Hello, I'm new to syslog-ng and I'm trying to match my DNS logs. I have either Dec 6 01:44:49 mydnsserver named[66669]: client @0x53f33c122d0 1.2.3.4#56610 (my.original.query.com): query: my.qname.com IN A -E(0)DC (1.1.1.1) or Dec 6 01:44:49 mydnsserver named[66669]: client @0x53f33c122d0 1.2.3.4#56610 (my.original.query.com): query: my.qname.com IN A -E(0)DC (1.1.1.1) [ECS 192.168.0.0/24/0] So the field [ECS 192.168.0.0/24/0] is optional and either exist or not To match fields I use this pattern <pattern>client @@@ESTRING:dns_clientid: @@IPvANY:src_ip@#@NUMBER:src_port@ (@ESTRING:dns_original_query:)@: query: @ESTRING:dns_qname: @IN @ESTRING:dns_type: @@ESTRING:dns_record_flags: @(@IPvANY:dns_server@)</pattern> and it matches both lines for the existing fields But how can I match this optional part at the end of the line: [ECS 192.168.0.0/24/0] Should I use @PCRE@ ? Or is it possible with other pattern parsers If yes why use other pattern parsers and not build the matching around @PCRE@ for the entire line which would make think simple to translate from grok or other tools. Thank you