Sorry if this has already been posted.
 
I can't seem to get the match filter function to work with a value("MACRO"). I can use macros successfully in destinations and parsers but the match() doesn't work. I want to use something like:
 
filter f_pix { match("%ASA-" value("$MSGHDR")); }; # this fails
 
filter f_pix { match("%ASA-"); }; # this works
 
I've verified the source events and they do have "%ASA-" in the header. I create an output file with a template(header--$MSGHDR--\n) and the values are there.
 
Am I missing something?
 
 
I'm using the following version of syslog-ng on RHEL 4.5:
syslog-ng 3.0.1+binpkg4
Revision: ssh+git://bazsi@git.balabit//var/scm/git/syslog-ng/syslog-ng-ose--mainline--3.0#master#555574a984eaef9410a2869db0af1be0d52b269b
Compile-Date: Mar 12 2009 16:42:24
Enable-Threads: on
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-Sun-STREAMS: off
Enable-Sun-Door: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: off
Enable-SSL: on
Enable-SQL: on
Enable-Linux-Caps: on
Enable-Pcre: off
 
 
Thanks,
 
Steve