Ok I have done that my squid's access.log works via syslog-ng. That's nice. I get log given below -------------cut----------------- Oct 4 14:34:48 gw squid: 1033731288.219 1234 192.168.1.29 TCP_MISS/000 0 GET http://www.sans.org/infosecFAQ/sec_solaris.htm - NONE/- - Oct 4 14:34:48 gw squid: 1033731288.755 1764 192.168.1.29 TCP_MISS/200 192 GET http://216.239.33.102/search? - DIRECT/216.239.33.102 text/html -------------cut----------------- but I want to get log without "Oct 4 14:34:48 gw squid:" (date,time hostname and facility) How can I do it??? my syslog-ng.conf ------begin------------- options { keep_hostname(no); long_hostnames(off); sync(0); }; # source src { unix-dgram("/var/run/log"); # udp(); internal(); file("/dev/klog"); udp(ip("192.168.1.7") port(514)); destination hosts { file("/var/log/hosts/$HOST/$FACILITY/$MONTH/$DAY/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); }; log { source(src); destination(hosts); }; -----end------ Alexander Chernyh Network Administrator The Publishing House "Galitsky Kontrakty" http://www.gc.lviv.ua E-mail: alexch@gc.lviv.ua CHA-UANIC: http://uanic.com.ua ICQ 108387628