I did understand your points, also I have took a examin at whole logs before & after changing from FQDN to hostname. Anyhow, when FQDN is used, there is POPUP asking for authentication, could you advise any possible reason? Thanks, Roy Tsao Try not to "filter" the log data. "Imaginary" information is useless. If you have a problem sending it to the list, then you need to rethink your security model. "Security by obscurity is no security at all". Also, you should examine more than a single log entry - it's just as likely that you're looking at the wrong one.