syslogng parser issues


I can only assume I am not implementing this correctly. :-)

But I have a parser I am trying to use so I can take a subset of the
information of a message and send that subset to another receiver.
This is the whole message:

<13>Feb  4 18:40:17 myhost syslogng: 2012-02-04T18:40:17-08:00
myhostserver-http /tmp/logs/access_log    Hi Mom

What I want to do is send out the message as :

<13>Feb  4 18:40:17 myhost syslogng: Hi Mom

Notice how I dropped the middle part out.

From what I have read, the parser acts on the message body alone. Is
this correct?
So I set it up to look for four(4) columns of data and to be "greedy"
on the last column.

I have played around with the number of columns and even used a
rewrite function instead. But the Parser continues to produce empty
variables.  And my template just echos out my default value.

Any thoughts?


 parser p_et_logmessage {
       csv-parser(
               #columns("ETMSG")
               #columns("ETMSG.ISODATE")
               columns("ETMSG.ISODATE", "ETMSG.EASI", "ETMSG.SOURCE",
"ETMSG.BODY")
               delimiters(" ")
               #template("${MSG}")
               flags(greedy)
       );
};

rewrite r_rewrite_set{set('${ETMSG.BODY:-nothing}', value("MESSAGE"));};

template t_et_basic_logmessage {
            template("${ETMSG.BODY:-nothing}\n"); template_escape(no); };


destination destination_info {
       tcp("host2" port(8080)
               template(t_et_basic_logmessage)
               log_disk_fifo_size(32212254720)
       );
};

log {
       source(INTAKE);
       parser(p_et_logmessage);
       destination(destination_info);
};