heya, Been implementing a setup similar to Nate Campin's but with a few twists and some modernisation and as I did it I thought about the following things. Firstly, part of the setup has logs going from satellite servers to a central server and then being thrown into a db, what I would like to do is if the central db ever goes down, I would like to spool the logs destined for that central server locally and when the db is back up for it to send them. How would you go about implementing this feature? Secondly I notice that Nate has gone to some trouble to setup feeds to swatch and sec, but I don't quite understand why. Can someone tell me what this programs offer that you can't do by simply pattern matching with a filter and then piping to a program that mails it out for example? Why would you implement both the swatc/sec as in Nate's howto AND his mail-syslog destinations? Finally I had to patch / change a lot of things from Nate's howto's. If anyone needs patches to sqlsyslogd, both the src for new buffer sizes, the sql setup to make it work with mysql 4.1+ or my templates for putting the data into mysql with a db timestamp instead of a ISO formatted one let me know. -- strerror http://www.disciplina.net