Hi all, I am trying to filter out some things from my log files using a filter with a NOT command and I can't get it to work. I am running Syslog-ng 1.4.14 on Solaris 8 (SPARC). What I am trying to do in this case is ensure that sudo doesn't get logged into my /var/adm/messages file. Here are the pertinent lines of my config file: options { dir_perm(0755); perm(0640); owner(root); group(wheel); chain_hostnames (no); keep_hostname(yes); }; source local { sun-streams("/dev/log" door ("/etc/.syslog_door") ); internal(); }; filter not_sudo { not facility(local2); }; filter notice_emerg { level(notice...emerg); }; destination messages { file("/var/adm/messages" create_dirs(yes)); }; log { source(local); filter(notice_emerg); filter(not_sudo); destination(message s); }; Now, it is my understanding that the filters are AND'd together so that log statement should basically say "log everything with a level between notice and emergency unless it is facility(local2)." However, I am still getting this is my log files: Dec 30 03:32:24 hqmon /usr/local/bin/sudo: [ID 850335 local2.notice] nobody : TTY=unknown ; PWD=/opt/bb18d ; USER=root ; COMMAND=/usr/sbin/vxdisk check rootdisk Also another filter that dumps everything from facility(local2) does dump all the sudo stuff into a file like I want.. Starting to feel like an idiot since I can't get this to work. Can someone give me some pointers to filtering out just a few cases based on facility or strings? thx, --Chad