I have an embedded firewall (running pfsense on a WRAP board) and am having the logs sent to a linux box. The events show up fine in /var/log/messages but I want to have them logged to their own dedicated file - /var/log/firewall.log. I am having problems with syslog and setting this up in syslog.conf. Anyone know how to do this correctly?

The logfiles look like this (IPs removed):

May 6 01:10:28 firewall pf: 3. 290806 rule 51/0(match): block in on sis1: (tos 0x20, ttl 112, id 7126, offset 0, flags [none], proto: UDP (17), length: 1091) OUTSIDE_IP > INSIDE_IP: UDP, length 1063

Thanks!

i'd suggest you ditch syslog and use syslog-ng instead, it makes a vastly better server when other machines use it too.