HI, I have the same problem as someone else in November. I'm trying to pipe data into MySQL, but Mysql complains about syntax. The proposed solution in November (upgrade von 1.6.4 to 1.6.5) doesn't fit, as I'm using 1.9.3 Here is the generated input for MySQL: ls0003INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '', 'kern', 'notice', 'notice', '05', '2005-03-03', '16:26:07', 'kernel', 'syslog-ng[10686]: syslog-ng starting up; version=\'1.9.3\' ' ); ls0003INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '', 'kern', 'notice', 'notice', '05', '2005-03-03', '16:26:07', 'kernel', 'syslog-ng[10686]: Initializing destination file writer; filename=\'/tmp/mysql.pipe\', template=\'/tmp/mysql.pipe\' ' ); 0.0.0.0INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '', 'daemon', 'err', 'err', '1b', '2005-03-03', '16:27:01', 'Security', 'Security: NT-AUTORIT\37777777704T\\SYSTEM: Fehlgeschlagene Anmeldung: Grund: Unbekannter Benutzername oder falsches Kennwort Benutzername: ANONYMOUS Dom\37777777744ne: KST Anmeldetyp: 3 Anmeldevorgang: NtLmSsp Authentifizierungspaket: NTLM Name der Arbeitsstation: \\\\LS0002 <78>CROND[2516]: (root) CMD (/usr/bin/mrtg /etc/mrtg/mrtg.cfg) ' ); Seems that the value for HOST is printed before the INSERT-string. "ls0003" is the host running syslog-ng. Another point: How do I keep the hostname for remote hosts? The string with "0.0.0.0" at the beginning is from a windows 2000 client. Here is my syslog-ng.conf: options { keep_hostname(yes); chain_hostnames(yes); }; destination d_mysql { pipe("/tmp/mysql.pipe" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(src); destination(d_mysql); }; # source src { unix-dgram("/etc/log/log"); internal(); }; source src { unix-dgram("/dev/log"); internal(); udp(); }; # source src { unix-dgram("/dev/log"); internal(); }; # source net { udp(); }; Yours hjb _________________________________________ Diese E-Mail wurde geprüft von Symantec Antivirus