On Thu, 01 Feb 2018 01:55:18 +0200, Kapetanakis Giannis wrote: > On 01/02/18 00:06, Todd C. Miller wrote: > > > > Shouldn't this be: > > > > # Log everything coming from host bastion to a separate file > > ++bastion /var/log/bastion > > *.* > > +* > > how about > > # Log everything coming from host bastion to a separate file > ++bastion > *.* /var/log/bastion
No, you need the: +* to reset the destination file, otherwise none of the later rules will get logged. If you use "+bastion" instead of "++bastion" you don't need to have the "+*" afterward but then later rules will also match the log data from "bastion", which is not what is intended here. It works the same way as "!!program" where you need to have a "!*" after the destination lines. - todd
