I have several remote servers that are logging via regular syslog to my central syslog-ng server. This is working fine. Now, I have several distinct messages from different servers that I want to filter to a single log file (without having anything else in this file). I have tried setting it up but I'm having problems... 1.) I have made six filter lines in syslog-ng.conf that contain the host/message combination I want to put in my special log. I have named these six filters the same name (f_interest). I then have a log line that contains the name of the filer (the filter name is used for six filter declarations), and the destination for the file I want to log to. My problem/question is, How does syslog-ng handle multiple filters that have the same name? Each of these 6 filters contain a host and word match I want to have interpreted. My problem is nothing is getting logged to my log. Does syslog-ng somehow combine these 6 filters because they have the same name? I want each one to be interpreted separately from the others with the same name. I only named them the same to prevent having to make 6 different log directives to the same file. 2.) How do I do a multiple not match. For instance I want to log messages from serverA that do NOT contain the text, message1, or message2, or message3, but log everything else from serverA. Right now I do... filter f_interest { not match("(message1|message2|message3)") and host(serverA); }; Does that look right? Thanks in advance!!