Hi, After my earlier multicast patch I quickly realised that if syslog-ng is actually sending UDP multicast syslog data the TTL on the IP packets is by default 1. This results in the packet being expired at the gateway and never being able to leave the subnet....not too handy :( After clobbering it around for a few days I have rolled out this patch to address the problem which should be applied in addition, and after, the multicast patch I released the other day (also re-included in this email). The patch adds a new parameter to the destination tcp()/udp() drivers called ttl() and it takes a number between 0 and 255. When set to zero, it uses the default kernel parameter[1] but when set to 1->255 the TTL on the packet being sent is set to this. Of course if the parameter is not specified it defaults to zero. This should now allow you to use destination du_moo { udp("239.1.2.3" port(514) ttl(7)); }; in your config files. It works on unicast traffic too, I guess you could use it as a layer of defence to guarentee that your syslog packets never leave your network by setting the TTL to a low value. I always wanted to get around to emailing the samba folk a TTL patch to do this sort of thing, so roaming samba laptop users could get some feeling of security that only the local network can get access to their shares....however this is now getting a bit offtopic :) Hope you all find it useful, now back to my multicasting syslog cluster :) Cheers Alex [1] under linux its one, and probably the same for most OS's