Just a thought. I read that it is much more efficient to use and maybe it can make do your job easier.<br><br><i>

</i>
<pre>filter f_xntp_filter_no_regexp {<br>	# original line: &quot;xntpd[1567]: time error -1159.777379 is way too large (set clock manually);<br>	program(&quot;xntpd&quot;) and<br>	match(&quot;time error .* is way too large .* set clock manually&quot;);
<br>};<br><i>
</i></pre>

<i>			Use this instead:

</i>
<pre>filter f_xntp_filter_no_regexp {<br>	# original line: &quot;xntpd[1567]: time error -1159.777379 is way too large (set clock manually);<br>	program(&quot;xntpd&quot;) and<br>	match(&quot;time error&quot;) and match(&quot;is way too large&quot;) and match(&quot;set clock manually&quot;);
<br>			        <br>};<br></pre>
<i>
		</i><br><p>You can see this information in <a href="http://www.campin.net/syslog-ng/faq.html#perf">http://www.campin.net/syslog-ng/faq.html#perf</a><br><i>

		</i></p><br>Regards,<br>Bruno.<br><br><br><div><span class="gmail_quote">On 3/1/07, <b class="gmail_sendername">Balazs Scheidler</b> &lt;<a href="mailto:bazsi@balabit.hu">bazsi@balabit.hu</a>&gt; wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Thu, 2007-03-01 at 10:24 +0000, Hari Sekhon wrote:<br>&gt; one more thought, did you try ${10} or something?<br>&gt;<br>&gt; This works in shell so it&#39;s worth a try.<br><br>currently syslog-ng supports max $9. It&#39;s not too difficult to add more,
<br>I&#39;ll look into it.<br><br>--<br>Bazsi<br><br>_______________________________________________<br>syslog-ng maillist&nbsp;&nbsp;-&nbsp;&nbsp;<a href="mailto:syslog-ng@lists.balabit.hu">syslog-ng@lists.balabit.hu</a><br><a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">
https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>Frequently asked questions at <a href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a><br><br></blockquote></div><br>