Hi all, I am trying to change a box from syslog to syslog-ng but I cant quite get the syntax down. Here is my current syslog.conf: local0.* %/var/log/filter.log local7.* %/var/log/dhcpd.log *.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local7.none %/var/log/system.log security.* %/var/log/system.log auth.info;authpriv.info;daemon.info %/var/log/system.log *.emerg * This is how I did my syslog-ng.conf: # # This sample configuration file is essentially equilivent to the stock # FreeBSD /etc/syslog.conf file. # # # options options { long_hostnames(off); sync(0); }; source src { unix-stream("/var/run/log"); pipe("/dev/klog"); internal(); }; destination dest { file("/var/log/filter.log"); }; destination stunnel { tcp("127.0.0.1" port(514)); }; log { source(src);destination(dest); }; log { source(src);destination(stunnel); }; # # destinations # destination messages { file("/var/log/system.log"); }; destination firewall { file("/var/log/filter.log"); }; destination dhcp { file("/var/log/dhcp.log"); }; # log facility filters # filter f_auth { facility(auth); }; filter f_authpriv { facility(authpriv); }; filter f_console { facility(console); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_ftp { facility(ftp); }; filter f_kern { facility(kern); }; filter f_lpr { facility(lpr); }; filter f_mail { facility(mail); }; filter f_news { facility(news); }; filter f_security { facility(security); }; filter f_user { facility(user); }; filter f_uucp { facility(uucp); }; filter f_local0 { facility(local0); }; filter f_local1 { facility(local1); }; filter f_local2 { facility(local2); }; filter f_local3 { facility(local3); }; filter f_local4 { facility(local4); }; filter f_local5 { facility(local5); }; filter f_local6 { facility(local6); }; filter f_local7 { facility(local7); }; # # log level filters # filter f_emerg { level(emerg); }; filter f_alert { level(alert..emerg); }; filter f_crit { level(crit..emerg); }; filter f_err { level(err..emerg); }; filter f_warning { level(warning..emerg); }; filter f_notice { level(notice..emerg); }; filter f_info { level(info..emerg); }; filter f_debug { level(debug..emerg); }; # # *.err;kern.debug;auth.notice;mail.crit /dev/console # # # *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages # log { source(src); filter(f_notice); destination(messages); }; log { source(src); filter(f_kern); filter(f_debug); destination(messages); }; log { source(src); filter(f_news); filter(f_err); destination(messages); }; # # security.* /var/log/security # log { source(src); filter(f_security); destination(messages); }; ## firewall specific log { source(src); filter(f_local0); destination(firewall); }; log { source(src); filter(f_local7); destination(dhcp); }; Hopelessly lost......thanks for any insight/education... -- Chet