Hello, I have a syslogNG based siem setup with customized rules like: options { use_dns(no); use_fqdn(no); check_hostname(no); owner(root); group(root); perm(0640); dir_owner(root); dir_group(root); dir_perm(0750); create_dirs(yes); normalize_hostnames(yes); keep_hostname(yes); # disable stats stats_freq(0); }; destination d_net_auth { file("/var/log/corporate/$HOST_FROM/auth.log"); }; ... These settings will not do dns resolution will result that when hosts sending their logs into this SIEM directories will be created by their IP addresses where the logs go. I would like to replicate this server on a second location without using brute methods like rsyncing the whole directory structure daily. I have configured syslogng to keep forwarding the logs to a remote destination which works fine however I can't select the messages based on the same criteria on the new log server because if I use the same config everything will originate from the IP for logserver 1. I need IP based directories on the second loghost as well, everything to be identical. I'm using syslogng 3.12. Is there a workaround for this? Thanks