Hi, I have set up a wondefull log server with syslog-ng, where I record every host separately. suppose log server name is logserver.localdomain.it, the problem is that I get the logserver.localdomain.it directory but insede i get only messages and syslog file, if i fail a an authentication or what other I get no log about it. someone can help me? Thanks This is part of configuration file: options { long_hostnames(off); sync(0); # no line buffered: scriviamo subito # forse sui client si può rimuovere create_dirs(yes); log_fifo_size(30000); # aumentiamo log_fifo_size per evitare il drop dei pacchetti, use_fqdn(yes); # Inserisce gli host in formato Fully Qualified Domain Name # use_time_recvd(true); # nel caso di client con ora non sincronizzata }; source src { internal(); pipe("/proc/kmsg"); #file("/proc/kmsg" log_prefix("kernel: ")); tcp(ip(192.168.xxx.yyy) port(514) max-connections(100)); udp(ip(0.0.0.0) port(514)); }; destination authlog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/auth.log" owner("root") group("adm") perm(0640)); }; destination syslog { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/syslog" owner("root") group("adm") perm(0640)); }; destination cron { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/cron.log" owner("root") group("adm") perm(0640)); }; destination daemon { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/daemon.log" owner("root") group("adm") perm(0640)); }; destination kern { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/kern.log" owner("root") group("adm") perm(0640)); }; destination lpr { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/lpr.log" owner("root") group("adm") perm(0640)); }; destination mail { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/mail.log" owner("root") group("adm") perm(0640)); }; destination user { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/user.log" owner("root") group("adm") perm(0640)); }; destination uucp { file("/opt/syslog-ng/logs/SERVER/$YEAR/$MONTH/$DAY/$HOST/uucp.log" owner("root") group("adm") perm(0640)); }; filter f_authpriv { facility(auth, authpriv); }; filter f_syslog { not facility(auth, authpriv); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; log { source(src); filter(f_authpriv); destination(authlog); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_daemon); destination(daemon); }; log { source(src); filter(f_kern); destination(kern); }; log { source(src); filter(f_lpr); destination(lpr); }; log { source(src); filter(f_mail); destination(mail); }; log { source(src); filter(f_user); destination(user); }; log { source(src); filter(f_uucp); destination(uucp); }; ------------------------------------------------------------------------ INFOGROUP S.P.A http://www.infogroup.it ------------------------------------------------------------------------- DR. FIORENZI ALESSANDRO Consulente Tribunale Firenze - sicurezza informatica - Security Administrator Socio CLUSIT, ALSI Tel : +39.055.43.65.742 CE : +39.335.64.144.77 @Email : a.fiorenzi@infogroup.it PGP Key: http://www.infogroup.it/ds/fiorenzi.asc ------------------------------------------------------------------------- "Faber est suae quisque fortunae" -------------------------------------------------------------------------