What is the best way to apply filters to this macro. Let say I want to log messages to a different file for a given IP address. Should I add this type of statement before the destination d_mysql. # # This is the default behavior of sysklogd package # Logs may come from unix stream, but not from another machine. # source src { unix-dgram("/dev/log"); internal(); }; source net { udp(); }; # # If you wish to get logs from remote machine you should uncomment # this and comment the above source line. # # source src { unix-dgram("/dev/log"); internal(); udp(); }; ## Log syslog-ng to mysql database ## destination d_mysql { file("/syslog/data/fulllog.$YEAR.$MONTH.$DAY.$HOUR.$MIN.$SEC" template("INSERT INTO logs (host, facility, priority, level, tag, date, time, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n") template-escape(yes)); }; log { source(net); destination(d_mysql); }; Thanks, michael Michael Earls Systems Analyst, Information Services Cincinnati Children's Hospital Medical Center Phone: 513-636-5882 Pager: Michael.Earls@skytel.com PGP Info: KeyID 0x5EB59708 Fingerprint 108B A1D8 76F5 08A8 501A F28C 86F4 4BC5 5EB5 9708