I want failure (or 'all' if I can't select 'failures') messages from SElinux to go to the system's syslog service. We've got a syslog manager that is pulling in all other events from all servers.
(I'm actually using rsyslog and don't really care if messages go to syslog and the existing audit log)
I apologise if this is an obvious answer to a search, but I've been searching for syslog and SELinux and get lots of people wanting to do stuff with syslog that is interfered with by SElinux and similar... I've read FAQs and the like and they all just seem to refer to messages going to the audit log with no alternatives.
Thanks
If I understand your question you expect to place audit log data into syslog instead of audit.log file. In this case you can redirect whole the log produced by auditd daemon, see