# This is an example rule for app-admin/syslog-ng to separate ufw logs
# from /var/log/messages.
# Place those lines before "log" entries in /etc/syslog-ng/syslog-ng.conf.

filter f_ufw { match("\\[UFW " value("MESSAGE")); };
destination ufwfile { file("/var/log/ufw.log"); };
log {
	source(src);
	filter(f_ufw);
	destination(ufwfile);
	destination(console_all);
	flags(final);
};