I've been trying to get ONLY FIREWALL messages to go in /var/log/firewall and all the rest of the kernel messages in /var/log/messages. For example, the boot up messages you are supposed to see with the "dmesg" command, which is now cluttered with firewall ACCEPT/DENY messages. I'm running SuSE 8.1 I've scanned the past archives and found a few ideas, the most promising was adding this to /etc/syslog.conf: ### Got this off the SuSE security mail list. ### Supposed to stuff all firewall messages in /var/log/firewall ### And out of /var/log/messages. ### ### I hope that all the other stuff still goes in /var/log/messages: ## ## - I wanted to get firewall messages in a separate file, so I added an entry ## kern.* - /var/log/firewall to /etc/syslog.conf, but now it logs to BOTH ## files. Any ideas how to cure this? ## ## yup, do this: *.*;!kern.* - /var/log/messages kern.* - /var/log/firewall Okay, so I added that, then for some reason _NO_ kernel messages were getting logged to either file. It also looks to me that this should pipe ALL kernel messages to /var/log/ferewall, even the boot up kernel messages. So, I'm back to ground zero with this: *.*;mail.none;news.none -/var/log/messages The only way I can think of to actually do this correctly is to pipe all messages to a perl script, that parses firewall messages into the firewall log and all the rest into messages. Am I out of my mind? I'm getting about a meg of firewall messages a day! If anybody has any suggestions, please reply!!! Thanks!! - Ryan