From 859e18ea65be4fae11624114a8cb24c7eebf45f0 Mon Sep 17 00:00:00 2001
From: Dag Bakke <dag@bakke.com>
Date: Thu, 9 Jan 2020 12:50:54 +0100
Subject: [PATCH] SELinux fix for syslog-ng with LibreNMS on Centos (#11014)

* Add SELinux policy for syslog-ng on Centos

* Update Syslog.md

* Update Syslog.md
---
 doc/Extensions/Syslog.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/doc/Extensions/Syslog.md b/doc/Extensions/Syslog.md
index d9ae80d2fd..0b5362060f 100644
--- a/doc/Extensions/Syslog.md
+++ b/doc/Extensions/Syslog.md
@@ -111,6 +111,37 @@ Add the following to your LibreNMS `config.php` file to enable the Syslog extens
 $config['enable_syslog'] = 1;
 ```
 
+
+If no messages make it to the syslog tab in LibreNMS, chances are you experience an issue with SELinux. If so, create a file mycustom-librenms-rsyslog.te , with the following content:
+
+```
+module mycustom-librenms-rsyslog 1.0;
+
+require {
+        type syslogd_t;
+        type httpd_sys_rw_content_t;
+        type ping_exec_t;
+        class process execmem;
+        class dir { getattr search write };
+        class file { append getattr execute open read };
+}
+
+#============= syslogd_t ==============
+allow syslogd_t httpd_sys_rw_content_t:dir { getattr search write };
+allow syslogd_t httpd_sys_rw_content_t:file { open read append getattr };
+allow syslogd_t self:process execmem;
+allow syslogd_t ping_exec_t:file execute;
+```
+
+Then, as root, execute the following commands:
+
+```ssh
+checkmodule -M -m -o mycustom-librenms-rsyslog.mod mycustom-librenms-rsyslog.te
+semodule_package -o mycustom-librenms-rsyslog.pp -m mycustom-librenms-rsyslog.mod
+semodule -i mycustom-librenms-rsyslog.pp
+```
+
+
 ### rsyslog
 
 If you prefer rsyslog, here are some hints on how to get it working.