Hello all yalls, I've been beating my head against a wall for a couple hours here, but have yet to figure out how to get syslog-ng to create my $HOST directories, or to even use them when I create them manually. When a remote host sends it's syslog messages, they just end up in /var/log/netlog/whatever.log. There's no indication anywhere else in my logs about improper permissions or anything of that sort. I'm trying to use version 1.6.0rc2 and libol-0.3.10. If it's at all interesting, "uname -a" tells me: Linux <my-secret-hostname> 2.4.20 #1 Wed Mar 26 11:34:49 MST 2003 i686 unknown I've gone round and round with all the various dns/hostname related options, to no avail. Anyone have any Great Ideas? Here's some snippets from my syslog-ng.conf file: options { sync(0); time_reopen(10); log_fifo_size(100); keep_hostname (yes); dns_cache (yes); long_hostnames (yes); use_dns (yes); use_fqdn (yes); chain_hostnames (no); create_dirs (yes); owner (root); group (root); stats (600); perm (0660); dir_owner (root); dir_group (root); dir_perm (0770); use_time_recvd (yes); }; <snip> source net { tcp(); udp(); }; destination net_authlog { file("/var/log/netlog/$HOST/auth.log"); }; destination net_userlog { file("/var/log/netlog/$HOST/user.log"); }; destination net_bootlog { file("/var/log/netlog/$HOST/boot.log"); }; destination net_errorlog { file("/var/log/netlog/$HOST/errors.log"); }; destination net_cronlog { file("/var/log/netlog/$HOST/cron.log"); }; destination net_kernlog { file("/var/log/netlog/$HOST/kern.log"); }; destination net_maillog { file("/var/log/netlog/$HOST/mail.log"); }; destination net_messages { file("/var/log/netlog/$HOST/messages"); }; destination net_daemonlog { file("/var/log/netlog/$HOST/daemon.log"); }; destination net_wwwacclog { file("/var/log/netlog/data/www/LOGS/$YEAR/$MONTH/www.access.log.$YEAR.$MONTH.$DAY");}; destination net_wwwerrlog { file("/var/log/netlog/data/www/LOGS/$YEAR/$MONTH/www.errors.log.$YEAR.$MONTH.$DAY");}; log { source(net); filter(f_authpriv); destination(net_authlog); }; log { source(net); filter(f_user); destination(net_userlog); }; log { source(net); filter(f_boot); destination(net_bootlog); }; log { source(net); filter(f_err); destination(net_errorlog); }; log { source(net); filter(f_cron); destination(net_cronlog); }; log { source(net); filter(f_kern); destination(net_kernlog); }; log { source(net); filter(f_mail); destination(net_maillog); }; log { source(net); filter(f_daemon); destination(net_daemonlog); }; log { source(net); filter(f_messages); destination(net_messages); }; log { source(net); filter(f_www); filter(f_info); destination(net_wwwacclog); }; log { source(net); filter(f_www); filter(f_err); destination(net_wwwerrlog); }; Thanks a million Jeremy <please send inspectors to my country... i think we may have weapons of mass destruciton>