Hi, I am trying to set up syslog-ng to process data from my router on port 514, but I don't know the format of the data to be able to build filters. Is there any way to collect all data on 514 to a file? My current filters, etc are: # # the draytek router # filter f_draytek { host("router") and not match("Local User") and not match("virtual\Server"); }; filter f_draytek_DSL_1 { host("router") and match("DSL"); }; filter f_draytek_DSL_2 { host("router") and match("ADSL_Status"); }; filter f_draytek_PPP { host("router") and match("PoE"); }; destination draytek { file("/var/log/draytek/draytek.log"); }; destination draytek_null { file("/dev/null"); }; destination draytek_dsl { file("/var/log/draytek/draytek_dsl.log"); }; destination draytek_ppp { file("/var/log/draytek/draytek_ppp.log"); }; log { source(src); filter(f_draytek); destination(draytek); }; log { source(src); filter(f_draytek_DSL_1); destination(draytek_dsl); }; log { source(src); filter(f_draytek_DSL_2); destination(draytek_dsl); }; log { source(src); filter(f_draytek_PPP); destination(draytek_ppp); }; The log files have no info, so I presume there is something wrong somewhere (the conf is from someone who had everything working (apart from the /dev/null). It would presumably be easier if I could see the raw data. Originally the 514 data was being blocked by the firewall, but that is now cleared. Any help would be appreciated. -- Best regards, David mailto:dma@pern.co.uk