Hi there We've got a central syslog-ng server here with incoming feeds from old syslog clients (HPUX,Cisco,printers,etc) as well as TCP-based feeds from syslog-ng clients. In general it all works well. However, there seems to be a problem with kernel messages on the localhost. The fact that they are processname=kernel appears to be lost on syslog-ng - instead of seeing: server kern info kernel: device eth0 left promiscuous mode I see server kern info device eth0 left promiscuous mode This is with a template of: template("$R_ISODATE $HOST $FACILITY $PRIORITY $MSG\n") As it only seems to affect kernel messages on syslog-ng hosts, I think it's more of a generation problem than a receiving problem. On all the hosts affected, then source entry is: source s_local { internal(); unix-stream("/dev/log" keep-alive(yes) max-connections(100)); pipe("/proc/kmsg"); unix-stream("/var/spool/mysqld/dev/log" keep-alive(yes) max-con nections(10)); unix-stream("/var/log/snort/dev/log" keep-alive(yes) max-connect ions(10)); tcp(ip("1.2.3.4") port(514) keep-alive(yes) max-connections( 100)); tcp(ip("127.0.0.1") port(514) keep-alive(yes) max-connections(1 00)); udp(); }; Any ideas what's wrong/bug? Thanks for a great product! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1