Hi, Below is my setup (see the config details). Issue i am facing is : Lets say on central servers apache logs are collected till 2:00 PM for current date. Incase if i delete the log file on central server, a new file gets created and starts collecting the log after the delete time ie 2:00 PM. What i want to achieve is that in such an event where the log files gets deleted.. the new log-file will collect the log from the beginning of the day ie 12:00 AM. Is this possible ? *************** client config *********************** @include "scl.conf" options { keep_hostname(yes); log_fifo_size(100000) }; rewrite r_setfilename { set( "$FILE_NAME", value(".SDATA.file@18372.4.name") ); }; rewrite r_apache_basepath_www-dev01 { subst( "/apps/log/apache/www-dev01/", "", value(".SDATA.file@18372.4.name") type("string") flags("prefix") ); }; source s_apache_www-dev01 { file("/apps/log/apache/www-dev01/*.log" program_override("apache/www/dev01") flags(no-parse) recursive(yes) ); }; destination d_server { syslog("x.x.x.x" transport("tcp") port(514)); }; log { source(s_apache_www-dev01); rewrite(r_setfilename); rewrite(r_apache_basepath_www-dev01); destination(d_server); }; *************** Server Config ************ @include "scl.conf" options { create_dirs (yes); dir_perm(0755); dir_group(60030); dir_owner(wwwtools); perm(0755); owner(wwwtools); group(60030); keep_hostname(yes); threaded(yes); log_msg_size(5000000); }; source s_network { syslog(ip(0.0.0.0) port(514) transport("tcp") max-connections(200)); }; filter f_apache_www-dev01 { program('apache/www/dev01'); }; destination d_central { file("/apps/log/syslog-ng/${PROGRAM}/${YEAR}${MONTH}${DAY}/${HOST}/${. SDATA.file@18372.4.name}" template("${MSGONLY}\n") ); }; log { source(s_network); filter(f_apache_www-dev01); destination(d_central); }; -- Regards, Sagar Naravane