Here is what I have now. I changed my pix to send logs to a private IP on the same network as the inside interface. In the Cisco pix I have done the following: logging host outside (private IP) logging timestamp logging trap 4 logging on. When you do a show logging the message count increases in size. On my fedora box I have done the following: mkdir /var/log/pix touch pix.log I added -r to /etc/sysconfig/syslog Now netstat -1tupn produces: udp 0 0 0.0.0.0:514 0.0.0.0:* 3521/syslogd, but does not say it is Listening. cpdump produces relevant lines like this. 15:53:19.012494 (pix)10.200.200.1.syslog > (syslog server)10.200.200.51.syslog: udp 138 15:53:19.510190 10.200.200.1.syslog > 10.200.200.51.syslog: udp 131 My log files still are not being written to. Do I have something wrong in /etc/sysconfig.conf, or maybe a permission problem? _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list