[syslog-ng]syntax for escaped characters

[Mike Pepe]

OK, I'm trying to figure out what the correct syntax for a match is.

I'm trying to match crond(pam_unix)

filter f_cron_pam  { match("crond(pam_unix)"); };

Doesn't match.

filter f_cron_pam  { match("crond\(pam_unix\)"); };

Doesn't match.

something about the parenthesis it doesn't like, because:

filter f_cron_pam  { match("crond") and match("pam_unix"); };

does match. It's just kind of an ugly way around it.

Anyone know what the right way to do this is?