I have enabled rsyslog on Ubuntu and have my firewall logs going to this system. They are landing in the syslog file and I want them to go to a unique file such as /var/log/firewall.log. I have entered the following line in the rsyslog.conf file, but it doesn't seem to have any affect.
if $fromhost-ip isequal '192.168.223.1' then /var/log/192.168.223.1.log
Does the config file care where I place that line? I have placed it close to the top before the local rule definitions.