Hello there,I'd like to add to the original posting of this bug. The config-file 31_aide_syslog isn't really usable in this form. Besides the originally posted extra subdirectory that doesn't exist, there are more logs that just aren't added. I've made an alternative 31_aide_syslog with the following content:
/var/log/(messages|syslog|auth\.log|cron\.log|daemon\.log|kern\.log| lpr\.log|mail\.log|user\.log|uucp\.log)\.0$ LowLogs /var/log/(messages|syslog|auth\.log|cron\.log|daemon\.log|kern\.log| lpr\.log|mail\.log|user\.log|uucp\.log)\.1\.gz$ RotatedLogs+ANF /var/log/(messages|syslog|auth\.log|cron\.log|daemon\.log|kern\.log| lpr\.log|mail\.log|user\.log|uucp\.log)\.[0-9]+\.gz$ RotatedLogs /var/log/(messages|syslog|auth\.log|cron\.log|daemon\.log|kern\.log| lpr\.log|mail\.log|user\.log|uucp\.log)$ Logs
/var/log$ VarDir /var/run/(klogd|syslogd)\.pid$ VarFile (Sorry for the insane long lines.)Perhaps this isn't correct either, because I'm not really sure if syslog owns lpr.log and mail.log, or if these are owned by lpr/cups and the installed MTA. Both files are mentioned in /etc/syslog.conf, though.
Other files that probably should be included (easily found by looking at /etc/syslog.conf):
/var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/news/news.crit /var/log/news/news.err /var/log/news/news.notice /var/log/debugAnd I agree with the original poster that I'm not really sure if this is the correct place for /var/log$. Hope this helped, at least.
-- Met vriendelijke groet, Tim Stoop Cidev v.o.f. http://www.cidev.nl KvK nummer: 14072991
PGP.sig
Description: This is a digitally signed message part
