I am trying to troubleshoot some syslog servers that are not properly sending local5.* logs to a remote syslog-ng server. The syslog-ng server is behaving as it should, and I am able to do this from remote hosts: $ logger -p local5.info "My test message here" This message is correctly written to the local log and remote syslog-ng server. The filters on the syslog-ng box work correctly and the entry is made in the right file for the host. But there is one file on the client, /var/log/mylogfile.log that is being filled up by a running java process. Messages that are written to this file are *not* being sent to the remote server. I ran tcpdump and verified that there are no network packets accompanying these log entries. So, maybe someone can help me. How do I find out how this java process is writing to the log file, and why are messages not being forwarded to the remote host? lsof shows that the only process that has the /var/log/mylogfile.log open is the syslog daemon. Here are some configuration files if it helps: SERVER: /etc/syslog-ng/syslog-ng.conf (excerpt below) options { log_fifo_size(8192); # garden gnomes shouldn't log (Gnome has a buggy log implementation) # needs to be set on client systems, too... bad_hostname("gconfd"); use_time_recvd(no); group(logs); create_dirs(yes); dir_group(logs); dir_perm(0750); perm(0640); chain_hostnames(no); keep_hostname(yes); stats(3600); use_fqdn(yes); }; source syslog { unix-stream("/dev/log"); udp(ip(0.0.0.0) port(514)); tcp(ip(0.0.0.0) port(5149) max-connections(300)); internal(); }; destination mylogfile.log { file(/var/log/syslog-ng/$HOST/mylogfile.log); }; destination boot.log { file(/var/log/syslog-ng/$HOST/boot.log); }; filter f_local7 { facility(local7); }; filter f_local5 { facility(local5); }; log { source(syslog); filter(f_local7); destination(boot.log); }; log { source(syslog); filter(f_local5); destination(mylogfile.log); }; CLIENT /etc/syslog.conf excerpt *.* @syslogngbox local7.* /var/log/boot.log local5.* /var/log/mylogfile.log