I'm playing with a syslog server that will have quite a number clients. I'm running syslog-ng-1.4.11 on Solaris 8. I've been testing with both use_dns on and off with little success. My destination is destination messages { file("/var/log/$HOST/$FACILITY.$YEAR$MONTH$DAY.$HOUR" create_dirs(yes) ); }; With it on, I get messages in both /var/log/<hostname>/local0..... and /var/log/<IP address>/local0..... The number of messages I get in the IP address directory is small, less than 1%. I just assume that syslog-ng gives up on the dns query and writes $HOST as the IP rather than the hostname. This occurs less when a dns cache is installed, but it's still not great having two log files. It doesn't really seem to be blocking on the lookup failures, as I'm not noticing a timeout happening. To overcome this, I turned use_dns off. I have clients using nsyslog-ng using tcp as the transfer protocol. Now these nsyslog-ng clients are logging to /var/log/<hostname>/local0 and NEVER in /var/log/<IP address>/local0 I want both nsyslog-ng and standard syslog clients to log to the same directory format. I'll settle for the $HOST variable being the IP. What am I missing for nsyslog-ng clients using tcp to do this? Thanks, Glen