Centos6.3 running rsyslog-5.8.10-6.el6.x86_64 writes to both my custom log file and /var/log/messages.
After making changes to my iptables files to log dropped packets :
-N LOGGING -A INPUT -j LOGGING -A OUTPUT -j LOGGING -A LOGGING -m limit --limit 2/sec -j LOG --log-prefix "IPTables-Dropped: " --log-level 4 -A LOGGING -j DROP
I added "kern.warning /var/log/iptablesDROPPED.log" to the bottom of my /etc/rsyslog.conf file, restarted rsyslog and iptables.
It works great but logs to both files.
PROBLEM: I don't want it logging the same entries to /var/log/messages.
It also happens to ignore my 2 logs/sec rule so I get 3 messages every time it blocks an ssh connection. The same if I set it to 2/min as well.
