After messing around with this for several days, I found the problems.
1) you can not use lowercase letters in the match name
2) there are reserved words where if you try to use it as the match name, it dorks everything up (like MSGID). This one had me ripping out my hair and pounding my head on the desk.

Sent: Thursday, March 04, 2010 3:23:59 PM
From: Patrick H. <syslogng@feystorm.net>
To: syslog-ng@lists.balabit.hu
Subject: [syslog-ng] pcre matches

How do you use pcre named pattern matches with store-matches?
I've been trying to do things like
message("IP: (?<ip>\S+)" flags(store-matches) type("pcre"))
and then insert into a database with things like
values("$ip") or values("$+{ip}")
and nothing works.
I cant seem to find any examples of usage through google either.
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html

  