OK, so let's try one problem at time;-) When logging udp message the "host" tag is being listed as local host and the time is incorrect. Here is a sample of two different syslog runs. One with syslog-ng 1.6.4 and one with the native OpenBSD 3.5 syslogd. The host "logger01" is the name of the localhost, not a reverse of 172.16.10.20. Also these runs were taken seconds apart yet the timestamps are 11 hours apart. Any insight would be appreciated. ...running syslog-ng May 19 00:35:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" May 19 00:36:29 logger01 %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside_access_in" ...running syslogd on OpenBSD 3.5-stable/sparc64 May 19 11:36:53 172.16.10.20 May 19 2004 00:33:29: %PIX-4-106023: Deny udp src outside:4.4.6.15/57112 dst inside:10.1.2.16/514 by access-group "outside _access_in" May 19 11:37:02 172.16.10.20 May 19 2004 00:33:39: %PIX-4-106023: Deny udp src outside:210.12.158.85/1243 dst inside:10.1.2.15/1434 by access-group "outside_access_in" # syslog-ng configuration file. # # See syslog-ng(8) and syslog-ng.conf(5) for more information. # # 20000925 gb@sysfive.com options { sync (0); time_reopen (10); log_fifo_size (1000); keep_hostname (yes); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; source s_sys { unix-dgram ("/dev/log"); internal(); file ("/dev/klog"); }; source s_udp { udp (); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/log/messages"); }; destination d_auth { file("/var/log/authlog"); }; destination d_authp { file("/var/log/secure"); }; destination d_cron { file("/var/cron/log"); }; destination d_daem { file("/var/log/daemon"); }; destination d_ftp { file("/var/log/xferlog"); }; destination d_lpr { file("/var/log/lpd-errs"); }; destination d_mail { file("/var/log/maillog"); }; destination d_spol { file("/var/log/uucp"); }; destination d_mlal { usertty("*"); }; destination d_root { usertty("root"); }; destination d_trap { file("/var/log/snmptraps"); }; destination d_cisco { file("/var/log/cisco"); }; destination d_catchudp { file("/var/log/systems/catchudp.log"); }; destination d_catchsys { file("/var/log/catchsys.log"); }; filter f_kern { facility(kern); }; filter f_mesg { level(info..emerg) and not facility(mail, auth, authpriv, ftp, lpr,local0, local7)and not filter(f_croner) and not facility(daemon) and level(info); }; filter f_auth { facility(auth); }; filter f_authp { facility(authpriv); }; filter f_cron { facility(cron); }; filter f_mail { facility(mail); }; filter f_daem { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_emerg { level(emerg); }; filter f_spol { facility(uucp) or (facility(news) and level(crit)); }; filter f_trap { facility(local0); }; filter f_cisco { facility(local7); }; filter f_swatch { level(info..emerg); }; #log { source(s_sys); filter(f_kern); destination(d_cons); }; log { source(s_sys); filter(f_kern); destination(d_mesg); }; log { source(s_sys); filter(f_mesg); destination(d_mesg); }; log { source(s_sys); filter(f_auth); destination(d_auth); }; log { source(s_sys); filter(f_mail); destination(d_mail); }; log { source(s_sys); filter(f_emerg); destination(d_mlal); }; log { source(s_sys); filter(f_spol); destination(d_spol); }; log { source(s_sys); filter(f_cron); destination(d_cron); }; log { source(s_sys); filter(f_trap); destination(d_trap); }; log { source(s_udp); filter(f_cisco); destination(d_cisco); }; log { source(s_sys); filter(f_swatch); destination(d_catchsys); };