Hi, I run a RedHat 7 system (just upgraded from 5), and don't understand why my previous configuration of syslog-ng (1.4.7) doesn't log kernel messages with rh7, especially those from the IP Chains Packet log. These messages were logged with syslog, but no longer with syslog-ng: example: Nov 3 08:25:34 machine kernel: Packet log: input DENY eth0 PROTO=17 192.41.21.11:123 21.21.1.2:123 L=76 S=0x10 I=31802 F=0x0000 T=14 (#38) I do run klogd and these messages still show up if I issue a "dmesg" I've tried starting klogd before and after syslog-ng, but that doesn't seem to make a difference. Does anyone have any hints? Thanks. My config file: options { long_hostnames(off); sync(0); time_reopen(10); log_fifo_size(100); }; source src { unix-stream("/dev/log"); internal(); }; destination fw { file("/var/log/firewall"); }; destination ftpd { file("/var/log/ftpd"); }; destination sendmail { file("/var/log/maillog"); }; destination cron { file("/var/log/cron"); }; destination sshd { file("/var/log/sshd"); }; destination all { file("/var/log/ng-log"); }; destination dst { file("/var/log/msgs"); }; filter fw { match("Packet"); }; filter ftpd { program("ftpd"); }; filter sendmail { program("sendmail"); }; filter cron { program("CROND"); }; filter sshd { program("sshd"); }; filter remain { not program("CROND") and not program("ftpd") and not program("sshd") and not program("sendmail") and not match("Packet") ; }; log { source(src); filter(fw); destination(fw); }; log { source(src); filter(ftpd); destination(ftpd); }; log { source(src); filter(cron); destination(cron); }; log { source(src); filter(sshd); destination(sshd); }; log { source(src); filter(sendmail); destination(sendmail); }; log { source(src); filter(remain); destination(all); }; log {source(src); destination(dst); };