syslog-ng-bounces@lists.balabit.hu wrote: : Hello, : :: All, :: :: I'm fairly new to syslog-ng (been using syslogd for many :: years) and I have a question with the config file syntax. :: :: What I'm trying to do is log all remote hosts to :: /var/log/$HOST.log while keeping the logging host's logs :: seperate. What I'm seeing is all messages are being written :: to /var/log/$HOST.log, including the logging system, as well :: as to /var/log/messages. In a single day, /var/log/messages :: grows to over 11GB (I'm logging less than 100 devices - :: Windows servers, routers, and switches.) :: :: I haven't quite figured out which part of the config file is :: causing this to happen, since I'm still going through my :: growing pains with it. Can someone point me in the right :: direction with this? : : [ cutting the details ] : : You're referring to the same source (src) everywhere in your : config, so I would like to suggest to remove udp() from this : source and move it to a separate one. Then you can use this : source for the remote hosts. Something like this: : : source s_remote { : udp(); : }; : : Later in your conffile referring to this source you can : differentiate between the local and the remote logs. : : regards, : : Sandor Thanks! That seemed to do the trick. It appears now that each log entry is being duplicated, but I can live with that for the time being. Would that be the result of an extra line I have in there somewhere, or do I need to look forther at the src/destination directives? This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom it is addressed. If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act upon the information contained herein. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.