Greetings: Sorry if this rehashes old territory--I've seen this issue addressed in the list archives. Unfortunately, I've reached an impasse. I'm currently running syslog-ng on a test system, with all logs being sent to a single file so that I can monitor what syslog-ng is (or isn't) doing. As far as I can tell, all facilities are being logged except for 'kern.*'. I'm running it on Red Hat 6.2 (intel) as a drop-in replacement for syslogd (it is started prior to klogd, version 1.3-3). As suggested in a prior posting on this topic, I've run 'strace -f' on klogd with both syslogd and syslog-ng (and ipchains logging all denied packets so there should be plenty of logging to kern.info) with the following result: ===syslogd sample=== read(0, "<6>Packet log: input DENY eth0 P"..., 4095) = 121 time([958581388]) = 958581388 write(1, "<6>May 17 12:36:28 kernel: Packe"..., 146) = 146 ===syslog-ng sample=== read(0, "<6>Packet log: input DENY eth0 P"..., 4095) = 114 connect(1, {sin_family=AF_UNIX, path="/dev/log"}, 10) = -1 EPROTOTYPE (Protocol wrong type for socket) time([958581560]) = 958581560 write(1, "<6>May 17 12:39:20 kernel: Packe"..., 139) = -1 ENOTCONN (Transport endpoint is not connected) It would appear that klogd is _trying_ to log to /dev/log, but fails when syslog-ng is running. I do see kernel messages sent from remote hosts (still running syslogd) in the destination file, just not for the local host. source local { unix-stream("/dev/log"); internal(); }; # no kern.* source net { udp(ip(0.0.0.0) port(514)); }; # kern facility OK Any suggestions? Thanks in advance! --Brian -- Brian Mohr email: bkmohr@princeton.edu Systems Administrator phone: (609) 258-2618 Atmospheric and Oceanic Sciences fax: (609) 258-2850 Princeton University