<br>On 17 March 2010 13:00, Roy Wright &lt;<a href="mailto:roy@wright.org">roy@wright.org</a>&gt; wrote:<br>&gt;<br>&gt; I just started with the example at:<br>&gt; <a href="http://en.gentoo-wiki.com/wiki/Syslog-ng">http://en.gentoo-wiki.com/wiki/Syslog-ng</a><br>
&gt;<br>&gt; HTH,<br>&gt; Roy<br><br>Thanks Roy, however they have the same syntax which isn&#39;t working on my side.<div><br></div><blockquote class="webkit-indent-blockquote" style="margin: 0 0 0 40px; border: none; padding: 0px;">
<div>filter f_shorewall { not match(&quot;regex&quot; value(&quot;Shorewall&quot;)); } </div></blockquote><div><br>I just tried a single rule (to make sure it wasn&#39;t my syntax):</div><div><br>filter killVmMessages {<br>
        not match(&quot;regex&quot; value(&quot;vmware-checker&quot;));<br>};</div><div><br>yet the &quot;(root) CMD (/root/bin/vmware-checker)&quot; messages still go through?! </div><div><br></div><div><div>log {</div><div>
        source(src);</div><div>        source(remote);</div><div>        filter(myfilter);</div><div>        filter(killVmMessages);</div><div>        destination(d_mysql);</div><div>};</div><div><br></div><div>I&#39;m really stumped here. All other filters (non regex) works fine though, such as facility() &amp; host().</div>
<div class="gmail_quote"><div><br></div><div>Are you able to filter by content?</div><div><br></div><div>Ralph</div></div></div>