I can't understand how work db-parser, i want to parse a string: m-56767-1333854 79.127.28.54 <mfdesigner@diggitgraphics.com> MessageScore is now 30, after adding 30 (Suspicious HELO - contains IP: '[79.127.28.54]') I wanto to have m-56767-1333854 on $ID_MESSAGE and 79.127.28.54 <mfdesigner@diggitgraphics.com> MessageScore is now 30, after adding 30 (Suspicious HELO - contains IP: '[79.127.28.54]') on $MSG i try with: <patterndb> <ruleset name='assp'> <pattern>assp</pattern> <rules> <rule provider='balabit' id='1' class='system'> <patterns> <pattern>@QSTRING:id_message: @ @QSTRING:msg@</pattern> </patterns> </rule> </rules> </ruleset> </patterndb> But i have the field on db empty. I read link about db-parser usage but i can't resolve... Thanks, Jacopo -- Linux, Windows Xp ed MS-DOS (anche conosciuti come il Bello, il Brutto ed il Cattivo). -- Matt Welsh