I have the exact same problem. I hadn't even thought of using $PROGRAM until I read about it in this thread. So I whacked together a very short syslog-ng.conf for testing.
Thanks. I've found the problem, it's more the bug of the Linux syslogd, than syslog-ng but I tried to hack a workaround. You'll have at least one problem with sendmail, it produces loglines like: IAA24582: from=<delphi@pc1.szechenyi-nkzsa.sulinet.hu>, size=2796, class=0, pri=32796, nrcpts=1, msgid=<BF40C17306@szechenyi-nkzsa.sulinet.hu>, proto=ESMTP, relay=elod.vein.hu [193.6.32.101] when sent over the network, this means that each message has the mail ID as programname. You could workaround this problem by trying to match a regexp to the above line and directing sendmail log to a different destination. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 url: http://www.balabit.hu/pgpkey.txt