I just moved from syslog to syslog-ng. It looks great, except that kernel messages don't seem to be getting passed into the logs. For example, I have my iptables rules set to log any connection that fails all ACCEPT rules. Under syslog the firewall log file got to be rather large very quickly (which is fine). I accomplished it with --log-level info and putting kern.info /var/log/firewall in my syslog.conf file. I translated that into syslog-ng, but my firewall log has not increased one bit, even when I purposly hit a blocked port from the outside. Here's the syslog-ng.conf file. Perhaps someone can see an issue? options { dir_perm(0755); perm(0644); chain_hostnames(no); keep_hostname(yes); }; source local { unix-stream("/dev/log"); udp(ip(0.0.0.0) port(514)); internal(); }; filter f_kern { facility(kern) and level(debug...emerg); }; filter f_notcron { not facility(cron); }; filter f_infoemerg { level(info...emerg); }; filter f_notmail { not facility(mail); }; filter f_notauth { not facility(authpriv); }; filter f_auth { facility(authpriv) and level(debug...emerg); }; filter f_mail { facility(mail) and level(debug...emerg); }; filter f_cron { facility(cron) and level(debug...emerg); }; filter f_emerg { level(emerg); }; filter f_newscrit { facility(uucp,news) and level(crit...emerg); }; filter f_boot { facility(local7) and level(debug...emerg); }; filter f_firewall { facility(kern) and match("IN="); }; destination d_firewall { file("/var/log/firewall" create_dirs(yes)); }; destination d_messages { file("/var/log/messages" create_dirs(yes)); }; destination d_spooler { file("/var/log/spooler" create_dirs(yes)); }; destination d_console { file("/dev/console" create_dirs(yes)); }; destination d_secure { file("/var/log/secure" create_dirs(yes)); }; destination d_maillog { file("/var/log/maillog" create_dirs(yes)); }; destination d_cron { file("/var/log/cron" create_dirs(yes)); }; destination d_panic { usertty("*"); }; destination d_boot { file("/var/log/boot.log" create_dirs(yes)); }; log { source(local); filter(f_newscrit); destination(d_spooler); }; log { source(local); filter(f_cron); destination(d_cron); }; log { source(local); filter(f_emerg); destination(d_panic); }; log { source(local); filter(f_boot); destination(d_boot); }; log { source(local); filter(f_mail); destination(d_maillog); }; log { source(local); filter(f_kern); destination(d_console); }; log { source(local); filter(f_notcron); filter(f_infoemerg); filter(f_notmail); filter(f_notauth); destination(d_messages); }; log { source(local); filter(f_auth); destination(d_secure); }; log { filter(f_firewall); destination(d_firewall); }; I even tried it without the match, so it was just anything from the kern facility. No go. Running RedHat linux 9. Thanks in advance! --- Dan