file "/var/log/bgp" { reset "ADJCHANGE: neighbor .* Up" {}; path " rcvd UPDATE w.* path (([0-9]| )*[0-9])" { index_path 1; }; announce " rcvd (([0-9]|\.)*)/([0-9]*)$" { index_value 1; index_length 3; }; withdraw " rcvd UPDATE about (([0-9]|\.)*)/([0-9]*) -- withdrawn" { index_value 1; index_length 3; }; }; file "/var/log/maillog" { ip "NOQUEUE: connect from.* \[(.*)\]" { index_ip 1; }; };