Novell Home

My Favorites

Close

Please to see your favorites.

RHEL has repeated SELinux messages in log files when searching in Sentinel

This document (7011980) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Sentinel 7.0
Red Hat Enterprise Linux (RHEL)

Situation

The following lines appear in log files (/var/log/messages in this case) repeatedly as searches where Sentinel uses squashfs files for the search:

SELinux: initialized (dev loop4, type squashfs), not configured for labeling
SELinux: initialized (dev loop5, type squashfs), not configured for labeling
SELinux: initialized (dev loop3, type squashfs), not configured for labeling
SELinux: initialized (dev loop1, type squashfs), not configured for labeling
SELinux: initialized (dev loop2, type squashfs), not configured for labeling
SELinux: initialized (dev loop4, type squashfs), not configured for labeling
SELinux: initialized (dev loop5, type squashfs), not configured for labeling

This was noticed when these same messages appeared in Sentinel's web interface as severity zero events.  Whenever a search or report took place over a time period that had archived files these messages showed up causing more data which really had no meaning.

Resolution

The messages can be filtered out from being parsed within Sentinel by adding a filter within Event Source Management on the appropriate node (event source, connector, or collector).  Within the properties of the node click 'Set Filter' and then add a new filter which is set to Deny events which matching.  The type of match should be REGEXP and the following is the pattern to use:

.*SELinux: initialized.+squashfs.+not configured for labeling.*

Save the changes and restart the node if it does not restart automatically.  Perform searching to ensure that the events are gone, and also test other types of events which should still be parsed by the collector to ensure they still show up correctly.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7011980
  • Creation Date:19-MAR-13
  • Modified Date:19-MAR-13
    • NetIQSentinel

Did this document solve your problem? Provide Feedback