--- syslog-ng.conf.gentoo.hardened.original.txt	2008-07-24 20:07:31.000000000 +0200
+++ syslog-ng.conf.gentoo.hardened	2008-07-24 18:29:50.000000000 +0200
@@ -1,6 +1,6 @@
 # Copyright 2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.5 2007/10/30 17:16:15 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-admin/syslog-ng/files/syslog-ng.conf.gentoo.hardened,v 1.5 2007/10/30 17:16:15 solar Exp $
 
 #
 # Syslog-ng configuration file, compatible with default hardened installations.
@@ -84,10 +84,11 @@
 filter f_crit { level(crit); };
 filter f_err { level(err); };
 
-filter f_avc { match(".*avc: .*"); };
-filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
-filter f_pax { match("^PAX:.*"); };
-filter f_grsec { match("^grsec:.*"); };
+# grsec & pax
+filter f_avc { match("^\\[.*\] .*avc: .*"); };
+filter f_audit { match("^\\[.*\] audit.*") and not match(".*avc: .*"); };
+filter f_pax { match("^\\[.*\] PAX:.*"); };
+filter f_grsec { match("^\\[.*\] grsec:.*"); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(syslog); };