I search and searched on www.google.com/linux and i have read trough number of netfilter documentation, but neither helpt me out.

Problem, getting syslog to log netfilter events to a different file then messages log file.

man syslog shows nothing about it, and all the netfilter documentation just say something like: "read the syslog manuals" <-- now thats not very helpfull dear guru's who make these 'excelent' guides/howto's/faqs.

My messages logs on all my fc3 systems are not well organized/readable any more, i want to change this.

Read man syslog.conf if you haven't already. I think those logs get output with the "kernel" facility, so you wouldn't be redirecting just netfilter logs.

You should have searched the netfilter mailing list archives:

https://lists.netfilter.org/pipermail/netfilter/2003-January/041259.html

I'm doing just what you want on my firewall. Hang tight I'll pull up the relevant info.

Okay, the first thing I did is to addkern.debug /var/log/kerndbugto my /etc/syslog.conf file. You could name the file whatever you want; I chose kerndbug because it's possible I could see other kernel related messages in there as well as my iptables log entries.

The next thing I did was to explicitly define my log rules with iptables. Here's an exampleiptables -A VDROP -j LOG --log-ip-options --log-tcp-options --log-level debug --log-prefix "VFLAG "The log-prefix option with the quoted parameter following makes it very easy to inspect the log file and know what rule generated the entry.

One other note:

You may want to modify logrotate to deal with the added log file. I set my /etc/logrotate.d/syslog file like this/var/log/messages /var/log/kerndbug /var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}which includes the additional /var/log/kerndbug file.

I've been looking at this problem as well, and it looks like syslog-ng is a good solution. It lets you log only iptables logs to a certain file. Check it out here: http://www.balabit.com/products/syslog-ng/.