I have enabled rsyslog on Ubuntu and have my firewall logs going to this system. They are landing in the syslog file and I want them to go to a unique file such as /var/log/firewall.log. I have entered the following line in the rsyslog.conf file, but it doesn't seem to have any affect.
if $fromhost-ip isequal '192.168.223.1' then /var/log/192.168.223.1.log
Does the config file care where I place that line? I have placed it close to the top before the local rule definitions.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!