filter /etc/messages for certain IP table entries
I have specific iptables chains that if traffic matches, it will drop the packet and log the event. No problem setting that up.
What I want to do is setup a script (perl/.sh or the sort) to filter through /etc/messages and write a seperate logfile with all the information matching the iptables --log-prefix messages. So could I do something like:
grep $RULE /etc/messages > /var/log/iptables.log
Then setup a cron to do this every 24hrs while rotating the file before the update.
Anyone think this will work? I think it should.....