diff --git a/ossec.if b/ossec.if
index 6954ed6..c610bf4 100644
--- a/ossec.if
+++ b/ossec.if
@@ -114,3 +114,21 @@ interface(`ossec_manage_etc_shared',`
 	manage_files_pattern($1, ossec_etc_share_t, ossec_etc_share_t)
 ')
 
+interface(`ossec_pid_filetrans',`
+	gen_require(`
+		type ossec_var_t, ossec_var_run_t;
+	')
+
+	allow $1 ossec_var_t:dir search_dir_perms;
+	allow $1 ossec_var_run_t:lnk_file read_lnk_file_perms;
+	filetrans_pattern($1, ossec_var_run_t, $2, $3, $4)
+')
+
+interface(`ossec_log_filetrans',`
+	gen_require(`
+		type ossec_log_t;
+	')
+
+	filetrans_pattern($1, ossec_log_t, $2, $3, $4)
+')
+
diff --git a/ossec.te b/ossec.te
index e489fbc..30b583e 100644
--- a/ossec.te
+++ b/ossec.te
@@ -1,5 +1,5 @@
 
-policy_module(ossec,1.0.165)
+policy_module(ossec,1.0.175)
 
 ########################################
 #
@@ -121,28 +121,6 @@ role system_r types ossec_ar_t;
 unconfined_domain(ossec_ar_t)
 ###
 
-#type ossec_script_t;
-#type ossec_script_exec_t;
-#files_type(ossec_script_t)
-#domain_type(ossec_script_t)
-#domain_entry_file(ossec_script_t, ossec_script_exec_t)
-#domtrans_pattern(ossec_execd_t, ossec_script_exec_t, ossec_script_t)
-#role system_r types ossec_script_t;
-#unconfined_domain(ossec_script_t)
-##unconfined_run(ossec_script_exec_t, ossec_script_t)
-
-##type_transition ossec_execd_t ossec_script_exec_t:process unconfined_t;
-
-##files_type(ossec_script_exec_t)
-##domain_type(ossec_script_exec_t)
-##domain_entry_file(ossec_script_exec_t, ossec_execd_t)
-###domtrans_pattern(unconfined_t, ossec_script_exec_t, ossec_execd_t)
-##unconfined_domain(ossec_script_exec_t)
-##unconfined_shell_domtrans(ossec_script_exec_t)
-##unconfined_run(ossec_execd_t, system_r)
-##unconfined_run(ossec_script_exec_t, ossec_script_t)
-
-
 require {
 	type ossec_bin_t;
 
@@ -179,6 +157,7 @@ require {
 	type ossec_ar_bin_t;
 	type ossec_ar_exec_t;
 
+	type var_log_t;
 	type httpd_t;
 	type httpd_log_t;
 	type unreserved_port_t;
@@ -209,23 +188,21 @@ allow ossec_maild_t self:capability { dac_override dac_read_search setuid setgid
 
 # etc dir
 ossec_read_config(ossec_maild_t)
-#search_dirs_pattern(ossec_maild_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_maild_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_maild_t, ossec_etc_t, ossec_etc_t)
-#sysnet_read_config(ossec_maild_t)
 
 # var dir
-search_dirs_pattern(ossec_maild_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_maild_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_maild_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_maild_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_maild_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_maild_t, ossec_var_run_t, file)
 
 # logs
-search_dirs_pattern(ossec_maild_t, ossec_log_t, ossec_log_t)
-read_files_pattern(ossec_maild_t, ossec_log_t, ossec_log_t)
-allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_maild_t, ossec_log_t, file)
+allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_maild_t, ossec_log_t, file)
+#search_dirs_pattern(ossec_maild_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_maild_t, ossec_log_t, ossec_log_t)
+#allow ossec_maild_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_maild_t, ossec_log_t, file)
 
 # Sockets
 allow ossec_maild_t self:tcp_socket { create connect read write };
@@ -240,10 +217,6 @@ allow ossec_execd_t self:capability { dac_override dac_read_search setgid };
 
 # etc dir
 ossec_read_config(ossec_execd_t)
-#search_dirs_pattern(ossec_execd_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_execd_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_execd_t, ossec_etc_t, ossec_etc_t)
-##sysnet_read_config(ossec_execd_t)
 
 # etc share dir
 search_dirs_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
@@ -251,34 +224,32 @@ read_files_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
 #manage_files_pattern(ossec_execd_t, ossec_etc_share_t, ossec_etc_share_t)
 
 # var dir
-#search_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-rw_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-#rw_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-#create_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-manage_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+##search_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+#rw_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+##rw_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+##create_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+#manage_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_execd_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_execd_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_execd_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_execd_t, ossec_var_run_t, file)
 
 # queue dir
 rw_dirs_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t)
 manage_sock_files_pattern(ossec_execd_t, ossec_queue_t, ossec_queue_t);
 
