--- ipfw2sql	Fri May  2 13:49:14 2003
+++ /root/ipfw/ipfw2sql	Tue Dec 16 11:30:19 2003
@@ -7,9 +7,9 @@
 use Pg; # ports/database/p5-Pg
 
 my $pg_host = "localhost";
-my $pg_user = "pgsql";
+my $pg_user = "syslog";
 my $pg_pass = "";
-my $pg_db = "pgsql";
+my $pg_db = "syslog";
 
 sub nz($) {
 	return defined($_[0]) ? $_[0] : "";
@@ -87,7 +87,7 @@
 	my($lbuf) = @_;
 	my @v = split(/ +/, $lbuf);
 	my @ret = ();
-	my($m, $d, $HMS, $deny, $proto, $sip, $sport, $dip, $dport);
+	my($m, $d, $HMS, $deny, $proto, $protosub, $sip, $sport, $dip, $dport);
 	if ($#v >= 13) {
 		my $ok = 0;
 		if ($#v >= 18) {
@@ -103,6 +103,7 @@
 				$p =~ tr/A-Z/a-z/;
 				#printf("proto %s\n", $p);
 				$proto = defined($proto{$p}) ? $proto{$p} : 0;
+				$protosub = "";
 				$deny = 1;
 				($sip, $sport) = split(/,/, $src . ",0");
 				($dip, $dport) = split(/,/, $dst . ",0");
@@ -115,19 +116,22 @@
 				$m = $mon{$v[0]};
 				$d = $v[1];
 				$HMS = $v[2] . ".000000";
-				$deny = $v[7] =~ /Deny/i;
-				my $p = $v[8];
+				$deny = $v[7] =~ /Deny/i ? 1 : 0;
+				my $p;
+				my $psub;
+				($p,$psub) = split(/:/,$v[8],2);
 				my $src = $v[9];
 				my $dst = $v[10];
 				$p =~ tr/A-Z/a-z/;
 				$proto = defined($proto{$p}) ? $proto{$p} : 0;
+				$protosub = $psub ? $psub : "";
 				($sip, $sport) = split(/:/, $src . ":0");
 				($dip, $dport) = split(/:/, $dst . ":0");
 				$ok = 1;
 			}
 		}
 		if ($ok) {
-			@ret = ($m, $d, $HMS, $deny, $proto, $sip, $sport, $dip, $dport);
+			@ret = ($m, $d, $HMS, $deny, $proto, $protosub, $sip, $sport, $dip, $dport);
 		}
 	}
 	return @ret;
@@ -145,14 +149,14 @@
 	autoflush(\*STDOUT, 1);
 	while ($lbuf = <>) {
 		chomp($lbuf);
-		my($m, $d, $HMS, $deny, $proto, $sip, $sport, $dip, $dport) = parse($lbuf);
+		my($m, $d, $HMS, $deny, $proto, $protosub, $sip, $sport, $dip, $dport) = parse($lbuf);
 		if (defined($m)) {
 			if ($copy) {
-				printf("%d-%d-%d %s+%d\t%d\t%d\t%s\t%d\t%s\t%d\n", $Y, $m, $d, $HMS, $tz, $deny, $proto, $sip, $sport, $dip, $dport);
+				printf("%d-%d-%d %s+%d\t%d\t%d\t%s\t%s\t%d\t%s\t%d\n", $Y, $m, $d, $HMS, $tz, $deny, $proto, $protosub, $sip, $sport, $dip, $dport);
 			}
 			else {
 				my $date = "$Y-$m-$d $HMS+$tz";
-				post1("ipfw", $date, $deny, $proto, $sip, $sport, $dip, $dport);
+				post1("ipfw", $date, $deny, $proto, $protosub, $sip, $sport, $dip, $dport);
 			}
 		}
 		else {