Hi Every one, I am new to concept of syslog-ng configuration. Already syslog-ng configured in linux server We have 6 syslog-ng server 4 location syslog-ng server receives logs from all the syslog client .. working fine 1 centralized syslog-ng (server receives log from 4 locations ....... working fine 1 we have tcim syslog-ng server receives logs from centralized syslog-ng server... it was working before for both solaris and linux . Now suddenly not collecting logs only for linux. No changes were made. Centalized syslog-ng configuration file options { log_fifo_size(8192); create_dirs(yes); group(sysgrp); dir_group(sysgrp); dir_perm(0750); perm(0440); chain_hostnames(no); keep_hostname(yes); stats(3600); use_fqdn(yes); use_time_recvd(yes); }; Standard filters # Level Filters filter f_emerg { level (emerg); }; filter f_alert { level (alert .. emerg); }; filter f_crit { level (crit .. emerg); }; filter f_err { level (err .. emerg); }; filter f_warning { level (warning .. emerg); }; filter f_notice { level (notice .. emerg); }; filter f_info { level (info .. emerg); }; filter f_debug { level (debug .. emerg); }; # Facility Filters filter f_kern { facility (kern); }; filter f_user { facility (user); }; filter f_mail { facility (mail); }; filter f_daemon { facility (daemon); }; filter f_auth { facility (auth); }; filter f_authpriv { facility (authpriv); }; filter f_syslog { facility (syslog); }; filter f_lpr { facility (lpr); }; filter f_news { facility (news); }; filter f_uucp { facility (uucp); }; filter f_os_unix { not program(EvntSLog) and not program(NetScreen) and not match ("NetScreen device_id") and not match ("%AAA-") and not match ("%AUTH-") and not match ("%AUTHPRIV-") and not match ("%CALLHOME-") and not match ("%CDP-") and not match ("%EARL-") and not match ("%FILESYS-") and not match ("%IMAGE_DNLD-SLOT") and not match ("%IP-") and not match ("%KERN-") and not match ("%LICMGR-") and not match ("%LINEPROTO-") and not match ("%LINK-") and not match ("%MCAST-") and not match ("%MODULE-") and not match ("%OSPF-") and not match ("%PLATFORM-") and not match ("%PRUNING-") and not match ("%PORT-") and not match ("%SPANTREE-") and not match ("%SYS-") and not match ("%UDLD-") and not match ("%VSHD-") source s_local { unix-stream("/dev/log"); udp(ip(0.0.0.0) port(514)); tcp(ip(0.0.0.0) port(5149) max-connections(333)); internal(); pipe("/proc/kmsg"); }; destination dl_hosts-unix { file("/var/log/syslog-ng/hosts-unix/$HOST/$YEAR/$MONTH/$DAY/$FACILITY.$LEVEL"); }; log { source(s_local); filter(f_os_unix); ###not filter(f_os_switch); destination(dl_hosts-unix); }; destination dl_tcim { udp("10.230.148.18" port(514) template("<$PRI> $DATE $HOST $MESSAGE\r\n")); }; log { source(s_local); destination(dl_tcim); }; tcim server configurarion file. options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); # use_dns (no); use_dns (yes); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source src { udp(); tcp(port(514) keep-alive(yes)); filter f_lnx_hosts { host("amex") or host("green") or host("sa") or host("yellow") or host("urinf01") or etc..; .. .. . }; destination d_lnx { file("/var/log/tcim/$HOST/syslog-$YEAR-$MONTH-$DAY.log" template("<$PRI>$DATE $HOST $MSG\n") create_dirs(yes) owner(svc-tcim) group(users) perm(0660) dir_owner(svc-tcim) dir_group(users) dir_perm(0770) ); }; log { source(src); filter(f_lnx_hosts); destination(d_lnx); }; I did try below command in TCIM server to check the comunication between centralized syslog-ng serer and tcim server tcpdump -nn -tp -port 514.. IP 10.180.40.83.59535 > 10.230.148.18.514: UDP, length 375 IP 10.180.40.83.59535 > 10.230.148.18.514: UDP, length 193 IP 10.180.40.83.59535 > 10.230.148.18.514: UDP, length 638 IP 10.180.40.83.59535 > 10.230.148.18.514: UDP, length 638 1740 packets captured 1740 packets received by filter 0 packets dropped by kernel Packets are getting from centralised log server. Do not know where the mistake is. Please help to resolve this issue.