ello, I'm in the test-phase of my loggingserver. and syslog-ng started to create a logfile I don't understand why it did that. This is my conf, it's a fairly easy setup. (striped other unimportant stuff)  options { long_hostnames(yes); sync(0); time_reap(10); use_time_recvd(yes); use_dns(yes); use_fqdn(yes); create_dirs(yes); log_fifo_size(10000); chain_hostnames(yes); }; source oldserver { udp(ip(xxx.xxx.xxx.xxx) port(514)); }; destination blackhole { file("/var/log/frontier/$YEAR$MONTH/$HOST"); }; destination blackhole_auth { file("/var/log/frontier/$YEAR$MONTH/$HOST-auth"); }; destination blackhole_crit { file("/var/log/frontier/$YEAR$MONTH/$HOST-crit"); }; destination blackhole_emerg { file("/var/log/frontier/$YEAR$MONTH/$HOST-emerg"); }; destination blackhole_err { file("/var/log/frontier/$YEAR$MONTH/$HOST-err"); }; destination blackhole_messages { file("/var/log/frontier/$YEAR$MONTH/$HOST-messages"); }; destination blackhole_warn { file("/var/log/frontier/$YEAR$MONTH/$HOST-warn"); } log { source(oldserver); destination(blackhole); }; log { source(oldserver); filter(f_auth); destination(blackhole_auth); }; log { source(oldserver); filter(f_crit); destination(blackhole_crit); }; log { source(oldserver); filter(f_emerg); destination(blackhole_emerg); }; log { source(oldserver); filter(f_err); destination(blackhole_err); }; log { source(oldserver); filter(f_messages); destination(blackhole_messages); }; log { source(oldserver); filter(f_warn); destination(blackhole_warn); }; The syslog-ng ran for the last 10 days without problems, however today I discovered three new logfiles. -rw------- 1 root root 119 Feb 1 10:43 last -rw------- 1 root root 60 Feb 1 05:45 last-messages -rw------- 1 root root 60 Feb 1 05:45 last-warn erwin:/var/log/frontier/200102# cat last Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times Feb 1 10:43:27 last/ns2.xxx.net message repeated 1 time erwin:/var/log/frontier/200102# cat last-messages Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times erwin:/var/log/frontier/200102# cat last-warn Feb 1 05:45:23 last/ns2.xxx.net message repeated 2 times The box the logs came from is a sparc10 with solaris5.8. The orginal logfile statements were: Feb 1 05:45:23 sparky last message repeated 2 times ... Feb 1 10:47:50 sparky last message repeated 1 time There are plenty of other "last message repeated..." lines in sparky's logfile, so I don't see a reason *why* those both got logged seperately. The first logentry repeated a warn-message, the other one a notice-message. Can anyone give me a hint please? The version I use is 1.4.10 on linux. (syslog-ng doesn't run yet on the sparc10. I export the logs via the goold old "*.crit,*.warn,etc,etc. @hostname way") -- Regards, Wiktor Wodecki, Unix Administration | Wapme-Systems AG Tel.: +49-211-748450 | Muensterstrasse 248 Fax: +49-211-74845176 | 40470 Duesseldorf E-Mail: wodecki@wapme-systems.de | http://www.wapme-systems.de