Yes, it should. Regards, Drew -----Original Message----- From: Micha Holzmann [mailto:holzmann@mhnet.de] Sent: Monday, February 24, 2003 2:49 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]syslog-ng and regex Hello Andrew, Hamilton, Andrew wrote:

To match a program name you use the program function in the filter.

filter f_antivir { program("antivir"); };

The corresponding syslog messages are:

--- cut here ---- Feb 24 14:00:02 kaliba antivir[1718]: AntiVir is up-to-date Feb 24 15:00:11 kaliba antivir[2451]: AntiVir is up-to-date Feb 24 16:00:02 kaliba antivir[2662]: AntiVir is up-to-date Feb 24 17:02:49 kaliba antivir[2979]: reloaded AntiVir mail scanner successfully Feb 24 17:02:49 kaliba antivir[2979]: AntiVir successfully updated itself (antivir.vdf) --- cut here ----

The filter statement "filter f_antivir { program("antivir"); };" catch syslog messages like these above? Best regards, Micha Holzmann -- UNIX is user friendly, it's just picky about who its friends are