All, We have installed syslog-ng on our unix systems pointing them, some network devices, and some Windows systems events to a central syslog-ng server. The central server is currently piping the information to a Mysql database. Each incoming device writes to its own table in the database. A modification to this we would like to accomplish is to key various pieces of information stored in the "message" field. For example, syslog messages sent from the mail servers will contain the sender, recipient, delivery status in the "message" field. Our thought is to key these pieces of information for quick lookup. Some of the systems (Cisco Pix) are sending up to 5G of information a day. Another reason to key the information. Our current thought is to send the output of syslog-ng to a Perl script which will parse the message field based upon the source. The Perl script would then write it to the database. Is there a better approach? Any suggestions would be appreciated. Joseph G. Deck Director of Computing Services Wittenberg University Phone: (937) 525-3800 Fax: (937) 327-7372