All, I have a config I need help with: I have 2 Linux boxes running syslog-ng behind a Foundry ServerIron load balancing switch, which provides both load sharing and redundancy. The Foundry maintains it's server farm by both pings and actual syslog messages. It does this by sending garbage to the specified UDP port (514). If it receives a 'Port Unavailable' message, the service must no longer be running and the Foundry removes the server from the farm and redirects traffic to available servers. If it receives nothing, it assumes the service must be running and the message was received successfully. My problem is that my syslog-ng receives this message and processes it. My conf dictates that anything coming over udp 514 get written to a $HOST macro and $DATE macro expanded filename. So, I end up with a directory that contains files with garbage messages from the Foundry switch. How do I put a filter in to redirect these garbage test messages? Preferably redirecting them to pipe("/dev/null"). My foundry is called ns-foundry1 in my DNS server and it's IP is 208.3.134.90. The config file below allows the Foundry garbage messages to hit on the second log statement (log { source(src); destination(everything); };), which is bad. Thanks for your help... Here is my config file: options { sync(0); #use_dns(no); create_dirs(yes);}; source foundry { udp(ip("208.3.134.90") port(514)); }; source int { unix-stream("/dev/log"); internal(); }; source src { udp(port(514)); }; destination everything { file("/NetscreenLogs/$HOST/$HOST.$MONTH-$DAY-$YEAR.log" owner(NetscreenLogs) group(NetscreenLogs) perm(0777) dir_perm(0777)); }; filter foundryfilt { host("ns-foundry1"); }; destination void { pipe("/dev/null"); }; destination internallogs { file("/var/log/messages"); }; log { source(foundry); filter(foundryfilt); destination(void); }; log { source(src); destination(everything); }; log { filter(DEFAULT); destination(internallogs); }; Brian Leveille ------------------- Senior Internetworking Engineer DefendNet Solutions, Inc. www.defendnet.com