--- sysplogd	2009/04/11 09:52:59	8
+++ sysplogd	2009/04/17 10:04:02	20
@@ -8,24 +8,31 @@
 use DBI;
 use Getopt::Long;
 
-my $port = 514;
+our $port = 514;
+our $MAXLEN = 1524;
 
-my $MAXLEN = 1524;
+our $dsn    = 'DBI:Pg:dbname=syslog';
+our $user   = 'dpavlin';
+our $log    = '/tmp/sysplog.log';
+
+my $config = $0;
+$config =~ s{/[^/]+$}{/conf.pl};
+if ( -e $config ) {
+	require $config;
+	warn "# using $config ", -s $config, $/;
+}
 
-my $dsn    = 'DBI:Pg:dbname=syslog;host=llin.lan';
-my $user   = 'dpavlin';
 my $debug  = 0;
 my $schema = 0;
-my $log    = '/tmp/sysplog.log';
 
 GetOptions(
 	'debug+'  => \$debug,
 	'schema!' => \$schema,
 	'log=s'   => \$log,
+	'port=i'  => \$port,
 ) || die "usage: $0 --debug --schema\n";
 
-my @facilities = ( qw/
-/ );
+our $VERSION = '0.00';
 
 my $sql_schema = q{
 
@@ -40,7 +47,6 @@
 	id		serial,
 	timestamp	timestamp default now(),
 	ip		inet not null,
-	hostname	text not null,
 	message		text,
 	level		int,
 	facility	int,
@@ -81,12 +87,12 @@
 
 my $sth_log_full = $dbh->prepare(qq{
 	insert into log
-	(ip,hostname,message,level,facility,program,pid)
-	values (?,?,?,?,?,?,?)
+	(ip,message,level,facility,program,pid)
+	values (?,?,?,?,?,?)
 });
 
 my $sth_log_unparsed = $dbh->prepare(qq{
-	insert into log (ip,hostname,messsage) values (?,?,?)
+	insert into log (ip,message) values (?,?)
 });
 
 
@@ -105,21 +111,32 @@
 
 _log "INFO: listen on $port";
 
-my $rin = '';
 my $buf;
 while(1) {
 	$sock->recv($buf, $MAXLEN);
 	my ($port, $ipaddr) = sockaddr_in($sock->peername);
-	my $hostname = gethostbyaddr($ipaddr, AF_INET);
+#	my $hostname = gethostbyaddr($ipaddr, AF_INET);
 	my $ip = join('.', unpack('C4',$ipaddr));
-	my @values = ( $ip, $hostname, $buf );
+	my @values = ( $ip, $buf );
 
-	if ( $buf =~ /<(\d+)>\s*(\S*)\s*:\s*(.*)/ ) {
-		$values[2] = $3;
+	if ( $buf =~ s/<(\d+)>// ) {
 		my $level    = $1 % 8;
 		my $facility = ( $1-$level ) / 8;
-		my $program  = $2;
-		my $pid      = $1 if $program =~ s/\[(\d+)\]$//;
+	
+		$buf =~ s/^\w\w\w \d+ \d\d:\d\d:\d\d//;	# strip timestamp which some syslog servers insert here
+
+		my ( $program, $pid );
+
+		if ( $buf =~ s/^\s*([^:]+)\s*:\s*// ) {
+			$program = $1;
+			if ( $program =~ s/\[(\d+)\]$// ) {
+				$pid = $1;
+			} elsif ( $buf =~ s/^(\d+):\s*// ) {
+				$pid = $1;
+			}
+		}
+
+		$values[1] = $buf;
 		push @values, ( $level, $facility, $program, $pid );
 		$sth_log_full->execute( @values );
 	} else {