Hi there I'm wanting to put up a syslog server that runs on an IDS. As such the "sniffed" interfaces don't have (or want) IP addresses. So what I need is a syslog server that can sniff syslog packets as they come across the interfaces in promiscous mode. There is a product called passlogd that supposedly does this - but it has always crashed on startup for me. However I was wondering if this could be a feature request for syslog-ng. Linux's netfilter has the REDIRECT rulesets which could be used to do this as well. I mean, right now we use REDIRECT so that our Squid proxy server can act as a transparent proxy server, so what about syslog-ng? As Squid requires you to enable it - I suppose syslog-ng would still need to be altered to support that option too? Anyone else tried to do this? The security advantage is that you could enable syslog in your DMZes, point them at a non-existant IP address, and your IDS could pick up those messages as they flow pass it. Any server compromise leads the hackers to believe there is a syslog server - but it's down... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1