can you try this "@STRING::/@/@STRING:lastName:-._@ " This should match alphanumerics including / but followed by a / and a string of alphanumerics including -._that does not include a / and then followed by a space (I forget what your original text to match on looks like. Evan Michael Starks <syslog-ng-list@michaelstarks.com> wrote: On 06/19/2012 11:24 AM, Martin Holste wrote:

If you know this will be the rest of the message, you can use a capturing @ANYSTRING:var:@ to grab everything left in the message.

Thanks. I have tried @ANYSTRING@ but as I suspected it starts matching on the first / since the pattern is being read left-to-right. What ends up happening is that the entire file path is included. I still don't see a way to capture everything between the last / and the ' without knowing in advance how deep the path will be. ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq