I have yet another filtering question. On an AIX server using the syslog-ng.conf stanzas shown below, the only messages being logged to the d_cisco destination are those I know are coming in under facility local7. However, those same messages are also being logged to the d_all_ms destination which I think I'm filtering out. The filters seems correct and I am successfully using a similar "not" filter elsewhere (for local2 messages). Can anyone explain what I'm doing wrong?

Thanks!

#######################################################################################

options { long_hostnames(off);
          use_fqdn(yes);
          log_fifo_size(1000);
          chain_hostnames(yes); };

source src { unix-dgram("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); };

destination d_all_ms
              { file("/logs/machine_specific/$HOST/all.$LEVEL.$YEAR$MONTH$DAY"
                group(systems) perm(0664) dir_perm(0664) create_dirs(yes) );};

destination d_cisco
              { file("/logs/cisco/cisco.messages" group(systems) perm(0664) );};

# CISCO (local7) messages:
filter f_cisco { facility(local7); };

# NO CISCO (local7) messages:
filter f_no_cisco { not facility(local7); };

# Forward all messages to machine specific log monitored by system admins
log { source(src);
      filter(f_no_cisco);
      destination(d_all_ms);
    };

# Log all messages coming in on local7 facility to /logs/cisco/cisco.messages
log { source(src);
      filter(f_cisco);
      destination(d_cisco);
    };

#######################################################################################

---

John A. Parker Senior Programmer/Analyst - AIX Cornell University

jap54@cornell.edu 607-255-9356 607-255-8521 (Fax)