Hi, I'm having hard time getting db-parser functionality to work. This is my syslog-ng config (omitted irrelevant stuff; some lines may be split due to line wrappings in my MUA): @version: 3.0 source s_sys { file ("/proc/kmsg"); unix-stream ("/dev/log" flags(no-multi-line)); internal(); }; destination d_test { file("/var/log/test.log" template("$HOUR:$MIN:$SEC $TZ $HOST [$LEVEL] ${.classifier.class} ${MSGONLY} ${FOO.BAR}\n") template_escape(no)); }; parser p_test { db-parser(file(/etc/syslog-ng/test.xml)); }; filter f_test { program("logger" type(string)); }; log { source(s_sys); filter(f_test); parser(p_test); destination(d_test); }; My pattern db (test.xml) is as simple as: <patterndb version='1' pub_date='2009-05-16'> <program name='logger'> <pattern>param</pattern> <rules> <rule provider='tester' id='666' class='security'> <description>Test rule</description> <pattern>param1=@IPV4:FOO.BAR@</pattern> </rule> </rules> </program> </patterndb> Syslog-ng has no trouble loading it on startup, as suggested by these lines in /var/log/messages: May 30 00:17:37 atest1 syslog-ng[8681]: Log pattern database reloaded; file='/etc/syslog-ng/test.xml', version='1', pub_date='2009-05-16' May 30 00:17:37 atest1 syslog-ng[8681]: syslog-ng starting up; version='3.0.2' I'm testing db-parser, by issuing: $ echo param1=1.2.3.4 param2=abcde | logger -i $ And this is what I get in /var/log/test.log: 00:17:38 +02:00 atest1 [notice] unknown param1=1.2.3.4 param2=abcde Clearly not what I wanted. Seems like my parser doesn't match anything, as ${FOO.BAR} is empty. Can you shed some light on my problem? Am I doing something obviously wrong? Db-parser functionality is neat, but it lacks documentation - I base on Balázs' presentation and some blog posts only. Thanks in advance, Jakub -- Jakub Jankowski|shasta@toxcorp.com|http://toxcorp.com/ GPG: FCBF F03D 9ADB B768 8B92 BB52 0341 9037 A875 942D