SNMP and SysLog Facilities

I think I have followed all of the steps correctly, but I am not seeing the SNMP traps I am expecting. To write the additions to the syslog config, I used these resources:

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=155

http://sial.org/howto/logging/syslog-ng/

The addition looks like this:

destination d_em { 
    file( 
       "/var/log/em" 
       create_dirs(yes) 
       template("$DATE $HOST <$FACILITY.$PRIORITY> $MSG\n") 
       template_escape(no) 
    ); 
 };

This does change what is recorded to the em log. If I run the logger command:

logger -p local1.alert "testing"

The following is recorded to the em file:

Sep 23 17:04:39 local  alert jeremy: testing

My alert definition looks like this:

alert BIGIP_CUSTOM_ALL_LOCAL1 "(.*?)         snmptrap OID=".1.3.6.1.4.1.3375.1.1.110.205" 
 }

Using WireShark, I don't see any SNMP traps with that OID come out of the BIG-IP. Other traps are working, but this one is not.

Does the match string only match on the $MSG portion of the log line? If so, I don't see how I can use just the syslog config to trigger an SNMP trap. For, I don't think I can modify the $MSG variable.