Hello, I am sure this topic has been beaten to death, but I cannot find answers anywhere. Apologies if I have missed something - here we go: I run syslog-ng 1.6.4 on Sol 9 Sparc (sunfreeware distribution). It works fine, except I want syslog-ng to resolve IP's to hostnames, and create directories using the resolved name rather than IP (long term, I will look at MySQL, but I would still have to get either DNS or keep_hostname to work). I installed bind 9.2.3 on the log server and setup a reverse zone authoritative for in-addr.arpa., but it still doesn't work. At this time, I prefer to use reverse DNS rather than hostname. I was not able to create_dirs based on keep_hostname(yes) either. dig works, and returns NOERROR when I run dig -x 1.2.3.4 @127.0.0.1 for example. The reverse zone is fully populated with all hosts that will be logging syslog-ng. nsswitch.conf: hosts: dns files ipnodes: dns files everything else is files only. resolv.conf: nameserver 127.0.0.1 syslog-ng.conf: # Options options { use_fqdn(no); use_dns(yes); dns_cache(yes); sync(5); keep_hostname(no); chain_hostnames(no); create_dirs(yes); # bad! perm(0644); dir_perm(0755); use_time_recvd(yes); }; # Sources source s_udp { udp(); }; # logging to console destination l_console { file ("/dev/console"); }; # logging of cisco's via udp to individual files and to one file destination r_cisco { file( "/remote/$HOST/$HOST-$YEAR$MONTH.LOG" ); file( "/r emote/all/alldevices.log" ); }; # Remote sources log { source (s_udp); destination (r_cisco); }; Kind regards Jesper Jesper Markenstam IS&T Systems Analyst REUTERS.KNOW.NOW. www.reuters.com <http://www.reuters.com/> To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.