 # logs
-search_dirs_pattern(ossec_execd_t, ossec_log_t, ossec_log_t)
-read_files_pattern(ossec_execd_t, ossec_log_t, ossec_log_t)
-allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_execd_t, ossec_log_t, file)
+allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_execd_t, ossec_log_t, file)
+#search_dirs_pattern(ossec_execd_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_execd_t, ossec_log_t, ossec_log_t)
+#allow ossec_execd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_execd_t, ossec_log_t, file)
 
-# script dir
+# active-response scripts
 search_dirs_pattern(ossec_execd_t, ossec_ar_bin_t, ossec_ar_bin_t)
-#search_dirs_pattern(ossec_execd_t, ossec_script_t, ossec_script_t)
-#read_files_pattern(ossec_execd_t, ossec_script_exec_t, ossec_script_exec_t)
-#exec_files_pattern(ossec_execd_t, ossec_script_exec_t, ossec_script_exec_t)
 exec_files_pattern(ossec_execd_t, shell_exec_t, shell_exec_t)
 
-
 # dgram socket
 allow ossec_execd_t self:unix_dgram_socket { create bind getopt read write };
 
@@ -303,25 +274,21 @@ allow ossec_analysisd_t self:capability { dac_override dac_read_search fsetid se
 
 # etc dir
 ossec_read_config(ossec_analysisd_t)
-#search_dirs_pattern(ossec_analysisd_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_analysisd_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_analysisd_t, ossec_etc_t, ossec_etc_t)
-##sysnet_read_config(ossec_maild_t)
 
 # etc share dir
 search_dirs_pattern(ossec_analysisd_t, ossec_etc_share_t, ossec_etc_share_t)
 manage_files_pattern(ossec_analysisd_t, ossec_etc_share_t, ossec_etc_share_t)
 
 # var dir
-search_dirs_pattern(ossec_analysisd_t, ossec_var_t, ossec_var_t)
-#rw_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-##rw_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-##create_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
-##manage_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_analysisd_t, ossec_var_t, ossec_var_t)
+##rw_dirs_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+###rw_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+###create_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
+###manage_files_pattern(ossec_execd_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_analysisd_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_analysisd_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_analysisd_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_analysisd_t, ossec_var_run_t, file)
 
 # queue dir
 rw_dirs_pattern(ossec_analysisd_t, ossec_queue_t, ossec_queue_t)
@@ -335,13 +302,15 @@ create_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 append_files_pattern(ossec_analysisd_t, ossec_stats_t, ossec_stats_t)
 
 # logs
-#search_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#read_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
+allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
+##search_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##read_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_analysisd_t, ossec_log_t, file)
 
 # rules dir
 search_dirs_pattern(ossec_analysisd_t, ossec_rule_t, ossec_rule_t)
@@ -361,16 +330,13 @@ allow ossec_logcollector_t self:capability { dac_override dac_read_search };
 
 # etc dir
 ossec_read_config(ossec_logcollector_t)
-#search_dirs_pattern(ossec_logcollector_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_logcollector_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_logcollector_t, ossec_etc_t, ossec_etc_t)
 
 # var dir
-search_dirs_pattern(ossec_logcollector_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_logcollector_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_logcollector_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_logcollector_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_logcollector_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_logcollector_t, ossec_var_run_t, file)
 
 # queue dir
 search_dirs_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
@@ -379,13 +345,15 @@ search_dirs_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
 manage_sock_files_pattern(ossec_logcollector_t, ossec_queue_t, ossec_queue_t)
 
 # logs
-search_dirs_pattern(ossec_logcollector_t, ossec_log_t, ossec_log_t)
-#add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-read_files_pattern(ossec_logcollector_t, ossec_log_t, ossec_log_t)
-##delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-##allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
+allow ossec_logcollector_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
+#search_dirs_pattern(ossec_logcollector_t, ossec_log_t, ossec_log_t)
+##add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_logcollector_t, ossec_log_t, ossec_log_t)
+###delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+###allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_logcollector_t, ossec_log_t, file)
 
 search_dirs_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
 read_files_pattern(ossec_logcollector_t, httpd_log_t, httpd_log_t)
@@ -404,9 +372,6 @@ allow ossec_remoted_t self:capability { dac_override dac_read_search setuid setg
 
 # etc dir
 ossec_read_config(ossec_remoted_t)
-#search_dirs_pattern(ossec_remoted_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_remoted_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_remoted_t, ossec_etc_t, ossec_etc_t)
 
 # etc share dir
 search_dirs_pattern(ossec_remoted_t, ossec_etc_share_t, ossec_etc_share_t)
@@ -414,11 +379,11 @@ read_files_pattern(ossec_remoted_t, ossec_etc_share_t, ossec_etc_share_t)
 manage_files_pattern(ossec_remoted_t, ossec_etc_share_t, ossec_etc_share_t)
 
