Could you describe you client set in detail ? I assume 4.1.1.2 is your E0. For troubleshooting, you could drop the clientset from your publishing-rule and see if that Gets you anywhere. David Elmquist -----Original Message----- From: Lloyd@xxxxxxxxxxx [mailto:Lloyd@xxxxxxxxxxx] Sent: 26. maj 2002 22:37 To: [ISAserver.org Discussion List] Subject: [isalist] RE: Publish a Syslog server to a border router http://www.ISAserver.org David, thanks for your quick answer. I have gone back and verified my configs based on your info and find them to the same other than you using kiwi and I am using Linux Syslog. But both are talking on UDP 514. Here is an output of my log file. #Software: Microsoft(R) Internet Security and Acceleration Server 2000 #Version: 1.0 #Date: 2002-05-26 18:56:33 #Fields: date time source-ip destination-ip protocol param#1 param#2 filter-rule interface 2002-05-26 18:59:55 4.1.1.2 192.168.50.3 Udp 7126 514 BLOCKED 110.10.10.2 2002-05-26 19:02:09 4.1.1.2 192.168.50.3 Udp 7126 514 BLOCKED 110.10.10.2 2002-05-26 19:04:21 4.1.1.2 192.168.50.3 Udp 7126 514 BLOCKED 110.10.10.2 border router syslog server external ISA interface I generated these entries by going into global config mode on the router and then doing a ctrl+Z to exit which generates a message on the router that never gets to the Syslog server because ISA is blocking it as seen it the logs. I have a client set that includes both the S0 and E0 interfaces of the border router. I have a protocol definition set up as you described UDP 514 Receive only. I have a publishing rule that includes the external address of the ISA server 110.10.10.2 and the internal address of the Syslog server 192.168.50.3. Seems to me this ought to work but obviously I am overlooking something? LA ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: david@xxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')