Here are the slides from my PDX.pm talk this week. A link to the accompanying podcast will be along soon.
Thanks for the lively discussion!
 Clarification of two items from the podcast:
– multiline messages do indeed come in multiple packets. There is a message counter that increments for each message, so you could use the host name + message counter to match up multi-line messages. For what I’m doing, the important part is in that first line, so the payoff isn’t worth the investment.
– re hypens in the mnemonic field of the system message: I went back through and wasn’t able to find any examples of this, so I retract my statement. (I do have examples of system messages with hyphens in the facility field.)