All, I seem to be having a common problem with forwarding syslog messages. I have read through archives and the solution that is most popular isn't working for me. I have a central server with is properly receiving messages from my PIX firewalls. On that same server I have an application from Cisco with acts like a syslogd daemon and parses PIX messages into separate categories. Syslog-ng is listening on 514 and the Cisco product is listening on 515. My problem is the source IP address that the Cisco application receives is the IP address of the server not the PIX that produced it. Any help would be greatly appreciated, below is my configuration file. Thanks in advance. Mandeep options { keep_hostname(yes); chain_hostnames(no); create_dirs(yes); use_time_recvd(yes); use_dns(no); use_fqdn(no); }; source s_external { udp(); }; destination d_firewall_file { file("/logs/$YEAR/$MONTH/$DAY/firewall.log" perm(0655) dir_perm(0655)); }; destination d_firewall_Port { udp("192.168.0.1" port(515)); }; log { source(s_external); destination(d_firewall_file); }; log { source(s_external); destination(d_firewall_Port); };