ok, sorted the problem....well, half of it anyway. So in fact syslog acts something like pf but in reverse. The first rule wins (but unfortunatelly so does the second I see). I moved the
Code:
+192.168.0.1
*.* /var/log/router.log
+*
lines at the very top of the file and now it logs to the router.log file. Unfortunatelly it also logs to messages. A workaround would be to remove the "kernel.debug" option from the /var/log/messages line in syslogd.conf, but afterwards it would come back at me and bite me in the ......excuse me....... as no more kernel errors would be logged.