hi ... I am a newbie in syslog-ng I meet some problems in configure syslog-ng I have three machine, A is inside NAT, B is NAT server, C is loghost outside NAT B forward log message from A to C. A's syslog-ng.conf setting options { long_hostnames(off); sync(0); }; source src {unix-dgram("/var/run/log");udp();internal();file("/dev/klog");}; destination loghost{udp("B" port(514));}; log{ source(src);destination(loghost);}; B's syslog-ng.conf setting options { chain_hostnames(yes); keep_hostname(no); long_hostnames(off); sync(0); use_dns(yes); use_fqdn(yes); }; source src { unix-dgram("/var/run/log"); internal(); file("/dev/klog"); }; source fwd {udp( ip(10.1.1.254) port(514));}; destination loghost { udp("C" port(514)); }; log { source(src);source(fwd); destination(loghost); }; C's syslog-ng.conf setting options { chain_hostnames(yes); keep_hostname(no); create_dirs(yes); long_hostnames(off); sync(0); use_dns(yes); use_fqdn(yes); }; source src { unix-dgram("/var/run/log"); udp(); internal(); file("/dev/klog"); }; destination all { file("/var/log/all.log"); }; log { source(src); destination(all); }; three machine all are FreeBSD machine A FreeBSD is 5.3 B is FreeBSD 4.11 C is FreeBSD 4.10 syslog-ng version are the same(syslog-ng 1.6.5) the FAQ say's that.. keep_hostname(yes) keep_hostname(no) chain_hostname(yes) server server/server2 chain_hostname(no) server server2 i have see that FAQ,but i can not produce the log record like scr@host1/host2 when the root login at A machine,syslog-ng record this action,but... A ==> Dec 13 20:42:36 A login: ROOT LOGIN (root) ON ttyv0 B ==> Dec 13 20:42:36 10.1.1.11 login: login on ttyv0 as root Dec 13 20:42:36 10.1.1.11 login: ROOT LOGIN (root) ON ttyv0 Dec 13 20:42:36 10.1.1.11 login: ROOT LOGIN (root) ON ttyv0 C ==> Dec 13 20:42:36 B login: login on ttyv0 as root Dec 13 20:42:36 B login: ROOT LOGIN (root) ON ttyv0 Dec 13 20:42:36 C login: ROOT LOGIN (root) ON ttyv0 Dec 13 20:42:36 B login: ROOT LOGIN (root) ON ttyv0 (B、C is his hostname) it seems quiet strange. Can someone hlep me? thanks a lot (sorry for my poor English ^^")