I am in the process of setting up a syslog server for a large number of Cisco boxes, and have faced some difficulties which may be due to an error in syslog-ng 1.4.13 on Solaris 8 regarding the source statement. source net { udp(); }; As far as I can understand from the documentation, this ought to listen to all incoming udp packets on port 514. Contrary to the documentation, I never got this to work at all. I even tried to stop the native syslogd, but to no avail. source net { udp(ip("xxx.xxx.xxx.22") port(514)); }; Stating the service ip address and syslog port works perfectly. On the Cisco IOS side, it took me some time to realize that logging source-interface Ethernet0 is essential to do remote logging. This is the interface with the ip address which have access to the remote syslog host. Other experiences, especially best practices, with syslog-ng and Cisco boxes are greatly appreciated. Best regards, Brian D. Olesen UNIX Administrator Orange DK