Hi I'm having problem using the match() filter in my syslog-ng.conf file. I have a log file below which i'm trying to seperate the events to different log files based on the filed variables "[commonservices]" and "[fx]". eb 9 13:05:28 lonrs00341/lonrs00341 [commonservices] 2007-02-09 13:05:28,131 [Thread-19] DEBUG - StringCache Party Preference Total Cache refreshed in 250ms. Feb 9 13:05:28 lonrs00341/lonrs00341 [commonservices] 2007-02-09 13:05:28,771 [Thread-27] DEBUG - Sent heartbeat Feb 9 13:05:47 lonrs00341/lonrs00341 [fx] 2007-02-09 13:05:47,242 [QuoteStore cleanup] DEBUG - [2007-02-09 13:05:47.242] [lonrs00341] [DEBUG] [QuoteStore cleanup] [unknown] [] [] [] QuoteStore: Running cleanup thread Feb 9 13:05:47 lonrs00341/lonrs00341 [fx] 2007-02-09 13:05:47,812 [Thread-7] DEBUG - [2007-02-09 13:05:47.812] [lonrs00341] [DEBUG] [Thread-7] [unknown] [] [] [] QuoteStoreNotification from [lonrs00320] to add trade 376771,Source=RBSTrade,state=Start Feb 9 13:05:47 lonrs00341/lonrs00341 [fx] 2007-02-09 13:05:47,812 [Thread-7] DEBUG - [2007-02-09 13:05:47.812] [lonrs00341] [DEBUG] [Thread-7] [unknown] [] [] [] QuoteStore: Added Quote '10065.EUR.GBP.2/13/07 12:00 AM', tradeId=376771 my syslog-ng.conf looks like this filter f_common { match("[commonservices]"); }; filter f_fx { match("[fx]"); }; filter f_core { match("[core]"); }; log { source(remote); filter(f_common); destination(common); }; log { source(remote); filter(f_fx); destination(fx); }; log { source(remote); filter(f_core); destination(core); }; however the 3 seperate log files are created but events are still all mixed up in each log file instead of being filtered accordingly. Some help would be appreciated. Thanks Leena Regards Leena Patel | Royal Bank of Scotland Global Banking & Markets | E-Commerce | Desk: +44 (0) 207 085 0692 *********************************************************************************** The Royal Bank of Scotland plc. Registered in Scotland No 90312. Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. Authorised and regulated by the Financial Services Authority This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by The Royal Bank of Scotland plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate. Visit our websites at: www.rbs.com www.rbsgc.com www.rbsmarkets.com ***********************************************************************************