Hello List, I'm using the syslog-ng OSE version 3.1.2. Currently, I have a syslog-ng server which collects events from several devices : routers (Cisco), switches (Alcatel), other devices which send events to the syslog server by using the port 514 with the protocol UDP. For the router and the switch, I need to use the flag "no-parse" because I have to parse the content of the message by using "patterndb.xml". But... for the others devices I don't want to use the flag "no-parse" because the events respect the syslog format. I think it's not possible to configure syslog-ng like this : source s_udp_01 { udp (flags(no-parse); }; source s_udp_02 { udp (); }; log { source (s_udp_01); (...) }; log { source (s_udp_02); (...) }; The workaround could be the modification of udp port destination for the devices but it's not possible for the switch Alcatel. For the router Cisco, I don't know if it's possible or not... Someone would have an idea for that "problem" ? Regards, Yann I.