[syslog-ng] Problems with syslog-ng 1.0.4

[Cristiano Lincoln Mattos]

Hi,

	Im trying to replace syslog with syslog-ng at my 
site.  Version 1.0.4, libc5 (rh42).  Everything compiled
fine, but i am having trouble getting the equivalent to 
this syslog line below to work:

*.info;mail.none;authpriv.none                         
/var/log/messages

	Here is what i tried:

source local { udp 0.0.0.0,514; unix-stream /dev/log; };
destination d_messages { file /var/log/messages; };
destination d_authpriv { file /var/log/secure; };
destination d_mail { file /var/log/maillog; };
filter f_mail { facility mail; };
filter f_authpriv { facility authpriv; };
filter f_mess { priority info; not facility mail; not facility authpriv;
};
log { source local; filter f_mail; destination d_mail; };
log { source local; filter f_mess; destination d_messages; };
log { source local; filter f_authpriv; destination d_authpriv; };

	When i generate messages for mail.notice, it goes to 
/var/log/messages *and* /var/log/maillog, and when i generate them
for authpriv.notice, they go to /var/log/messages *and* to 
/var/log/secure, which is wrong (they are not supposed to go
to /var/log/messages).

	The strange thing is, if i try this filter line:
filter f_mess { priority info; not facility mail; };
	.. and generate messages for mail.notice, it goes
(correctly) to only /var/log/maillog.
	Also, if i try this:
filter f_mess { priority info; not facility authpriv; };
	... and generate messages for authpriv.notice, it goes
(correctly) to only /var/log/authpriv.

	So... if i put both together, it doesn't work, if
i put each one separately, they do.  Is this correct?  Is
there any other way i can use that syslog-type line?

	PS: i tried using the conf-convert.pl script, and
it did not work, either.

Thank you,
-- 

Cristiano Lincoln Mattos			Recife / Brazil