Hi, I have a Solaris 8 host with syslog-ng ver 1.6.5 set up with the following syslog-ng.conf: options { use_time_recvd(no); # Use the time a message is received instead of the one specified in the message. sync(0); # The number of lines buffered before written to file. }; source src { udp(ip("0.0.0.0") port(514)); tcp(ip("0.0.0.0") port(514) max-connections(100)); sun-streams("/dev/log" door("/etc/.syslog_door")); # local solaris syslog internal(); # syslog-ng interne meldinger }; source s_syslog_ng { internal(); # syslog-ng interne meldinger }; destination dst_template { file("/syslog/$R_YEAR/$R_MONTH/$R_DAY/$HOST" template("$R_YEAR-$R_MONTH-$R_DAY $R_HOUR:$R_MIN:$R_SEC | $R_UNIXTIME | $S_YEAR-$S_MONTH-$S_DAY $S_HOUR:$S_MIN:$S_SEC | $S_UNIXTIME | $HOST | $HOST_FROM | $FULLHOST | $SOURCEIP | $FACILITY.$PRIORITY | $TAG | $PROGRAM | $MSG\n") ); }; destination d_syslog_ng { file("/syslog/syslog-ng.log" sync(0) log_fifo_size(10) perm(0644) ); }; log { source (s_syslog_ng); destination (d_syslog_ng); }; log { source(src); destination(dst_template); }; Then I have another host set up to use syslog-ng as loghost. This host has purposely wrong time (1973-01-02), as can be seen here: joe@testhost / $ logger "test. local time on `uname -n` is `date +'%Y-%m-%d %H:%m:%S'`" joe@loghost / $ tail -1 /syslog/2005/02/01/testhost 2005-02-01 11:24:47 | 1107253487 | 2005-01-02 21:04:39 | 1104696279 | testhost | testhost | testhost/testhost | 192.168.1.2 | user.notice | 0d | joe | joe: [ID 702911 user.notice] test. local time on testhost is 1973-01-02 21:01:39 It seems as S_YEAR is set to YEAR (or R_YEAR, I have not checked the source). I hope someone can fix this before syslog-ng 1.6.6... Regards Jan Thomas Moldung