I am a fairly new to all this so please excuse me. I am having lots of problems getting syslog-ng to send email alerts based upon certain text based filters. I am running RedHat 9.0 with syslog-ng-1.6.2-1 installed from the rpm, I have configured the syslog-ng.conf file correctly to enable filtering with a match statement for a specific IP address in the logs and this works when using ‘destination file { file("/etc/syslog-ng/test.log"); };’ but when I point this to the perl script that I have got off of this URL HYPERLINK "http://www.campin.net/newlogcheck.html"http://www.campin.net/newlogcheck.html I get nothing. Please see below the destination statement and perl script that I have created with executable permissions. Syslog-ng.conf destination email { program("/etc/syslog-ng/mail.pl"); }; filter f_test { match(192.168.1.1); }; log { source(src); filter(f_test); destination(email); }; Mail.pl #!/usr/bin/perl -n # ## shell version # # while read line; do # echo $line | /bin/mail -s "log alert" support@businessfcl.com # done # strip the priority s/^<[\d]{1,2}>//; # mail the cleaned up message system("echo \"$_\" | /bin/mail -s \"log alert\" monitor"); Every time I restart the syslog-ng service I get a mail to the monitor user which would indicate that the perl script sends mail and that syslog-ng runs it during startup but it does not appear to work when the filter is applied. Can any one help with this please? Regards Stuart Burgis -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.2/252 - Release Date: 06/02/2006