Hi, I have some "problems" with syslog-ng. I have it deployed in several networks, and some of these networks are sharing the same IP address range and sometimes even the same IP address for certain hosts. This means that I can't truly say that 192.168.51.4 is either the db server in network A or the web server in network B. I'd like to have a $RELAY macro so I can save the logs as /LOGS/$RELAY/$HOST/$YEAR/$MONTH/$DAY/$FACILITY_$YEAR_$MONTH_$DAY Where $RELAY is where the message came from (so with direct connections it would be the same as $HOST, but with a syslog-ng in relay mode you get the address/name of the relay host). Basically a "received from" field. Is this functionality planned, or does it already exist (checked out the documentation but didn't see anything there). Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT Pte Ltd http://www.securecirt.com