2011-01-02T09:45:27.537541-06:00 localhost kernel: [103213.655724] Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=192.168.1.100 DST=18.104.22.168 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53430 DF PROTO=TCP SPT=48956 DPT=3946 WINDOW=5840 RES=0x00 SYN URGP=0
Reading the shorewall documentation, it does use syslog.
If I am reading above code correctly it seems to be using the kernel facility. Is there a way I can filter out the shorewall alone and redirect it to local4?
I will read more into rsyslog filtering maybe I missed some action that I could use.
I choose rsyslog because it comes default with red hat and I am trying to get my RHCSA.