Hi folks. We have some of our more important hosts reporting our central syslog-ng servers via stunnel. The downside seems to be that only the first "word" (unqualified) of the hostname makes its way to the loghost. Because of an well-intentioned but annoying host naming policy, we have a number of hosts named things like web002.abc and web002.xyz. It would seem that this causes log files to become intermingled. Here is the line we are using in one of the destination statements: file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" so both web002.abc and web002.xyz end up going to /var/log/HOSTS/web002/ . We tried using $FULLHOST but instead of getting the value of hostname -f (at least on linux), like we hoped, we got something very strange, like s_sys@hostname, which evidently is trying to describe the chain of hosts the log message passed through (though we have no hosts named s or sys). Does anyone have experience or suggestions for getting around this problem? Or perhaps there's a solution in a newer version of syslog-ng. We are using syslog-ng 1.6.5 and libol 0.3.14. Thanks! Alexi