I try use syslog-ng to cut out some annoying messages from our message file. The check_mk nagios client is polling every 5 minutes. So the user root su to nagios and
this is reported in /var/log/messages. I create a filter to move the messages to /var/log/su/nagios

# SU NAGIOS Filters
filter f_su { match('to nagios'); };

# SU Logging
destination sude { file("/var/log/su/nagios"); };

log { source(src); filter(f_su); destination(sude); flags(final); };

My problem now is that the messages are reported in both files.
Does anyone can tell me what I have to change that these massages only will stored in the /var/log/su/nagios file.

Aditional question: Why SLES is using syslog-ng in version 1.x does it make sense to upgrate to syslog-ng V3 ?