Hello, i have a few questions about the message parser, basically i want to parse/split up the MESSAGE field itself and write the splitted up message in a mysql database, i cant find any documents about how this can be done, do i need an external parser (perl or whatever) or can this be done within syslog-ng.conf? right now i just can write the whole message to the mysqldb syslog-ng.conf template("INSERT INTO logs (host, facility, priority, level, tag, date,time, program, msg) VALUES ( '$HOST', '$FACILITY','$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); so it gets written to the database in this way: INSERT INTO logs (host, facility, priority, level, tag, date,time, program, msg) VALUES ( '10.44.10.253', 'local4','notice', 'notice', 'a5', '2006-06-29', '14:39:46', 'NS25', 'NS25: NetScreen device_id=NS25 [Root]system-notification-00257(traffic): start_time=\"2006-06-29 14:38:38\" duration=0 policy_id=95 service=http proto=6 src zone=Untrust dst zone=Untrust action=Deny sent=0 rcvd=0 src=10.10.10.225 dst=208.174.52.61 src_port=2042 dst_port=80 session_id=0' ); now i want to split up the message part itself system-notification traffic, insert the start_time/duration/policy_id/service/proto/src-zone etc etc in a different table this perl script http://www.optekconsulting.com/tools/nstf.pl has every field i need, Any Help is really welcome Cheers Hubert -- Die e-Mail-Boxes von Brennercom sind Virus-gesichert und Spam-gefiltert. Le caselle e-Mail di Brennercom sono protette da sistemi antivirus e antispam. http://www.brennercom.it