2009-11-05	Magnus Granberg <zorry@ume.nu>, cilly <cilly@cilly.mine.nu>

		Bug #232847 #291259
		* /etc/syslog-ng/syslog-ng.conf		Add support for CONFIG_PRINTK_TIME
		and add value("MESSAGE") to support 3.*

--- syslog-ng.conf.zorry       2009-11-05 17:23:23.000000000 +0100
+++ syslog-ng.conf      2009-11-05 17:21:57.000000000 +0100
@@ -80,10 +80,10 @@
 filter f_crit { level(crit); };
 filter f_err { level(err); };
 
-filter f_avc { match(".*avc: .*"); };
-filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
-filter f_pax { match("^PAX:.*"); };
-filter f_grsec { match("^grsec:.*"); };
+filter f_avc { match("^\\[.*\\] .*avc: .*" value("MESSAGE")); };
+filter f_audit { match("^\\[.*\\] audit.*" value("MESSAGE")) and not match(".*avc: .*" value("MESSAGE")); };
+filter f_pax { match("^\\[.*\\] PAX:.*" value("MESSAGE")); };
+filter f_grsec { match("^\\[.*\\] grsec:.*" value("MESSAGE")); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(_syslog); };