RSA Admin

Fedora 6

Discussion created by RSA Admin Employee on Sep 10, 2008
Latest reply on Sep 10, 2008 by RSA Admin

I'm trying to use the defalut rhlinuxmsg.xml for logs coming from a Fedora 6 server.  I intend on using this as boiler plate for a new device type, Beacon from Great Bay Software.  In a sample log message there is this example:

 

 pam_unix(sshd:session): session opened for

 

While searching the rhlinuxmsg.xml there are messages like this:

 

="<agent>[<data>]: session opened for user 

 

Note the use of brackets rather then the parens.  Searching the entire xml for  '): session opened for' returns no results.  It appears the the rhlinuxmsg.xml would be expecting the use of brackets and not parens.

 

Is Fedora somehow different then RH?  I would suspect that it is not, but has anyone used Fedora 6 as a data source?

Outcomes