Hello! I encountered some problems with syslog-ng 1.5.25, while trying to separate logs by program name. Our developers often use multiline log messages, stack traces for example. The problem is that when multiline message received via network (udp) it is logged as several lines, and only first line has program name in it. So, when i configure 'program' filter, it only catches first line. Example: We are logging this message and it is sent to loghost (in one udp packet, tested with snoop). <30>Jan 31 13:51:30 Yadda yadda[17245]: Time to die. die now! Loghost writes it in this way: Jan 31 13:42:29 host yadda[17231]: Time to die. Jan 31 13:42:29 host die now! The second line "die now!" will not match 'program' filter. I suppose it would be correct to replace all '\n', '\r', etc in log messages and log them as single line as common syslogd does in any case and as syslog-ng does when source is unix domain socket. Another problem is that first word of program name disappears. if program name is missing, the first word of log msg disappears instead. Here's script to send log message used in my example. #!/usr/bin/perl -w use strict; use Sys::Syslog; # all except setlogsock, or: use Sys::Syslog qw(:DEFAULT setlogsock); # default set, plus setlogsock my $ident = 'Yadda yadda'; my $logopt = 'pid,ndelay'; my $facility = 'daemon'; my $priority = 'info'; my $format = "Time to die.\ndie now!"; my @args; setlogsock 'unix'; openlog $ident, $logopt, $facility; syslog $priority, $format, @args; closelog; -- Dmitry Frolov, Zenon N.S.P. (095) 250-4629, http://www.zenon.net/