I checked the archives, but no entries exactly described my problem. It seems as though syslog-ng does not log properly over the network (at least with my configuration). The configuration is supposed to send the data across the network to a centralized logging machine. However, it seems as though the data gets logged only out of random chance. version: syslog-ng-1.4.10 Here is a listing of the logs off the centralized logging machine: SIZE DATE LOG FILES 0 Apr 12 16:02 machine1.automation.log 1760 Apr 18 19:21 machine1.security.log 0 Apr 17 00:01 machine2.automation.log 899 Apr 18 19:13 machine2.security.log 0 Apr 10 17:01 machine3.automation.log 3608 Apr 19 15:20 machine3.security.log 0 Apr 12 15:01 machine4.automation.log 903 Apr 23 04:59 machine4.error.log 14073 Apr 23 10:54 machine4.security.log 4618 Apr 18 19:48 machine5.security.log 0 Apr 10 17:01 machine5.automation.log 0 Apr 12 16:01 machine6.automation.log 1804 Apr 18 19:09 machine6.security.log Here is the configuration file for the log host: options { long_hostnames(off); sync(10); }; ## sources ## source local_src { unix-stream("/dev/log"); internal(); }; ## external source (log messages from other machcines) ## #source external_src { tcp(); }; source external_src { udp(ip(10.0.1.4) port(1800)); }; ## destinations ## destination kernel_dest { file("/var/log/kernel.log"); }; destination automation_dest { file("/var/log/automation.log"); }; destination security_dest { file("/var/log/security.log"); }; destination error_dest { file("/var/log/error.log"); }; destination eternal_peril_dest { file("/dev/null"); }; ## destination for external logs ## destination external_security_dest { file("/export/hda3/log/$HOST.security.log"); }; destination external_automation_dest { file("/export/hda3/log/$HOST.automation.log"); }; destination external_error_dest { file("/export/hda3/log/$HOST.error.log"); }; ## filters ## filter kernel_filter { facility(kern); }; filter security_filter { match("connect") or program("PAM_pwdb") or match("pam") or program("sshd") or program("login") or facility(security) and not program("sendmail"); }; filter error_filter { level(crit..panic); }; filter automation_filter { program("runfixes"); }; filter eternal_peril_filter { program("gpm") or program("talkd") or program("gnome-name-server") or program("automount") or program("sendmail") or program("CMD") and level(debug..error); }; ## log the messages ## log { source(local_src); filter(kernel_filter); destination(kernel_dest); }; log { source(local_src); filter(security_filter); destination(security_dest); }; log { source(local_src); filter(automation_filter); destination(automation_dest); }; log { source(local_src); filter(error_filter); filter(DEFAULT); destination(error_dest); }; log { source(local_src); filter(eternal_peril_filter); destination(eternal_peril_dest); }; The log-client configuration is almost identical, except it for a destination line: and the log lines: destination remote_john { udp("10.0.1.4" port(1800)); }; log { source(local_src); filter(kernel_filter); destination(kernel_dest); } Any help would be appreciated. -justin