Hi list, I'm stumbling over what is hopefully just a configuration issue... syslog-ng 'seems' to drop privileges and run as user syslogng, but creates new directories as root and will fail to write new logfiles inside them. I'm afraid this is related to still having port 514 open... Funny thing: The files in those directories will use the specified permissions :) I was starting syslog-ng with the following parameters: /opt/syslog-ng/sbin/syslog-ng --pidfile=/var/run/syslog-ng.pid --chroot=/var/opt/syslog-ng --user=syslogng --group=syslogng # Log file options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (yes); use_fqdn (yes); create_dirs (yes); # leave this to 'no', see http://www.campin.net/syslog-ng/faq.html#bad_filenames keep_hostname (no); }; # Source - only listen on UDP, don't read /dev/log source s_udp { udp(); }; # [ I cut filters section out ] # testing external input now destination logip { file("/logs/remote/$HOST_FROM/$YEAR$MONTH/$FACILITY$YEAR$MONTH$DAY" owner(syslogng) group(syslogng) perm(0600) dir_perm(0700) create_dirs(yes) template("$DATE $FULLHOST $PROGRAM $TAG [$FACILITY.$LEVEL] $MESSAGE\n") ); }; log { source(s_udp); destination(logip); }; # EOF Currently I'm running it as root and am thinking about using a portforward 514->10514 so I don't require any root privileges. Alternatively I could try out Balabit's restrict, which seems to be better at dropping root privileges, but unfortunately I have no clue how it works, and am not sure if it will work on HP-UX :) Can You try to make me understand where the problem is hiding? Configuration? Port Number? Bug? User? Thanks a lot of Your time! Florian -- I'll save You the signature :)