I am having a problem with logging from a Cisco PIX firewall to a syslog-ng file. For months it has been working fine, but something happened on 18th december: Dec 18 16:08:25 BPFpix-int Dec 18 2003 08:53:15: %PIX-3-313001: Denied ICMP type=8, code=0 from 217.81.176.93 on interface 0 Dec 18 09:46:50^@ BPFpix-int %PIX-3-313001: Denied ICMP type=8, code=0 from 217.79.97.90 on interface 0 all the lines logged since "Dec 18 09:46:50" have all had that ^@ code after it, and no date. i don't know why the times on the previous line are different, but the syslog server now has our "official" time, so i'm not that bothered. Around this time i was trying to sort out the permissions problems with /dev/ files i was having when syslog-ng restarted, so i guess this could be connected. This ^@ character is only in the PIX firewall log (which is saved to a different file than most of the other syslog messages). The pertinent config lines are as follows: destination null { file("/dev/null" perm(0666)); }; source BPFpix { udp(ip ("192.168.1.2") port(514)); }; filter f_bpfpixpingdrop { host ("BPFpix") and match("Denied ICMP"); }; # BPFpix messages # destination BPFpixlog { file ("/var/log/BPFpix"); }; log { source(BPFpix); destination(BPFpixlog); }; # drop ping attempts log { source(BPFpix); filter (f_bpfpixpingdrop); destination(null); flags(final);}; # log the rest log { source(BPFpix); destination(lanmon); }; the "lanmon" destination is a machine that emails certain syslog messages, and because the PIX messages have a ^@ in them, the messages are mainly blank! Can anyone tell me where this ^@ is coming from, and could it be permissions related? i am running syslog-ng 1.6.0rc4. also, i really want that first line to read: destination null { file("/dev/null" perm(-1)); }; so that no permissions are changed on that file, but syslog-ng complains about it when i start it up. What am i doing wrong? thank you! chris -- The content of this e-mail is confidential, may contain privileged material and is intended solely for the recipient(s) named above. If you receive this in error, please notify Software AG immediately and delete this e-mail. Software AG (UK) Limited Registered in England & Wales 1310740 Registered Office: Hudson House, Hudson Way, Pride Park, Derby DE24 8HS