<P><FONT face="'PrimaSans BT,Verdana,sans-serif'">Sorry if this has already been posted.<BR> <BR>I can't seem to get the match filter function to work with a value("MACRO"). I can use macros successfully in destinations and parsers but the match() doesn't work. I want to use something like:<BR> <BR>filter f_pix { match("%ASA-" value("$MSGHDR")); }; # this fails<BR> <BR>filter f_pix { match("%ASA-"); }; # this works<BR> <BR>I've verified the source events and they do have "%ASA-" in the header. I create an output file with a template(header--$MSGHDR--\n) and the values are there.<BR> <BR>Am I missing something?<BR> <BR> <BR>I'm using the following version of syslog-ng on RHEL 4.5:<BR>syslog-ng 3.0.1+binpkg4<BR>Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#555574a984eaef9410a2869db0af1be0d52b269b<BR>Compile-Date: Mar 12 2009 16:42:24<BR>Enable-Threads: on<BR>Enable-Debug: off<BR>Enable-GProf: off<BR>Enable-Memtrace: off<BR>Enable-Sun-STREAMS: off<BR>Enable-Sun-Door: off<BR>Enable-IPv6: on<BR>Enable-Spoof-Source: on<BR>Enable-TCP-Wrapper: off<BR>Enable-SSL: on<BR>Enable-SQL: on<BR>Enable-Linux-Caps: on<BR>Enable-Pcre: off<BR> <BR> <BR>Thanks,<BR> <BR>Steve </FONT></P>