rsyslog

This will cover configuring rsyslog

View the syslog data

sudo tcpdump -nli eth0 udp port 514

Uncomment out the network lines

sudo vi /etc/rsyslogd.conf
...
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
# provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514
...

Restart syslog

sudo pkill rsyslogd

Add the local definiations to the conf file (make sure above the catch all section

sudo vi /etc/rsyslog.d/50-default.conf
# Logging for the router
local0.*                        -/var/log/router-firewall.log
local1.*                        -/var/log/router-vpn.log
local2.*                        -/var/log/router-useraccess.log
local3.*                        -/var/log/router-call.log
local4.*                        -/var/log/router-wan.log
local5.*                        -/var/log/router-adsl.log

You can turn off logging by adding the type at the end (see below for local5)

*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none,local5           -/var/log/messages