Hello, I've been working on setting up a syslog to do some event per second calculations. I'm trying to log all information from a host such as AIX or Linux to a single file. I can do this with the 'host' option but I am having problems combining this with the local facility option. I've been working with various iterations but here are the major components: options { sync(0); time_reopen(10); log_fifo_size(1000); long_hostnames(off); use_dns(no); use_fqdn(no); create_dirs(yes); keep_hostname(yes); owner(root); }; source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); udp(ip(0.0.0.0) port(514)); }; source s_net { udp(); }; And here is an example of the log definitions: destination sw-089 { file("/var/log/sw-089.log"); }; destination adm1r2 { file("/var/log/adm1r2.log"); }; filter f_adm1r2 { host("172.16.148.60"); }; filter f_sw-089 { facility(local4); }; log { source(s_sys); filter(f_sw-089); destination(sw-089); }; log { source(s_net); filter(f_adm1r2); destination (adm1r2); }; The facility locals seem to be working at all times, but the host does not... any ideas or suggestions? Thanks, Dan