I'm in a position where I've got a device that uses syslog-ng to filter multiple events into multiple diferent log files. I need to send the logs to a central udp syslog server and would like to have all events from this particular device show up as coming from a specific facility (say local3) so that they get put into the correct logfile on the central server. I've figured out that I have to define a destination, filter, and log in syslog-ng.conf but I haven't figured out how to mark all the logs to that destination with a specific facility. Is that possible? For reference here's what I'm looking at in terms of destination, filter, and log definitions in syslog-ng.conf: destination d_logger { udp ("xxx.xxx.xxx.xxx" port(514)); }; filter f_all_logs_net { facility(auth,authpriv,kern,user,daemon,local0 .. local7) and level(warn .. emerg); }; log { source(syslog-ng); filter (f_all_logs_net); destination(d_logger); }; Thanks in advance. -- -Damien Damien DeVille IT Network Engineer This e-mail, and any attachment, is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, copying, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer. The contents of this message may contain personal views which are not the views of Discovery Communications, Inc. (DCI).