What do other folks do with large numbers of machines?
Do you not resolve names and log with IP addresses only?
that is correct: use_dns(no); in /etc/syslog-ng/syslog-ng.conf i have: source s_remote { udp(); }; destination df_catch_all { file("/storage/syslog/hosts/$HOST/$YEAR/$MONTH/$DAY/$FACILITY" owner(root) group(root) perm(0644) dir_perm(0755) create_dirs(yes) ); }; log { source(s_remote); destination(df_catch_all); }; out of cron (once an hour) i run: #!/usr/bin/perl use strict; use Socket; my $syslog_input_directory = '/storage/syslog/hosts/'; my $syslog_output_directory = '/storage/syslog/hosts_by_name/'; my @all_hosts = glob "$syslog_input_directory*"; my @all_destination_hosts = glob "$syslog_output_directory*"; for (@all_destination_hosts) { unlink $_; } for (@all_hosts) { # take off the leading part s/^$syslog_input_directory//; my $inet_aton_addr = inet_aton($ip); my $name = gethostbyaddr($inet_aton_addr, AF_INET); if ($name ne '') { symlink("$syslog_input_directory$_", "$syslog_output_directory$name"); } } -- Matt Zagrabelny - mzagrabe@d.umn.edu - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot