you can escape the colon using another colon, like @ESTRING:CISCO.DATE::: @
Similarly, if you need to use @ in a parser, you can escape it like @@
    

Tested this using pdbtool match, using several permutations.   I
couldn't get a match.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html


  

-- 
pzolee