--- syslog-ng.conf.orig	2009-05-26 09:22:25.081365921 -0400
+++ syslog-ng.conf	2009-05-26 10:15:32.987393297 -0400
@@ -84,10 +84,11 @@
 filter f_crit { level(crit); };
 filter f_err { level(err); };
 
+# grsec & pax
 filter f_avc { match(".*avc: .*"); };
-filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
-filter f_pax { match("^PAX:.*"); };
-filter f_grsec { match("^grsec:.*"); };
+filter f_audit { ( match("^\\[.*\] audit.*") or match("^audit.*") ) and not match(".*avc: .*"); };
+filter f_pax { match("^\\[.*\] PAX:.*") or match("^PAX:.*"); };
+filter f_grsec { match("^\\[.*\] grsec:.*") or match("^grsec:.*"); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(syslog); };