Hi, I'm running syslog-ng 1.4.14 on a RedHat 7 box, using it to log messages from a mixture of 10.20 and 11.0 HP-UX boxes. The HP boxes are using their own syslog here. I've got messages coming in from the hosts fine, but some stuff isnt coming through - ie syslog on the local box has more messages that the log on the central syslog-ng server. In particular is anything coming from vmunix. Here is what my config file looks like, it is taken from a sample config with just the udp added in and the $HOST variable added in for paths. options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (yes); use_fqdn (no); create_dirs (yes); keep_hostname (no); }; source s_sys { unix-stream ("/dev/log"); internal(); udp(ip(10.16.6.102) port(51 4)); }; destination d_cons { file("/dev/console"); }; destination d_mesg { file("/var/syslog/$HOST/messages"); }; destination d_auth { file("/var/syslog/$HOST/secure"); }; destination d_mail { file("/var/syslog/$HOST/maillog"); }; destination d_spol { file("/var/syslog/$HOST/spooler"); }; destination d_boot { file("/var/syslog/$HOST/boot.log"); }; destination d_mlal { usertty("*"); }; filter f_filter1 { facility(kern); }; filter f_filter2 { level(info) or facility(mail) or facility(authpriv); }; filter f_filter3 { facility(authpriv); }; filter f_filter4 { facility(mail); }; filter f_filter5 { level(emerg); }; filter f_filter6 { facility(uucp) or (facility(news) and level(crit)); }; log { source(s_sys); filter(f_filter1); destination(d_cons); }; log { source(s_sys); filter(f_filter2); destination(d_mesg); }; log { source(s_sys); filter(f_filter3); destination(d_auth); }; log { source(s_sys); filter(f_filter4); destination(d_mail); }; log { source(s_sys); filter(f_filter5); destination(d_mlal); }; log { source(s_sys); filter(f_filter6); destination(d_spol); }; The syslog.conf from my HPUX box has the following line added *.info;mail.none @central-syslog-server I figure its got something to do with filters, but I dont know where to start. Basically I want everything logged and then I'll start deciding what to filter out. Can anyone help me out here ? Thanks, Tom ************************************************************************ This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. http://www.esatbusiness.com Subscribe to the Esat Business Online Magazine: http://www.esatbusiness.com/news/subscribe.asp Subscribe to REALISE - the online magazine from BT Ignite: http://www.btignite.com/realise ************************************************************************