Unless I'm really wrong (and my IP logger is more broken than I thought), doesn't: inet_ntoa(packet.ip.ip_src); give you the source IP (in a nice, readable string form)?

Garnered from the Linux UDP header file.

Yes, it does. The problem was not here though. Internally in syslog-ng everything is represented as a message pipe: sourcedriver -> source_group -> log_center -> dest_group -> dest_driver log_center takes care about distributing all log messages. The problem was not that I couldn't find the name of that host where the message came from, but that the a message coming from a given source driver always has the same source address. (e.g. the first source driver represented a connection, and the source address was obtained from accept()) On the contrary UDP packets don't have an associated connection, each packet is received from the same socket, and each may have a different source address. (receiving udp packets are done usually with recvfrom()) For more details please consult the source. However I more or less solved the most difficult problem and I only need some spare time to release a new version. -- Bazsi PGP key: http://www.balabit.hu/pgpkey.txt, or finger bazsi@balabit.hu