Hi Folks: I have a bunch of cisco routers that are all configured on the routers themselves to log at facility local0, and to send their logs to one host (well a couple of hosts simlarily configured, actually). I have the following filter for syslog filter f_syslog { not facility(auth, authpriv, local0, local1, mail) and level(debug..notice) and not match("nsca");}; I've likewise tried it as filter f_syslog { not facility(auth, authpriv, mail) and level(debug..notice) and not match("nsca");}; I then have a bunch of host filters that are supposed to filter router logs filter hostA { facility(local0) and host("192.168.0.1");}; unfortunately the logs are getting into syslog, I assume because they fall within the proper level, but why is the facility not preventing that? The same thing is happening with snmptraps which are received at local1. I'd appreciate any insights. syslog-ng 1.4.16 on redhat linux 7.2 and 7.3 Are there any general rules to follow when constructing filters??? thanks, Brian Seppanen seppy@chartermi.net 906-228-4226 ext 23