I have an iptables rule that is logging some of my networks activities into a log file using the jump LOG rule.
I filter the events to go to a specific file using the following rsyslog configuration file:
if $msg startswith '[ZN' then {
action(type="omfile" file="/var/log/zn.log" template="RSYSLOG_FileFormat")
stop
}
the filters works well, the messages do not go to the /var/log/messages or /var/log/kern.log as expected, but I can see all of the messages by simply run journalctl -f
Is there any way to prevent the messages to get into the journal log? or does it coming earlier in the chain and can be filtered in other ways?
