I've been googling around the last few days looking for a solid example of how to regex a log entry for desired data, which is then to be inserted into a database, but apparently my google-fu is lacking.

What I am trying to do is track when an email is sent, and then track the remote mta response, specifically the dsn code. At this point I have two templates setup for each situation:

# /etc/rsyslog.conf
...
$Template tpl_custom_header, "MPurcell: CUSTOM HEADER Template: %msg%\n"
$Template tpl_response_dsn, "MPurcell: RESPONSE DSN Template: %msg%\n"

# /etc/rsyslog.d/mail
if $programname == 'mail-myapp' then /var/log/mail/myapp.log
if ($programname == 'mail-myapp') and ($msg contains 'X-custom_header') then /var/log/mail/test.log;tpl_custom_header
if ($programname == 'mail-myapp') and ($msg contains 'dsn=') then /var/log/mail/test.log;tpl_response_dsn
& ~

Example log entries:

MPurcell: CUSTOM HEADER Template:  D921940A1A: prepend: header X-custom_header: 101 from localhost[127.0.0.1]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<localhost>: headername: message-id

MPurcell: RESPONSE DSN Template:  D921940A1A: to=<[email protected]>, relay=gmail-smtp-in.l.google.com[2607:f8b0:400e:c02::1a]:25, delay=2, delays=0.12/0.01/0.82/1.1, dsn=2.0.0, status=sent (250 2.0.0 OK 1372378600 o4si2828280pac.279 - gsmtp)

From the CUSTOM HEADER Template I would like to extract: D921940A1A, and X-custom_header value; 101

From the RESPONSE DSN Template I would like to extract: D921940A1A, and "dsn=2.0.0"