I setup a match line to match the string "attackalert" from portsentry, and I pipe this off to a script that mails it to me. This works great, but I get emails with "<29>" prepended to it. Example: <29>Nov 5 12:46:37 skitzo portsentry[121]: attackalert: Host 209.202.221.43 has been blocked via dropped route using command: "/usr/local/sbin/iptables -I INPUT -s 209.202.221.43 -j DROP" I just setup sqlsyslogd to output to a mysql database from a program() destination, and it prepends the <29> to the messages sent there as well. I checked out http://www.ietf.org/rfc/rfc3164.txt and it looks like this is a priority. How can I keep this from showing up in the output? I hacked sqlsyslogd to print the string from 4 chars into the timestamp, so my mysql inputs are clean, but what do I do to clean up the mail? -- Nate Campi http://www.campin.net GnuPG key: 0xC17AEF79 Key fingerprint = BF12 722F 8799 E614 33CC FAB7 5A90 C464 C17A EF79