Does anybody have experience with logging T3 array messages to a central loghost? I'm running syslog-ng on the central loghost. I have my loglevel set to '3' on the T3 and the following line in /etc/syslog.conf on the T3 (I also have corresponding line in /etc/hosts): *.notice central_loghost In syslog-ng.conf on 'central_loghost' I have: source external { tcp(port(1999) max-connections(50)); }; source external_udp { udp(port(514)); }; filter f_udp { host("some_name") or host("T3_array_name"); }; destination hosts { file("/var/log/$HOST/$FACILITY/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" owner(root) create_dirs(yes)); }; log { source(external); destination(hosts); }; log { source(external_udp); destination(hosts); }; In other words I'm listening on TCP port 1999 for all hosts except for special cases like T3 (because I don't know any way to make it send its logs via tcp). However, I don't get anything from the T3 array on the central log host even though local 'syslog' on the T3 gets a lot of messages. Am I missing something? I would appreciate any ideas or suggestions. Thanks in advance. Konstantin Ginzburg UNIX Engineering Eagan COSC (651) 406-2614