I am getting something very strange in my syslogs. This doesn't happen for every host but it appears that most of the hostnames are getting the front truncated. Here is a sample of the logfile and my config file. I am running syslog-ng 1.4.7. Nov 15 13:57:03 gw1.hanau.army.mil 172593: Nov 15 13:57:18: %SEC-6-IPACCESSLOGP: list 196 permitted tcp 140.156.30.6(48879) -> 192.73.27.115(33658), 725 packets Nov 15 13:57:03 gw7.mannheim.army.mil 93065: Nov 15 13:57:18: %LANCE-5-LATECOLL: Unit 0, late collision error Nov 15 13:57:03 bggw.heidelberg.army.mil 3078332: Nov 15 13:57:18: %SEC-6-IPACCESSLOGP: list 191 denied tcp 64.4.16.24(80) -> 147.37.199.194(1509), 1 packet Nov 15 13:57:03 bggw.ansbach.army.mil 437279: Nov 15 13:57:18: %SEC-6-IPACCESSLOGP: list 193 denied udp 136.218.199.6(1704) -> 169.254.102.246(1112), 1 packet Nov 15 13:57:03 BGGW-ETHER0-1.STUTTGART.ARMY.MIL 1236689: 6w6d: %SEC-6-IPACCESSLOGP: list 192 permitted tcp 199.211.200.34(1488) -> 136.221.21.11(80), 6 packets The hostname should have hnu-gw1.hanau.army.mil in the first one and likewise for the rest. There is some 3 letter representation of the region on the front of the hostname. Here is my config, partly anyway. options { long_hostnames(yes); use_fqdn(yes); chain_hostnames(no); sync(0); keep_hostname(yes); create_dirs(yes); }; source src { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); udp(); }; destination d_cisco { file("/logs/cisco/ciscologs"); }; destination d_reno { udp("host.mydomain.mil"); }; filter f_cisco { facility(local7) }; log { source(src); filter(f_cisco); destination(d_cisco); destination(d_host); }; Seems to actually function fine but is truncating the front part. Any ideas? Regards, Drew