I'm having a bit of a problem and hope someone here can help. I'm trying to separate individual items into specific logs, i.e. ssh events in sshd.log, samba messages in samba.log, etc... I managed to come up with filters that pull out the events I started with, and they are going into the correct log files. But they are ALSO going into /var/log/messages even though I specifically have a filter on that one that says not to include samba or sshd events. I'll copy my config file here. Hopefully someone can tell me what I did wrong. Thanks! --------------------------------------------- @version: 3.30 @include "scl.conf" options { threaded(yes); chain_hostnames(no); stats_freq(43200); mark_freq(3600); }; source src { system(); internal(); }; filter samba { program("samba"); }; filter ssh_messages { facility("AUTH") and level("INFO"); }; filter syslog { not filter("ssh_messages") and not filter("samba"); }; destination console { file("/dev/tty12"); }; destination messages { file("/var/log/messages"); }; destination sshd_log { file("/var/log/sshd/sshd.log"); }; destination smb_logs { file("/var/log/samba/samba.log"); }; log { source(src); destination(smb_logs); filter(samba); flags(final); ); log { source(src); destination(sshd_log); filter(ssh_messages); flags(final); }; log { source(src); destination(console); filter(syslog); }; log { source(src); destination(messages); filter(syslog); };