Running v.1.5.13 Couldn't find likely questions in the archives, going to the list. I have been getting several gigabytes per day in the logs of entries similar to (line broken for length considerations: Feb 13 00:28:04 admin monitor_mail@admin.sjc.in.sel.sony.com: [daemon.info] monitor_mail@admin.sjc.in.sel.sony.com[24759]: connect from hpntbox1.corpnet.sel.sony.com To try and prevent these, I tried changing the conf file by adding: # DESTINATION ... destination trash { file("/dev/null"); }; ... # FILTER ... filter f_trash { match("connect from hpntbox1.corpnet.sel.sony.com"); }; ... # first exact rule log { source(src); filter(f_trash); destination(trash); flags(final); }; That works. Of course, the daemon then goes ahead and puts the default mode (0600) on /dev/null, which is not a good thing. I haven't been able to decipher a proper syntax for the options in the destination line. My best hints seem to have been in section 2.5 of the reference manual, so I tried: destination trash { file("/dev/null" options{perm(0666);}; ); }; But this gives a syntax error. Also tried eliding the options as in destination trash { file("/dev/null" perm(0666);); } to no avail. Obviously I'm missing something simple, but can't see it. TIA for any hints, Len