I’m using syslog-ng 1.6rc4

 

Can anyone tell me what is wrong with this filter:

 

filter f_kern { facility(kern) and (not match("IPTABLES DROP") or not match("New not SYN:")); };

 

I still can see lines with IPTABLES DROP in my kernel logL Why these messages still come through this filter? Thanks. What am I missing?