Hi, I am trying to parse data elements out of a variable number of log lines that all are associated by a single unique key. Specifically - they are Cisco IronPort email logs that have various "ID" fields (MID - message ID is the most common) Essentially I want to pull the MID out of the line marked marked: "Start MID (\d+) <other stuff>" and then process every line that matches that specific MID value as part of the message. Note: they all have this string included somewhere: "MID (\d+) " Up to a reasonable timeout - or ended by: "Message finished mid (\d+) done" with the matching ID. Is this possible with syslog-ng? (OSE or PE?) I thought I had seen something using patterndb but I cannot seem to find the reference Clearly there will be interleaved lines with *different* MIDs that need to be processed independently. Thanks in advance! Jim