Howdy, I am using syslog-ng 3.0.4, and am encountering a bizarre issue where a small percentage of messages don't match the following filter: filter f_hosts { (host("192.168.1.2") or host("192.168.1.3") or host("192.168.1.4")); }; log { source(network); filter(f_hosts); destination(d_messages); flags(final); }; log { source(network); destination(d_catchall); }; When the hosts 192.168.1.[2-4] send messages to our syslog-ng server, 99% of the time they are routed to the d_messages destination. But in a few rare cases, messages similar to the following don't match and are send to the d_catchall destination: Text data: Syslog message: KERN.INFO: Oct 19 14:54:55 \t<STK T10000B > Raw data: <6>Oct 19 14:54:55 <STK T10000B > I verified the SRC IP address for the message in question is correct, and I also ran syslog-ng with the -d -e and -F options to watch message processing. For some reason syslog-ng doesn't match against the filter listed above, which is quite bizarre. I also tried enabling the 'no-parse' flag, but that doesn't appear to help either. Has anyone experienced this issue? Any thoughts on how to debug this issue further? Thanks, - Ryan