 # var dir
-search_dirs_pattern(ossec_remoted_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_remoted_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_remoted_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_remoted_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_remoted_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_remoted_t, ossec_var_run_t, file)
 
 # queue dir
 search_dirs_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
@@ -427,13 +392,15 @@ rw_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
 manage_sock_files_pattern(ossec_remoted_t, ossec_queue_t, ossec_queue_t)
 
 # logs
-search_dirs_pattern(ossec_remoted_t, ossec_log_t, ossec_log_t)
-#add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-read_files_pattern(ossec_remoted_t, ossec_log_t, ossec_log_t)
-##delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-##allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_remoted_t, ossec_log_t, file)
+allow ossec_remoted_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_remoted_t, ossec_log_t, file)
+#search_dirs_pattern(ossec_remoted_t, ossec_log_t, ossec_log_t)
+##add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_remoted_t, ossec_log_t, ossec_log_t)
+###delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+###allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_remoted_t, ossec_log_t, file)
 
 # Sockets
 allow ossec_remoted_t self:udp_socket { create bind read write };
@@ -458,16 +425,13 @@ allow ossec_syscheckd_t self:process { setsched };
 
 # etc dir
 ossec_read_config(ossec_syscheckd_t)
-#search_dirs_pattern(ossec_syscheckd_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_syscheckd_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_syscheckd_t, ossec_etc_t, ossec_etc_t)
 
 # var dir
-search_dirs_pattern(ossec_syscheckd_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_syscheckd_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_syscheckd_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_syscheckd_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_syscheckd_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_syscheckd_t, ossec_var_run_t, file)
 
 # queue dir
 search_dirs_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
@@ -476,13 +440,15 @@ search_dirs_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
 manage_sock_files_pattern(ossec_syscheckd_t, ossec_queue_t, ossec_queue_t)
 
 # logs
-search_dirs_pattern(ossec_syscheckd_t, ossec_log_t, ossec_log_t)
-#add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-read_files_pattern(ossec_syscheckd_t, ossec_log_t, ossec_log_t)
-##delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-##allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
+allow ossec_syscheckd_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
+#search_dirs_pattern(ossec_syscheckd_t, ossec_log_t, ossec_log_t)
+##add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#read_files_pattern(ossec_syscheckd_t, ossec_log_t, ossec_log_t)
+###delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+###allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_syscheckd_t, ossec_log_t, file)
 
 # dgram socket
 allow ossec_syscheckd_t self:unix_dgram_socket { create bind getopt connect write };
@@ -507,16 +473,13 @@ allow ossec_monitord_t self:capability { dac_override dac_read_search setuid set
 
 # etc dir
 ossec_read_config(ossec_monitord_t)
-#search_dirs_pattern(ossec_monitord_t, ossec_etc_t, ossec_etc_t)
-#read_lnk_files_pattern(ossec_monitord_t, ossec_etc_t, ossec_etc_t)
-#read_files_pattern(ossec_monitord_t, ossec_etc_t, ossec_etc_t)
 
 # var dir
-search_dirs_pattern(ossec_monitord_t, ossec_var_t, ossec_var_t)
+#search_dirs_pattern(ossec_monitord_t, ossec_var_t, ossec_var_t)
 
 # var run dir
-manage_dirs_pattern(ossec_monitord_t, ossec_var_run_t, ossec_var_run_t)
-manage_files_pattern(ossec_monitord_t, ossec_var_run_t, ossec_var_run_t)
+allow ossec_monitord_t ossec_var_run_t:file { create_file_perms write_file_perms setattr read unlink };
+ossec_pid_filetrans(ossec_monitord_t, ossec_var_run_t, file)
 
 # queue dir
 search_dirs_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
@@ -526,13 +489,15 @@ read_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
 manage_sock_files_pattern(ossec_monitord_t, ossec_queue_t, ossec_queue_t)
 
 # logs
-rw_dirs_pattern(ossec_monitord_t, ossec_log_t, ossec_log_t)
-#add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-#manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-rw_files_pattern(ossec_monitord_t, ossec_log_t, ossec_log_t)
-##delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
-##allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
-logging_log_filetrans(ossec_monitord_t, ossec_log_t, file)
+allow ossec_monitord_t ossec_log_t:file { create_file_perms append_file_perms read };
+ossec_log_filetrans(ossec_monitord_t, ossec_log_t, file)
+#rw_dirs_pattern(ossec_monitord_t, ossec_log_t, ossec_log_t)
+##add_entry_dirs_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+##manage_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+#rw_files_pattern(ossec_monitord_t, ossec_log_t, ossec_log_t)
+###delete_files_pattern(ossec_analysisd_t, ossec_log_t, ossec_log_t)
+###allow ossec_analysisd_t ossec_log_t:file { create_file_perms append_file_perms };
+#logging_log_filetrans(ossec_monitord_t, ossec_log_t, file)
 
 # dgram socket
 allow ossec_monitord_t self:unix_dgram_socket { create bind getopt connect write };