I've asked this question in another forum with not much success, so I'll give it a try here:

My Debain runs as a syslog host to remote machines. I'd like to log all messages from a particular remote machine (say to a particular file (say /var/log/ All messages from the remote machine should no longer appear in /var/log/messages and /var/log/syslog. How can I do this?

The client syslog uses USER facility. In addition to standard syslog payload, it contains the following components:
GS_LOG: [device MAC address][error code] error message
Here is an example:
May 19 02:40:38 GS_LOG: [00:0b:82:00:a1:be][000]

Now my next question is more of a programming question. Everytime an entry gets added to my new file /var/log/, I'd like to launch a program (regardless what programming language) to parse the new file (probably for the entry GS_LOG or the MAC address). How do I best go about this (it should ideally happen in real-time, 1 second delay would be ok, 5 seconds would not be ok)? A vague hint in the right direction would be appreciated, I google the rest.

Thanks for your attention.