NetIQ Sentinel 7.0
Red Hat Enterprise Linux (RHEL)

The following lines appear in log files (/var/log/messages in this case) repeatedly as searches where Sentinel uses squashfs files for the search:

SELinux: initialized (dev loop4, type squashfs), not configured for labeling
SELinux: initialized (dev loop5, type squashfs), not configured for labeling
SELinux: initialized (dev loop3, type squashfs), not configured for labeling
SELinux: initialized (dev loop1, type squashfs), not configured for labeling
SELinux: initialized (dev loop2, type squashfs), not configured for labeling
SELinux: initialized (dev loop4, type squashfs), not configured for labeling
SELinux: initialized (dev loop5, type squashfs), not configured for labeling

This was noticed when these same messages appeared in Sentinel's web interface as severity zero events.  Whenever a search or report took place over a time period that had archived files these messages showed up causing more data which really had no meaning.

The messages can be filtered out from being parsed within Sentinel by adding a filter within Event Source Management on the appropriate node (event source, connector, or collector).  Within the properties of the node click 'Set Filter' and then add a new filter which is set to Deny events which matching.  The type of match should be REGEXP and the following is the pattern to use:

.*SELinux: initialized.+squashfs.+not configured for labeling.*

Save the changes and restart the node if it does not restart automatically.  Perform searching to ensure that the events are gone, and also test other types of events which should still be parsed by the collector to ensure they still show up correctly.