Hi there, I know I shouid search the archive first before I ask. So I did that and here is the question that I haven't found an answer... I want to create a filter to capture certain messages from syslog. The message I want to match is something like this: "[out-proxy]: tcp from 192.168.10.28-3933 to 216.191.40.60-80 established". I tried 1. match("\[out-proxy\]: .*tcp from .* to .*-80 established"); 2. match("\[out-proxy]: .*tcp from .* to .*-80 established"); 3. match("[out-proxy]: .*tcp from .* to .*-80 established"); 4. match(".*out-proxy.*: .*tcp from .* to .*-80 established"); Only #4 works. It seems that it doesn't understand "[" and "]" and esc"\". I want a exact match for "[out-proxy]" anyway. So how to do that? Thanks in advance! Andy Internetworking Applications Engineer JETNET InternetWorking Services Inc. Email : aning@jetnet.ca Web : http://www.jetnet.ca Phone : (613) 237-5995 x 369 Fax : (613) 271-6229