On Thu, Feb 01, 2018 at 02:26:16PM +0100, Alexander Bluhm wrote: > On Thu, Feb 01, 2018 at 09:08:04AM +0100, Landry Breuil wrote: > > > # Log everything coming from host bastion to a separate file > > > ++bastion /var/log/bastion > > > *.* > > > +* > > > > well maybe that's clearer, but the version without *.* works here.. i > > dont have a preference, so i'll defer to experts :) > > I wonder how that works. I have tried it and it does not, my > understanding of the code is that everything after ++bastion on > that line is not parsed. > > The log file name must be in the same line as the severity and > facility. The hostname just starts the block. And the block should > be closed. I put that block at the beginning of my syslog.conf. > > ++bastion > *.* /var/log/bastion > +*
Dammit, you're right again :) I had a closer look, and indeed the version without the facility.severity *doesn't* work. So indeed this version should be better: Index: syslog.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/syslogd/syslog.conf.5,v retrieving revision 1.34 diff -u -r1.34 syslog.conf.5 --- syslog.conf.5 6 Jul 2016 19:29:13 -0000 1.34 +++ syslog.conf.5 1 Feb 2018 14:05:06 -0000 @@ -306,6 +306,11 @@ # Root and Eric get alert and higher messages. *.alert root,eric +# Log everything coming from host bastion to a separate file +++bastion +*.* /var/log/bastion ++* + # Save mail and news errors of level err and higher in a # special file. mail,news.err /var/log/spoolerr
