Hello Sir i have sucessfully installed 1) syslog-ng version 1.4.17 2) swatch-3.1 on my redhat 7.2 linux server , which is our central loghost system , all other server are mix of solaris 7,8,9 & redhat linux 7.x, The problem i am facing is i am not able to generate real time alerts using swatch , Following are my configuration files , syslog-ng.conf options { sync (1); time_reopen (10); log_fifo_size (2048); long_hostnames (off); use_dns (yes); use_fqdn (yes); create_dirs (yes); keep_hostname (yes); }; source net { udp(); }; destination swatch { program("/usr/bin/swatch --read-pipe=\"cat /dev/fd/0\""); }; log { source(net); destination(swatch); }; destination hosts { file("/var/log/HOSTS/$HOST/$YEAR/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(net); destination(hosts); }; here , i am getting lots under /var/log/HOSTS directory , but not getting logs of the loghost itself , my swatchrs is small and simple coz its not working at the moment , the same is bellow swatchrc watchfor /error Authentication/ echo exec echo $0 | mail /usr/bin/mail -s \"log 11alert\" user\@testdomain.com throttle 10:00 watchfor /error Authentication/ echo exec echo $0 | bash-mail-alert swap_space user@testdomain.com ~ nighter of this is generating any alerts , nor any files is getting created under /root/swatch directory , but when i start the syslog-ng , and then give ps -ef | grep swatch , i can see swatch process i guess swatch is not getting anything from syslog-ng , no clues why ? please help me and guide me where the problem is , would be really grateful to you sir regards Prashant __________________________________ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover