Hi,
I am sorry Gert - My fault for not explaining more , and I thought it was inherently obvious what it has to do with your filter. It still isn't obvious to me, sorry...
Let me ask "Gert what is the point of collecting logging information anyway?" So that we as a systems admin can prove what went on inside our systems - leaving us as the weak link in the evidentiary chain of custody for events taking place inside the audit envelope around your systems. Well, we cannot _prove_ what happened on our machines; as admin it is easy to fake logfiles so they "prove" anything we want. As you said, the admin is the "weak link" here. Instead, logging information gives us hints about misconfigurations or attempted (and possibly successful) intrusions into our machines. (Assuming that nobody can mess with the loghost...) I'm sure you can use or abuse a syslog daemon for lots of other useful things...
So, does anybody else on this list want to comment about my patch? Balazs, will you include it in future versions of syslog-ng? Greetings Gert