--- /etc/syslog-ng/syslog-ng.conf.old	2009-11-13 13:55:03.078049951 +0100
+++ /etc/syslog-ng/syslog-ng.conf	2009-11-13 13:57:20.901904084 +0100
@@ -80,10 +80,12 @@
 filter f_crit { level(crit); };
 filter f_err { level(err); };
 
-filter f_avc { match(".*avc: .*"); };
-filter f_audit { match("^audit.*") and not match(".*avc: .*"); };
-filter f_pax { match("^PAX:.*"); };
-filter f_grsec { match("^grsec:.*"); };
+# <H4xX0Rz1sT@eyeq.de> newer kernels _MIGHT_ have kernel time prefix with CONFIG_PRINTK_TIME set, see #232847
+# <H4xX0Rz1sT@eyeq.de> syslog-ng 3.x deprecates old match() syntax, use message() as equivalent, see #291259
+filter f_avc { message(".*avc: .*"); };
+filter f_audit { message("^(\\[.*\\] )?audit.*") and not message(".*avc: .*"); };
+filter f_pax { message("^(\\[.*\\] )?PAX:.*"); };
+filter f_grsec { message("^(\\[.*\\] )?grsec:.*"); };
 
 log { source(src); filter(f_authpriv); destination(authlog); };
 log { source(src); filter(f_syslog); destination(_syslog); };