I've set up syslog-ng as directed by everything I could find. In the .conf file below, yertle is the local machine running syslog-ng, and the other 2 are remote machines. The remote machine lines output everything fine, but the local (yertle) will not report any kernel messages (such as kernel firewall DENYs). I've tried adding the unix-stream /dev/klog for the inside_src, but that didn't help. Here's my .conf: ==========8<--------------------------------------- options { long_hostnames(off); sync(0); }; source inside_src { unix-stream("/dev/log"); internal(); }; source outside_src { udp(ip(0.0.0.0) port(514)); }; filter f_nancy { host("nancy"); }; filter f_hbgb { host("hbgb"); }; destination yertle { file("/var/log/yertle"); }; destination nancy { file("/var/log/nancy"); }; destination hbgb { file("/var/log/hbgb"); }; log { source(inside_src); destination(yertle); }; log { source(outside_src); filter(f_nancy); destination(nancy); }; log { source(outside_src); filter(f_hbgb); destination(hbgb); }; ==========8<--------------------------------------- Since I've only been messing with this for 1 hour, I'm sure I've just glanced over the answer, but any help would be appreciated. -- Liar (HBGB) jasonh@kiva.net ----------------------------------------------------------------------- "You can't be a real country unless you have a beer and an airline. It helps if you have some kind of a football team, or some nuclear weapons, but at the very least you need a beer." -Frank Zappa