Dear all, When use: tcpdump src host 1.3.4.5 and port 514 , I can see host 1.3.4.5 is sending the syslog to my syslog-ng But when I search my local log special for port 514, I didn't see any syslog from 1.3.4.5 Is there another location to config the syslog-ng, except /app/syslog-ng/custom/conf/syslog-ng.conf ? Below is from my syslog-ng.conf # Syslog collection for all devices source s_network { network( transport("udp") port(514) flags(syslog_protocol) keep_hostname(yes) keep_timestamp(yes) use_dns(no) use_fqdn(no) ); }; destination d_all_logs { file("/app/syslog-ng/custom/output/all_devices.log"); network("102.45.2.86" port(514) transport(udp) spoof_source(yes)); }; log { source(s_network); source(s_arista_network); destination(d_all_logs); }; Thank you very much for reply in advance!!!!! VL _______________________________________________________________________ If you received this email in error, please advise the sender (by return email or otherwise) immediately. You have consented to receive the attached electronically at the above-noted email address; please retain a copy of this confirmation for future reference. Si vous recevez ce courriel par erreur, veuillez en aviser l'expéditeur immédiatement, par retour de courriel ou par un autre moyen. Vous avez accepté de recevoir le(s) document(s) ci-joint(s) par voie électronique à l'adresse courriel indiquée ci-dessus; veuillez conserver une copie de cette confirmation pour les fins de reference future.