filter /etc/messages for certain IP table entries
 

I have specific iptables chains that if traffic matches, it will drop the packet and log the event. No problem setting that up.

What I want to do is setup a script (perl/.sh or the sort) to filter through /etc/messages and write a seperate logfile with all the information matching the iptables --log-prefix messages. So could I do something like:

grep $RULE /etc/messages > /var/log/iptables.log

Then setup a cron to do this every 24hrs while rotating the file before the update.

Anyone think this will work? I think it should.....