Hi, I've downloaded latest syslog-ng and installed it on my box (Mandrake 9.0). Here is my syslog-ng.conf : ---8<--- ### Options ### options { dir_perm(0755); perm(0644); chain_hostnames(no); keep_hostname(yes); }; ### Sources ### source local { unix-stream("/dev/log"); pipe("/proc/kmsg" log_prefix("kernel: ")); udp(ip(127.0.0.1) port(514)); internal(); }; ### Destinations ### destination authlog { file("/var/log/auth.log"); }; destination syslog { file("/var/log/syslog"); }; destination cron { file("/var/log/cron.log"); }; destination daemon { file("/var/log/daemon.log"); }; destination kern { file("/var/log/kern.log"); }; destination user { file("/var/log/user.log"); }; destination mail { file("/var/log/mail/log"); }; destination mailinfo { file("/var/log/mail/info"); }; destination mailwarn { file("/var/log/mail/warnings"); }; destination mailerr { file("/var/log/mail/err"); }; destination debug { file("/var/log/debug"); }; destination messages { file("/var/log/messages"); }; destination boot { file("/var/log/boot.log"); }; destination explanations { file("/var/log/explanations"); }; ### Filters ### filter f_auth { facility(auth, authpriv); }; filter f_syslog { not facility(auth, authpriv, mail); }; filter f_cron { facility(cron); }; filter f_daemon { facility(daemon); }; filter f_kern { facility(kern); }; filter f_user { facility(user); }; filter f_mail { facility(mail); }; filter f_debug { not facility(auth, authpriv, mail); }; filter f_messages { level(info .. warn) and not facility(auth, authpriv, cron, daemon, mail); }; filter f_info { level(info); }; filter f_warn { level(warn); }; filter f_err { level(err); }; filter f_boot { facility(local7); }; filter f_explanations { facility(local1); }; ### Logs ### log { source(local); filter(f_auth); destination(authlog); }; log { source(local); filter(f_syslog); destination(syslog); }; log { source(local); filter(f_cron); destination(cron); }; log { source(local); filter(f_daemon); destination(daemon); }; log { source(local); filter(f_kern); destination(kern); }; log { source(local); filter(f_user); destination(user); }; log { source(local); filter(f_mail); destination(mail); }; log { source(local); filter(f_mail); filter(f_info); destination mailinfo); }; log { source(local); filter(f_mail); filter(f_warn); destination(mailwarn); }; log { source(local); filter(f_mail); filter(f_err); destination(mailerr); }; log { source(local); filter(f_debug); destination(debug); }; log { source(local); filter(f_messages); destination(messages); }; log { source(local); filter(f_boot); destination(boot); }; log { source(local); filter(f_explanations); destination(explanations); }; --->8--- To try my syslog-ng.conf, I used logger : # logger -p kern.info "test kern.info 1" Then I checked kern.log and saw nothing. The "test kern.info 1" was in user.log ! Can someone explain me this strange behaviour ? --zumeo ________________________________________________________________________ This letter has been delivered unencrypted. We'd like to remind you that the full protection of e-mail correspondence is provided by S-mail encryption mechanisms if only both, Sender and Recipient use S-mail. Register at S-mail.com: http://www.s-mail.com