I'm trying to get all ipfw logs going to ipfw.log I've managed that, but ipfw.log is also getting stuff that shows up in system.log
!-ipfw
*.notice;authpriv,remoteauth,ftp,install,internal.none /var/log/system.log
kern.* /var/log/kernel.log
# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial
# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth.info;authpriv.*;remoteauth.crit /var/log/secure.log
lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/appfirewall.log
*.emerg *
!ipfw
*.* /var/log/ipfw.log
I've seen various examples with a !* at the end, or before !ipfw, or after the system.log line, but none seem to work.