Greetings from a list newbie. I discovered syslog-ng the other day while STFW for more info about logsurfer, which I've been trying out recently. I've looked at the list archives for several months back, but don't see obvious answers to the following: - Are people using -ng to perform noise filtering and/or alerting a-la Swatch, WOTS, logsurfer, etc? Or is most filtering just to effectively increase the number of facilities by sorting on reporting program name? - Has anybody devised a way with -ng to monitor the repeat rate of a particular message? I.e. if you get 10 log_info messages per hour from named on host foo, ignore them, but if you get 100, save them and trigger some event? - I would like to embed the message's facility/level into the recorded message text, similar to what SGI's Irix' syslogd does, although probably in human-readable form rather than an octal number. Maybe I'm looking in the wrong docs, but I'd like to write something like this to the output channel: "Feb 27 01:31:05 foo sendmail[nnn]: ${FACILITY}/${PRIORITY} \ $rest_of_message" I'll go RTFM some more, but if anybody can give some basic answers, I'd be grateful. Thanks. -- Dave Live fast. Die young. Leave a good-looking audit trail.