I have just setup syslog-ng to log about 15 machines to a central log host, and i absolutely love it, but i have a question. right now i'm splitting the logs like this on the loghost destination hosts { file("/mnt/backups/logs/$HOST/$YEAR/$MONTH/$FACILITY$YEAR$MONTH" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; but that only splits the logs via facility. there are more logs being written on the client log machines, which are configured like this destination messages { file("/var/log/messages"); }; destination ssh { file("/var/log/ssh.log"); }; destination cron { file("/var/log/cron.log"); }; destination auth { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog.log"); }; destination xinetd { file("/var/log/xinetd.log"); }; destination rsync { file("/var/log/rsync.log"); }; destination cfengine { file("/var/log/cfengine.log"); }; filter f_ssh { program("sshd"); }; filter f_cron { program("cron"); }; filter f_auth { program("su") or program("sudo"); }; filter f_syslog { program("syslog-ng"); }; filter f_xinetd { program("xinetd"); }; filter f_rsync { program("rsyncd"); }; filter f_cfengine { program("cfengine"); }; filter f_messages { ...}; // with messages getting everything else log { source(src); filter(f_ssh); destination(ssh); }; log { source(src); filter(f_cron); destination(cron); }; log { source(src); filter(f_auth); destination(auth); }; log { source(src); filter(f_syslog); destination(syslog); }; log { source(src); filter(f_xinetd); destination(xinetd); }; log { source(src); filter(f_rsync); destination(rsync); }; log { source(src); filter(f_cfengine); destination(cfengine); }; log { source(src); filter(f_messages); destination(messages); }; what i would like to do is log the files as they are being logged locally on the client machines, the same way on the loghost. do i have to change the destination? how do i get the same file names, etc, that are being logged, but on the loghost? any help is greatly appreciated. -Jeffrey -- -------------------------- Jeffrey Forman Gentoo Infrastructure Team jforman@gentoo.org --------------------------