With rsyslog you can log messages with specific prefix to a separate file. For example, if you wanted to put iptables log into a separate log file, with the syslog you have to live with log combined with kernel logs.

In order to put the iptables log to a separate file, you have to assign a special prefix to iptables rule :


-A INPUT -p tcp --dport 80 -m string --string "phpmyadmin" --algo bm -m limit --limit 1/min --limit-burst 1 -j LOG --log-prefix "iptablesLog: "

Now you would have to edit the rsyslog.conf and append the line below :

:msg, startswith, "iptables: " -/var/log/iptables.log & ~