Hi all, i would like to have some iptables logs but only in a specific file ( /var/log/iptables.log in my config ). how can I do that ?? here's my config : options { long_hostnames(off); sync(0); stats(43200); }; source src { unix-stream("/dev/log"); file("/proc/kmsg"); internal(); }; destination authlog { file ("/var/log/auth.log"); }; destination syslog { file ("/var/log/syslog"); }; destination cron { file ("/var/log/cron.log"); }; destination daemon { file ("/var/log/daemon.log"); }; destination kern { file ("/var/log/kern.log"); }; destination lpr { file ("/var/log/lpr.log"); }; destination user { file ("/var/log/user.log"); }; destination uucp { file ("/var/log/uucp.log"); }; destination ppp { file ("/var/log/ppp.log"); }; destination mail { file ("/var/log/mail.log"); }; destination mailinfo { file ("/var/log/mail.info"); }; destination mailwarn { file ("/var/log/mail.warn"); }; destination mailerr { file ("/var/log/mail.err"); }; destination newscrit { file ("/var/log/news/news.crit"); }; destination newserr { file ("/var/log/news/news.err"); }; destination newsnotice { file ("/var/log/news/news.notice"); }; destination debug { file ("/var/log/debug"); }; destination messages { file ("/var/log/messages"); }; destination console_all { file("/dev/tty12"); }; destination iptables { file("/var/log/iptables.log"); }; filter f_auth { facility(auth); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(cron); }; filter f_news { facility(news); }; filter f_debug { not facility(auth, authpriv, news, mail); }; filter f_messages { level(info..warn) and not facility(auth, authpriv, mail, news); }; filter f_emergency { level(emerg); }; filter f_info { level(info); }; filter f_notice { level(notice); }; filter f_warn { level(warn); }; filter f_crit { level(crit); }; filter f_err { level(err); }; filter f_iptables { match("Alert!"); }; log { source (src); filter (f_authpriv); destination (authlog); }; log { source (src); filter (f_syslog); destination (syslog); }; log { source (src); filter (f_cron); destination (cron); }; log { source (src); filter (f_daemon); destination (daemon); }; log { source (src); filter (f_kern); destination (kern); }; log { source (src); filter (f_lpr); destination (lpr); }; log { source (src); filter (f_mail); destination (mail); }; log { source (src); filter (f_user); destination (user); }; log { source (src); filter (f_uucp); destination (uucp); }; log { source (src); filter (f_mail); filter (f_info); destination (mailinfo); }; log { source (src); filter (f_mail); filter (f_warn); destination (mailwarn); }; log { source (src); filter (f_mail); filter (f_err); destination (mailerr); }; log { source (src); filter (f_news); filter (f_crit); destination (newscrit); }; log { source (src); filter (f_news); filter (f_err); destination (newserr); }; log { source (src); filter (f_news); filter (f_notice); destination (newsnotice); }; log { source (src); filter (f_debug); destination (debug); }; log { source (src); filter (f_messages); destination (messages); }; log { source (src); filter (f_emergency); destination (console_all); }; log { source (src); filter (f_iptables); destination (iptables); }; -- Don't Fear The Penguins They Will Free Your Computer.