Hi, I am new to syslog-ng and have set up a system using eventlog-0.2.5 and syslog-ng-2.0.1 Local sendmail messages seem to have 2 entries together. I am not sure if something is awry with the config included below, but it seems to only happen with the sendmail entries from sendmail running on the log host. I am trying to write messages to both /var/log/maillog and /var/log/archive/2007-01-25. Messages logged from the sending server seem ok but sendmail running on they log server appear to be on the same line seperated by <22>. Messages in maillog and 2007-01-25 look the same. Thanks for your help, Fran Example: --------- Jan 25 13:20:12 secmgmt-cs01 sendmail[3050]: l0PIKCSY003050: from=<root@secmgmt-cs02.secmgmt.pvt>, size=619, class=0, nrcpts=1, msgi d=<200701251820.l0PIKCEu004718@secmgmt-cs02.secmgmt.pvt>, proto=ESMTP, daemon=MTA, relay=secmgmt-cs02.secmgmt.pvt [10.200.1.5]<22>Ja n 25 13:20:12 sendmail[3051]: l0PIKCSY003050: to=<lhmn@secmgmt-cs01.secmgmt.pvt>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30856, dsn=2.0.0, stat=Sent Config: ------- #********** # Options #********** options { use_dns(persist-only); dns_cache_hosts(/etc/hosts); chain_hostnames(no); keep_hostname(yes); log_fifo_size(4096); log_msg_size(8192); stats(3600); sync(0); time_reopen(10); bad_hostname("sccp|tmm"); }; #********* # Sources #********* ## local source s_local { unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); internal(); }; ## remote source s_remote { udp(); tcp(ip(0.0.0.0) port(514) max-connections(300)); }; #********* # Filters #********* ## Local filters filter f_messages { level(info..emerg); }; filter f_secure { facility(authpriv); }; filter f_mail { facility(mail); }; filter f_cron { facility(cron); }; filter f_emerg { level(emerg); }; filter f_spooler { level(crit..emerg) and facility(uucp, news); }; filter f_local7 { facility(local7); }; #filter f_debug { level(debug); }; ## SEC destination d_sec { program("/usr/local/bin/sec.pl -input=\"-\" -conf=/usr/local/etc/sec.conf"); }; ## Archive - timestamped archives destination d_archive { file("/var/log/archive/$R_YEAR-$R_MONTH-$R_DAY" owner("root") group("logs") dir_group("logs") perm(0640) dir_perm(0750) create_dirs(yes)); }; #***************** # Log statements #***************** # Send all logs to sec.pl log { source(s_local); source(s_remote); destination(d_sec); }; # Send all logs to archive log { source(s_local); source(s_remote); destination(d_archive); }; # Local logs - order DOES matter ! log { source(s_local); filter(f_emerg); destination(d_console); }; log { source(s_local); filter(f_secure); destination(d_secure); flags(final); }; log { source(s_local); filter(f_mail); destination(d_maillog); flags(final); }; log { source(s_local); filter(f_cron); destination(d_cron); flags(final); }; log { source(s_local); filter(f_spooler); destination(d_spooler); }; log { source(s_local); filter(f_local7); destination(d_bootlog); }; log { source(s_local); filter(f_messages); destination(d_messages); }; #log { source(s_local); filter(f_debug); destination(d_debug); };