Hi all- We're running syslog-ng in relay mode on a server which collects the udp syslogs from generic syslogd on a number of Linux and Solaris hosts in a single location. All the hosts around the collector are able to send logs to the collector, via 514/udp, and the logs are relayed on to our master server successfully. The problem comes on the relay host itself. We want to run syslog-ng as independently as possible and not have it replace the local syslogd. So, the local syslogd should send its logs via 514/udp to the syslog-ng instance. On RHEL4, it seems that the generic syslogd is showing as bound to 514/udp and any messages that the local syslogd would send on to syslog-ng are lost. Remember, this is all happening on the same host. Any syslog messages from other hosts arrive at the syslog-ng relay and are swiftly relayed on to the master server. # netstat -an | grep 514 tcp 0 0 149.174.133.19:514 0.0.0.0:* LISTEN tcp 0 0 149.174.133.19:9605 IP.FOR.SYSLOG-NG.MASTER:9514 ESTABLISHED (I think this piece is the problem:) udp 0 0 0.0.0.0:514 0.0.0.0:* udp 0 0 149.174.133.19:514 0.0.0.0:* syslog-ng Config bits: ------------------------------------------------------ source s_remote { tcp(localip(149.174.133.19) port(514)); udp(localip(149.174.133.19) port(514)); }; destination d_relay { tcp("IP.FOR.SYSLOG-NG.MASTER" port(9514)); }; log { source(s_remote); destination(d_relay); }; ------------------------------------------------------- Any ideas? Richard -------------------------------------------------------- Richard R. Morgan | richard at northerncrown.com --------------------------------------------------------