Ive got a log file with AVC messages in it, can setroubleshoot analyze it for me?
Yes. By default setroubleshoot listens for AVC messages arriving from the audit subsystem and then feeds those AVC messages into its analysis engine. However setroubleshoot can also open a log file containing AVC messages, parse those AVC messages and feed them into its analysis engine just as if they had arrived from the audit subsystem. To analyze a log file go to the File menu and select “Scan logfile…”. This will open a file chooser dialog which will allow you to pick a file to analyze. The file is opened by the sealert process which runs with your permissions, not root permissions. Therefore any file you wish to analyze must be readable by you. Some system log file are not world readable. If this is the case then your best option is to copy the file as root to a temporary location and make it readable. As the analysis engine runs on the log file it builds an alert database (e.g. post processed). The most significant effect is to collapse recurring problems into single alerts wit