I've got about 15 solaris 8 boxes and 5 slackware linux boxes. For some reason 4 of the solaris and 2 of the linux boxes will not write to the syslog-ng loghost. All the remotes are exactly the same setup and port 514/udp isn't blocked between any of the remotes and the loghost. Here is the syslog.conf for the host machines *.err;kern.notice;auth.notice @loghost.domain.com *.err;kern.debug;daemon.notice;mail.crit @loghost.domain.com *.alert;kern.err;daemon.err operator *.alert root *.emerg *, @loghost.domain.com If anyone has any idea why these logs are being transferred to the loghost I'm open for ideas. I'm running syslog-ng 1.5.26 Thanks Paul