[syslog-ng]Filter pattern matching

[Richard E. Perlotto II]

I seem to be doing something wrong with my pattern
matching and was hoping that some one would help
me.

I am trying to filter out the following:

Dec 13 18:31:48 src@system.domain.com kernel: keyboard.c: can't emulate
rawmode for keycode 272

Here are the matching filters that I am using:

filter      f_db           { not match("emulate rawmode for keycode") or
                             not match("kernel: keyboard.c: "); };

filter      f_discard      { match("emulate rawmode for keycode") or
                             match("kernel: keyboard.c: "); };

The first filter f_db does not seem to prevent these messages from
being written, while the second filter f_discard seems to work just
perfectly in grabbing only those matches.  I would like to filter out
these messages since they are not really of any use to me, but cannot
filter based off of facility, nor level since other messages which
are useful to me would be lost.


Richard