[syslog-ng]filter question: already matched

[James Hamilton]

Hi, I'm having some trouble setting up a filter.  In plain english the rule would read something like below, any suggestions?

Match everything for this host except things that have already been matched for this host then drop them into a messages file.

##
##      hosts messages log
##
destination d_messages {
        file("/var/log/$MONTH/$HOST/$HOST_messages.$MONTH-$DAY-$YEAR"
        owner(root)
        group(staff)
        perm(0640)
        dir_perm(0750)
        create_dirs(yes));
};

filter f_messages {
	(filter(DEFAULT) and host("somehostname"));
};

log {
        source(root);
        filter(f_cron);
        destination(d_cron);
};


-- 

James Hamilton