Chris, You are missing the "and" between authpriv and not. Regards, Drew -----Original Message----- From: Chris Wall [mailto:cwall@interaccess.com] Sent: Monday, May 07, 2001 10:50 PM To: syslog-ng@lists.balabit.hu Subject: [syslog-ng]Filter oddity Apologies if this has been covered... I'm trying to fine tune my filtering in syslog-ng combined with some features of 2.4.x iptables/netfilter and portsentry What want to do is log information coming from the log rule in iptables to a specific file without it falling over into my other logs. The default syslog-ng.conf came with this filter: filter f_filter2 { level(info) or facility(mail) or facility(authpriv); }; And I've added this filter: filter f_iptables { level(info) and match(portsentry); }; What I would like to do is use a "not" in the first filter - i.e. filter f_filter2 { level(info) or facility(mail) or facility(authpriv) not match(portsentry); }; however, I get a parse error. I'm using 1.4.11... if I understand the docs right, this ought to be okay, but I'm sure I'm missing something. Any help would be appreciated. _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng