I will wish to write a script to filter the event of my equipment by address IP. But I cannot program in Shell. If anyone has any ideas, please forward them to me also.

If you want to pre-process things this way, you can use a destination {}; in syslog-ng, something like the following: options { # put all your other options here; create_dirs(on); }; destination by_host { file("/var/log/$HOST/$FACILITY.$PRIORITY"); }; log { source(src); destination(by_host); }; This will create you a directory tree, in which you have a sub-directory for each host, with a facility.priority file in each host's directory containing all the relevant log info. You could also do it like file("/var/log/$HOST"); if you just wanted all logs for each host in a single file, and other variations on the theme that you may preferr. If you want to post-process the messages, use the following shell script (this script works on Linux boxes for sure; I don't know about other Un*xes, but probably). #---begin of file--- #!/bin/sh # The files to parse (season to suit your system) files="/var/log/messages /var/log/secure /var/log/maillog" # Make sure our sorted directory exists, create it if it doesn't if [ ! -d /var/log/sorted ] ; then mkdir /var/log/sorted chmod 0750 /var/log/sorted fi # parse the input files by host. cat $files | while read line ; do hostname="`echo $line | cut -d"@" -f2 | cut -d" " -f1`" echo $line >> /var/log/sorted/$hostname done #---end of file--- Cheers! -- A.L.Lambert ------------------------------------------------------------------------ The problems that exist in the world today cannot be solved by the level of thinking that created them... -Einstein ------------------------------------------------------------------------