Hello All, i have a few questions about syslog-ng message parsing is it possible to scan each syslog message for system-notification*(traffic) once this matches, to insert the values !splitted! into a database with the the following fields: device_id start_time duration policy_id service ip_proto src_zone dst_zone action sent rcvd src_ip dst_ip src_port dst_port src_xlated_ip dst_xlated_ip port session_id the whole message looks like this: Oct 3 15:35:32 172.10.0.10 NS50: NetScreen device_id=NS50 [No Name]system-notification-00257(traffic): start_time="2005-10-03 15:01:37" duration=21 policy_id=1 service=https proto=6 src zone=Trust dst zone=Untrust action=Permit sent=2454 rcvd=1601 src=172.18.12.10 dst=172.17.10.24 src_port=1458 dst_port=443 src-xlated ip=172.18.12.113 port=1458 session_id=63649 i was able to filter certain messages, but never to split up the real "message field". Any help with examples would be great im using syslog-ng 1.6.8 Cheers and thank's in advance Marco -- GMX DSL = Maximale Leistung zum minimalen Preis! 2000 MB nur 2,99, Flatrate ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl