Hi all,

Has anyone here worked out how to filter out syslog messages using syslog-ng
v3? The old syntax doesn't work (well complains bitterly about performance
and says to use regex), and no matter what I try I cannot get the new syntax
to work :-/ I have a syslog-ng server which logs to MySQL for multiple
clients in a network, however the database just keeps growing with
irrelevant data I'd prefer to just quietly ignore on the server side.

I'm trying to filter out (exclude) messages such as:
  (root) CMD (/root/bin/vmware-checker)
and
  (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )

==============
filter myfilter {
        not match("regex" value("\/usr\/sbin\/run-crons"))
        and not match("regex" value("vmware-checker"));
}
log {
        source(src);
        source(remote);
        filter(myfilter);
        destination(d_mysql);
};
===============

However they just keep coming through the filter (ie: not matching the "not
match" filter). I've tried escaping the slashes, not escaping them ... even
partial words, but I obviously am missing something somewhere.

Anyone have any ideas?

Thanks in advance,
Ralph