Syslog-ng doesn't seem to be respecting tcp_wrappers security. I compiled syslog-ng (v. 3) with $ ./configure --sysconfdir=/etc/syslog-ng/ --enable-tcp-wrapper -- enable-sql --enable-dynamic-linking Although, I do notice this warning in config.log: configure:7282: gcc -o conftest -g -O2 -Wall conftest.c -lwrap >&5 conftest.c: In function 'main': conftest.c:43: warning: control reaches end of non-void function configure:7288: $? = 0 configure:7309: result: -lwrap However, the compile is successful. My hosts.allow file is: # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # sshd: ALL #syslog-ng: localhost, p3.mydomain.com, p4.mydomain.com # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. ALL: ALL Note that the syslog-ng process is commented out, but syslog-ng still works. Apparently, it's not checking the hosts.* files. Any idea ? Liam