Hello. I have roughly 800 OpenSolaris hosts running syslog-ng 1.6.11, logging back to another OpenSolaris host running 2.1beta2. Most of the remote locations are over slow DSL lines, so the client has requested that we only do log collection between 04:00 and 06:00 (for example) What's the best method for this? I thought about just logging everything locally at the remote locations and rsync'ing the log files back to the syslog-ng server during those hours, but I' not sure if that two hour window will be enough to gather all the data. If the commercial version of syslog-ng supports such a configuration, then I'm sure that the client would be consider purchasing it, so if that's an option let me know. Ideally there should be a way to only send logs remotely between a certain time window from the remote machines, all other times log locally, and then dump the remaining logs during that time window. I've searched the mailing list archives and couldn't find anything applicable. Thanks in advance, Josh