log tweak

[Cyber Source]

Ok, I know I posted about this a long time ago but it never got off the 
ground, at least on my end. Here is what I want to accomplish and the 
most helpful reply would be an example, I can figure out the options 
from there;

 I want to get more control of my syslog. I read the man pages on it and 
see that it uses "facilities" of which are the results of different 
functions, processes, whatever. Here is my problem, whenever I setup a 
system with a firewall, ALL the results of EVERY packet are sent to 
/var/log/messages. This totally clogs up and ruins the purpose of this 
general log file. So,

1. How can I filter a firewalls log post to go to another file?
2. What facility would the firewall be using to post to the file, 
kernel?, and how do you know which facility it's using?
3. Once you find what file determines what facility, can it be changed?
4. Can you add a facility to be used for a custom setting you might want?

TIA!