Hi all, I'm using the pattern-db to extract values from a firewall's log. This far, everything's working great. The log looks something like this: Jan 20 2016 21:48:45: %ASA-7-746012: user-identity: Add IP-User mapping 10.10.99.7 - LOCAL\alex Succeeded - VPN user Using pdbtool and matching the log against the xml pattern file, this is showing me good results : :$pdbtool match -P "%ASA-7-746012" -M "user-identity: Add IP-User mapping 10.10.99.7 - LOCAL\alex Succeeded - VPN user" -p /etc/syslog-ng/patterndb.d/vpn-parser-up.xml -D -c Pattern matching part: user-identity: Add IP-User mapping @IPv4:VPN_IP=10.10.99.7@ - LOCAL\ @STRING:VPN_USER=alex@ Succeeded - VPN user Matching part: user-identity: Add IP-User mapping 10.10.99.7 - LOCAL\alex Succeeded - VPN user Values: MESSAGE=user-identity: Add IP-User mapping 10.10.99.7 - LOCAL\alex Succeeded - VPN user PROGRAM=%ASA-7-746012 .classifier.class=vpn.access_log .classifier.rule_id=019045a7383c252e57c20435ae5bf86c VPN_IP=10.10.99.7 VPN_USER=alex TAGS= Here's the xml file <patterndb version='4' pub_date='2015-12-22'> <ruleset id='04ba26e756011614c57cf469fed7b5c0' name='%ASA-7-746012'> <pattern>%ASA-7-746012</pattern> <rules> <rule class='vpn.access_log' id='019045a7383c252e57c20435ae5bf86c' provider='alex'> <patterns> <pattern>user-identity: Add IP-User mapping @IPv4:VPN_IP@ - LOCAL\@STRING:VPN_USER@ Succeeded - VPN user</pattern> </patterns> </rule> </rules> </ruleset> </patterndb> Now, the problem lies on the destination which is using the smtp driver. destination vpn_mail_up { smtp( host("x.x.x.x") port(25) from("alex@x.y" "alex@x.y") to("${VPN_USER}@x.y") subject("vpn connection") body("vpn connection from ${VPN_USER} with IP: ${VPN_IP}\n") ); }; The variable is functional inside the body() but not in the to() field. Here's a dump I extracted directly from the server on the tcp session to the mail server: RCPT.TO:<${VPN_USER}@x.y>.. BDAT.411.. X-Mailer:.syslog-ng.3.5.6.. Date:.Wed,.20.Jan.2016.21:51:51.+0100.. From:.alex@x.y.. Message-Id:.<1453323111.149975.19608@debian>.. To:."${VPN_USER}@x.y".<${VPN_USER}@x.y>.. Subject:.vpn.connection.. .BDAT.68..vpn.connection.from.alex..with.IP:.10.10.99.7.BDAT.2.LAST.. The variable is being populated in the body message but not the recipient. Is there any chance the variable could only be used once (!?) or not being able to be used inside the to() ? Regards, Alex