diff --git a/ansible/install/roles/rsyslog-templates/tasks/main.yml b/ansible/install/roles/rsyslog-templates/tasks/main.yml
index 60ef38b66..7dc189872 100644
--- a/ansible/install/roles/rsyslog-templates/tasks/main.yml
+++ b/ansible/install/roles/rsyslog-templates/tasks/main.yml
@@ -138,3 +138,10 @@
     state: started
     timeout: 10
   when: rsyslog_aggregator or rsyslog_forwarding
+
+# syslog as a system process lives under some very restrictive selinux rules, this is the best
+# way I've found to get to to work reliably. On a prod system you would probably want to manually
+# validate that the .te file produced makes sense.
+- name: Generate and install syslog policy file
+  shell: "grep syslog /var/log/audit/audit.log  | audit2allow -M syslogd_t; semodule -i syslogd_t.pp"
+  become: true
\ No newline at end of file