Let me try this again. Sorry for inconveniencing you all with multiple emails last night. I have several servers logging to one central server through a firewall. No big deal. However the central logging server is adding entries to the beginning of each line of each log. This is great for most of the logs as it lets me know where each entry came from. In the case of my web and ftp logs however this information is unnecessary and prevents Analog and Webalizer from parsing through the logs correctly. Here's an example from my httpd-access log on my logging server. Dec 19 08:22:28 otherserver root: www.somewebpage.com 123.123.123.123 - - [19/Dec/2000:08:22:28 -0600] "GET /index.html HTTP/1.1" 200 2026 http://www.somewebpage.com/ "Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)" The stuff it adds, and that I don't want is everything up to the first entry of the virtualserver. In this case, www.somewebpage.com. So "Dec 19 08:22:28 otherserver root:" needs to be tossed out somehow. Is anyone else doing this or is it not possible to tell syslog-ng not to add these entries? Thanks for any help. Matt mmatt@freew3.com