--- file_not_specified_in_diff	
+++ file_not_specified_in_diff	
@@ -, +, @@ 
--- syslog-ng.conf.zorry       2009-11-05 17:23:23.000000000 +0100
+++ syslog-ng.conf      2009-11-05 17:21:57.000000000 +0100
@@ -80,10 +80,10 @@ 
 filter f_crit { level(crit); };
 filter f_err { level(err); };
 
-filter f_avc { match(".*avc: .*"); };
-filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
-filter f_pax { match("^PAX:.*"); };
-filter f_grsec { match("^grsec:.*"); };
+filter f_avc { match("^\\[.*\\] .*avc: .*" value("MESSAGE")); };
+filter f_audit { match("^\\[.*\\] audit.*" value("MESSAGE")) and not match(".*avc: .*" value("MESSAGE")); };
+filter f_pax { match("^\\[.*\\] PAX:.*" value("MESSAGE")); };
+filter f_grsec { match("^\\[.*\\] grsec:.*" value("MESSAGE")); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(_syslog); };