Thanks for all the help I've received so far. Although, I'm still not able to do what I need to do. Right now, I just want to log one specific device to a specific log file. One email I received said I should use the netmask filter option, although for some reason, my system doesn't like that option. Here is the temp syslog-ng.conf I'm using. I have the full backed up, I just want to get this part working. Syslog-ng starts, but it doesn't actually log any thing. I cut this down so it would be easier to work with, although it's very possible that I cut out a required part of the log file. As of right now, I don't care if it logs any from the local system. I just need to log the pix device listed. Thanks in advance for any help, Mark # # Configuration file for syslog-ng under Debian # # attempts at reproducing default syslog behavior # the standard syslog levels are (in descending order of priority): # emerg alert crit err warning notice info debug # the aliases "error", "panic", and "warn" are deprecated # the "none" priority found in the original syslogd configuration is # only used in internal messages created by syslogd ###### # options options { # disable the chained hostname format in logs # (default is enabled) chain_hostnames(0); # the time to wait before a died connection is re-established # (default is 60) time_reopen(10); # the time to wait before an idle destination file is closed # (default is 60) time_reap(360); # the number of lines buffered before written to file # you might want to increase this if your disk isn't catching with # all the log messages you get or if you want less disk activity # (say on a laptop) # (default is 0) #sync(0); # the number of lines fitting in the output queue log_fifo_size(2048); # enable or disable directory creation for destination files create_dirs(yes); # default owner, group, and permissions for log files # (defaults are 0, 0, 0600) owner(root); group(root); perm(0644); # default owner, group, and permissions for created directories # (defaults are 0, 0, 0700) dir_owner(root); dir_group(root); dir_perm(0744); # enable or disable DNS usage # syslog-ng blocks on DNS queries, so enabling DNS may lead to # a Denial of Service attack # (default is yes) use_dns(no); # maximum length of message in bytes # this is only limited by the program listening on the /dev/log Unix # socket, glibc can handle arbitrary length log messages, but -- for # example -- syslogd accepts only 1024 bytes # (default is 2048) #log_msg_size(2048); }; # sources # all known message sources source s_all { # message generated by Syslog-NG internal(); # standard Linux log source (this is the default place for the syslog() # function to send logs to) unix-stream("/dev/log"); # messages from the kernel file("/proc/kmsg" log_prefix("kernel: ")); # use the above line if you want to receive remote UDP logging messages # (this is equivalent to the "-r" syslogd flag) udp(); }; #destinations for log files destination corppix_d { file ("/var/log/network/corppix/pix.log" owner (root) group (root) perm (0644) dir_perm (0744)); }; #filters filter corppix_f { netmask("10.10.10.2"); facility(local4); }; # logs log { filter(corppix_f); destination(corppix_d); };