(1) is it possible to log into a file of my own choice? perhaps at /var/log/iptables-log.
Yes. Many people use syslog but I find that syslog-ng does the job even better.With syslog-ng you can match regular expressions and send them to designated log files,
better parsing. It's easily explained in the manuals
(2) does somebody know a tool, which is locking at the log-file(s) and may send an email automatically if the last messages was logged for 10 times.
When a file is locked, generally speaking, another process can not write to that file. A simple shell script that periodically (cron) checks the log file will do the job.
(3) does somebody know a !good! tool for analyzing the log-files from the iptables-log output ??
Fwanalog