Hello all, I am trying to set up a new central syslogd server. I want to keep logging locally as well as on the new server. I have my syslogd.conf from the local machines and my syslog-ng.conf from the central server listed below. The problem I am having is that some messages being sent to the log server are not being sorted by their hostname field. They are instead being broken down into many different directories as shown in the example below. So, instead of the message going to the correct directory for that hostname it is creating numerous new directories with the name of that part of the message beginning with a ".". Odd. I can't figure out why it is these messages are being handled this way. Can anyone help please? Example of the directories being created. The first seven entries should not be there. # cd /var/log/HOSTS # ls -la total 28 drwx------ 14 root root 512 Jan 26 22:31 . drwxr-xr-x 6 root sys 512 Jan 11 10:44 .. drwx------ 3 root root 512 Jan 26 22:31 .Cmd drwx------ 3 root root 512 Jan 26 22:31 .Disconnected drwx------ 3 root root 512 Jan 26 22:29 .SCSI drwx------ 3 root root 512 Jan 26 22:31 .got drwx------ 3 root root 512 Jan 26 22:31 .pkt_flags=0x4000 drwx------ 3 root root 512 Jan 26 22:31 .pkt_scbp=0x0 drwx------ 3 root root 512 Jan 26 00:02 SRS drwx------ 3 root root 512 Jan 11 15:18 dbln-jumpstart drwx------ 3 root root 512 Jan 25 15:33 eight drwx------ 3 root root 512 Jan 11 11:23 ndpsunray1 drwx------ 3 root root 512 Jan 11 13:27 ndpsunray2 drwx------ 3 root root 512 Jan 25 15:26 nine # syslogd.conf #ident "@(#)syslog.conf 1.4 96/10/11 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1993, by Sun Microsystems, Inc. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # # *.err;kern.notice;auth.notice /dev/console kern.notice;user.err /dev/console kern.notice @loghost auth.info /var/adm/messages auth.info @loghost *.err;daemon.none;kern.info;mail.crit /var/adm/messages *.err;daemon.none;kern.info;mail.crit @loghost daemon.crit /var/adm/messages daemon.crit @loghost daemon.notice /var/adm/messages daemon.notice @loghost *.alert;kern.err;daemon.err operator *.alert root *.emerg * mail.info /var/adm/messages mail.debug @loghost user.alert @loghost user.alert /var/adm/messages syslogd-ng.conf # # syslog-ng package built by Nate Campi <nate@campin.net> # # This should behave pretty much like the original syslog on SunOS. But # it could be configured a lot smarter. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { sun-stream ("/dev/log" door("/etc/.syslog_door")); }; source net { udp(); }; source s_internal { internal(); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/adm/messages"); }; destination d_mail { file("/var/log/syslog"); }; destination d_auth { file("/var/log/authlog"); }; destination d_mlop { usertty("operator"); }; destination d_mlrt { usertty("root"); }; destination d_mlal { usertty("*"); }; destination std { file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes) );}; filter f_filter1 { level(err) or (level(notice) and facility (auth, kern)); }; filter f_filter2 { level(err) or (facility(kern) and level(notice)) or (facility(daemon) and level(notice)) or (facility(mail) and level(crit)); }; filter f_filter3 { level(alert) or (facility(kern) and level(err)) or (facility(daemon) and level(err)); }; filter f_filter4 { level(alert); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(kern) and level(notice); }; filter f_filter7 { facility(mail) and level(debug); }; filter f_filter8 { facility(user) and level(err); }; filter f_filter9 { facility(user) and level(alert); }; log { source(net); destination(std); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_mlop); }; log { source(s_sys); filter(f_filter4); destination(d_mlrt); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_auth); }; log { source(s_sys); filter(f_filter7); destination(d_mail); }; log { source(s_sys); filter(f_filter8); destination(d_cons); destination(d_mesg); }; log { source(s_sys); filter(f_filter9); destination(d_mlop); destination(d_mlrt); }; log { source(s_internal); destination(d_mesg); }; Thanks for looking,