Couldn't seem to find an answer to this in the documentation. Is it possible to the have the use_dns(yes) option enabled but match hosts based on their IP address? I want to be able to write files as their FQDN but fo the REGEX matching based on the IP address. I can get this to work when I disable the use_dns(yes) option but then the files are the IP. I don't want to match based on hostnames. example: destination net_host_all { file("/tmp/$HOST"); }; filter f_hosts_all { host("^10\.201\.140\.*") or host("^10\.201\.150\.*") or host("^192\.168\.0\.[0-3][0-9]"); }; log { source(net); filter(f_hosts_all); destination(net_host_all); flags(final); }; While I'm hear might as well kill two birds with one stone. Can someone give ma a real life example of the practical use of using the fallback option? I must be inept because I can't see a valid reason to have it that the final/catchall statement couldn't do (with proper logical placements of the log statements in the configuration). MPR. -- "I am kind of a paranoiac in reverse. I suspect people of plotting to make me happy." - J.D. Salinger