Folks, Does anyone have any experience with using syslog-ng to forward messages along to an ArcSight server? I set it up for a support group here, but apparently they are having issues. Per ArcSight support: <quote> "I looked over the information you had uploaded already, and is actually a common issue. When syslog events are forwarded from one syslog server to another syslog server, or pipe, or file, the forwarding syslog server prepends timestamp and other information, which makes the message unusable. We require syslog message to adhere to the standard RFC syslog format for the connector to read them, and when forwarding syslog messages that is not the case and we are unable to support that configuration." </quote> Does anyone have any insight they can share with me for this issue? The group is now asking that I install their agent on my server, which I am VERY loath to do since the box is about at it's limit as it is. Thanks all! Chris Ivey Affiliated Computer Services Enterprise Management Integration Services Infrastructure Management Senior Analyst chris.ivey@acs-inc.com "I have not failed, I have simply found 10,000 ways which do not work!" -- Thomas Edison "When you find yourself in a hole, the best thing to do is stop digging!" -- Nick Stokes "I reject your reality, and substitute my own!" -- Adam Savage