So I have a scenario I am having difficulties with. I have an IDS sensor (suricata), and it is generating a log-file at /log_file_dir/fast.log And I would like to parse this log and send it off to a remote syslog server. I have put the following in my syslog-ng.conf: source s_log_server { file("/log_file_dir/fast.log " program_override("snort")); }; added a destination for the remote server: destination d_log_server { udp ("fqdn.of.primary.elsa.box" port(514)); }; Then in the log{ section I have put this: Destination (d_log_server); Logs are making it to the remote box, but in an unparsed format... How do I get this to trigger a parser in syslog-ng? Thanks much, Jim