Hi,

I've asked this question in another forum with not much success, so I'll give it a try here:

My Debain runs as a syslog host to remote machines. I'd like to log all messages from a particular remote machine (say 192.168.2.100) to a particular file (say /var/log/192.168.2.100.log). All messages from the remote machine should no longer appear in /var/log/messages and /var/log/syslog. How can I do this?

The client syslog uses USER facility. In addition to standard syslog payload, it contains the following components:
GS_LOG: [device MAC address][error code] error message
Here is an example:
May 19 02:40:38 192.168.1.14 GS_LOG: [00:0b:82:00:a1:be][000]

Now my next question is more of a programming question. Everytime an entry gets added to my new file /var/log/192.168.2.100.log, I'd like to launch a program (regardless what programming language) to parse the new file (probably for the entry GS_LOG or the MAC address). How do I best go about this (it should ideally happen in real-time, 1 second delay would be ok, 5 seconds would not be ok)? A vague hint in the right direction would be appreciated, I google the rest.

Thanks for your attention.

hm