I'm using syslog-ng v1.9.1+ and am having some trouble getting the behavior of syslog-ng down. I took this syslog-ng.conf file from a sun - hense the sun-streams reference - and put it on a linux system. With this on the sun, any syslog message from host a.b.c.d would be put in the directory /var/log/syslog-ng/hostname/messages Instead I'm getting all local syslog messages just fine BUT any remote messages aren't getting through. I did a lsof -Pni and syslog-ng IS listening on ports 514 both tcp and udp - I even created the directories and messages file - chmoded the permissions to 777 - all to have no messages dumped to their respective directories. I started syslog-ng up w/ the options '-de' and sniffed the network. Packets are being sent to the daemon and the debug messages look as so log_reader_fd_prepare(); window_size='100' but still no directories creates or information put in files. Any ideas on what I'm doing wrong? options { # use_fqdn (yes); #makes log names to long use_dns (yes); create_dirs (yes); log_fifo_size (1000); }; source local { unix-stream("/dev/log"); }; #source local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; source udp_net { udp(); }; source tcp_net { tcp(); }; destination all { file("/var/log/syslog-ng/messages" owner (root) group (wheel) perm (0640) ); }; destination network { file("/var/log/syslog-ng/$HOST/messages" owner (root) group (wheel) dir_group (wheel) perm (0640) dir_perm (0750) ); }; log { source(local); destination(all); }; log { source(tcp_net); source(udp_net); destination(network); };