RSA Admin

Fedora 6

Discussion created by RSA Admin Employee on Sep 10, 2008
Latest reply on Sep 10, 2008 by RSA Admin

I'm trying to use the defalut rhlinuxmsg.xml for logs coming from a Fedora 6 server.  I intend on using this as boiler plate for a new device type, Beacon from Great Bay Software.  In a sample log message there is this example:


 pam_unix(sshd:session): session opened for


While searching the rhlinuxmsg.xml there are messages like this:


="<agent>[<data>]: session opened for user 


Note the use of brackets rather then the parens.  Searching the entire xml for  '): session opened for' returns no results.  It appears the the rhlinuxmsg.xml would be expecting the use of brackets and not parens.


Is Fedora somehow different then RH?  I would suspect that it is not, but has anyone used Fedora 6 as a data source?