- ($day,$time,$pid,$op,$host,$ip,$module,$user,$bytes,$file) = split(' ', $_, 10);
- next unless defined $file;
-
- next if $op ne 'send' && $op ne 'recv';
+my $syslog_prefix = '\w\w\w +\d+ \d\d:\d\d:\d\d \S+ rsyncd';
+my $rsyncd_prefix = '\d\d\d\d/\d\d/\d\d \d\d:\d\d:\d\d ';
+
+ next unless ($day,$time,$op,$host,$module,$file,$bytes)
+ = m{^
+ ( \w\w\w\s+\d+ | \d+/\d\d/\d\d ) \s+ # day
+ (\d\d:\d\d:\d\d) \s+ # time
+ [^[]* \[\d+\]:? \s+ # pid (ignored)
+ (send|recv|[<>]f\S+) \s+ # op (%o or %i)
+ (\S+) \s+ # host
+ \[\d+\.\d+\.\d+\.\d+\] \s+ # IP (ignored)
+ (\S+) \s+ # module
+ \(\S*\) \s+ # user (ignored)
+ (.*) \s+ # file name
+ (\d+) # file length in bytes
+ $ }x;
+
+ # TODO actually divide the data by into send/recv categories
+ if ($op =~ /^>/) {
+ $op = 'send';
+ } elsif ($op =~ /^</) {
+ $op = 'recv';
+ }