hi there bit of a problem with too many logs being generated and i'm not sure what to do. I'm using a iptables firewall setup like this: $IPTABLES -t filter -N ACCEPTLOG $IPTABLES -t filter -A ACCEPTLOG -j LOG --log-prefix "iptables:" --log-level\ debug $IPTABLES -t filter -A ACCEPTLOG -j ACCEPT the firewall is also a masquerading NAT gateway for about 50 clients. I want to record all traffic flowing through the gateway, so along with the firewall rules stated above i have this in my syslog-ng.conf : destination iptables { file("/var/log/iptables"); }; filter iptables { match("^iptables:"); }; log { source(src); filter(iptables); destination(iptables); }; all very nice, except for the fact that within 24 hours the log grew to 500MB's, which is a little too big. Of course i've configured logrotate to g-zip the file every day which greatly reduces the size, but i'd much prefer to have smaller logs but with the necessary information still there. Here's an example from one client just for a simple request to port 445: Dec 17 11:33:18 iptables:IN=eth1 OUT=eth0 SRC=192.168.1.220 DST=213.220.xxx.xxx LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=974 DF PROTO=TCP SPT=32900 DPT=445 WINDOW=10136 RES=0x00 ACK URGP=0 this entry is repeated 10 times per second !! i've tried different log levels in my firewall but it doesnt seem to change anything. Would be grateful for any help. cheers, garvald