_avc_message - Linux

Overview

audit_log_user_avc_message enables or disables the logging of a special message when an AVC denial occurs for a user session. This can be useful for troubleshooting and security audits, as it provides more detailed information about the events leading up to an AVC denial.

Syntax

audit_log_user_avc_message [-e | -d]

Options/Flags

• -e: Enable the logging of user AVC messages.
• -d: Disable the logging of user AVC messages. (default)

Examples

Enable logging of user AVC messages:

audit_log_user_avc_message -e

Disable logging of user AVC messages:

audit_log_user_avc_message -d

Common Issues

No messages are being logged after enabling the setting:
Ensure that the audit daemon is running and that the audit rules are set to log AVC messages.

Integration

Use with ‘ausearch’ to retrieve AVC messages:

ausearch -m AVC -ts event

Related Commands

• auditctl – Controls the audit system.
• ausearch – Searches the audit trail for matching events.