Hello! I'd like to log syslog messages received via broadcast on UPD:514. In the logger PC there are multiple NICs, but I'm interested only to syslog messages received from these local interfaces: 10.200.255.254 and 127.0.0.1. I've tried with the configuration posted below, but it doesn't always work (especially at system boot) because of the following error by the NXLog Windows Service. ERROR failed to start im_udp; couldn't bind udp socket to 10.200.255.254:514; The requested address is not valid in its context. This is my actual configuration ... define LOGS_FILE ... ... <Extension _syslog> Module xm_syslog </Extension> <Extension _exec> Module xm_exec </Extension> <Input udp_lan> Module im_udp Host 10.200.255.254 Port 514 Exec parse_syslog(); </Input> <Input udp_host> Module im_udp Host 127.0.0.1 Port 514 Exec parse_syslog(); </Input> <Output file_syslog> Module om_file CreateDir TRUE Sync TRUE File '%LOGS_FILE%' </Output> <Route udp_to_file> Path udp_lan, udp_host => file_syslog </Route> The NIC has a static IP address, but I'm not sure it is already up when the nxlog service is executed at system boot by Windows. How can I perform this sort of filtering without using the firewall? I know I can listen to anything and drop() received messages with an Exec statement, but I don't know which variable to use (e.g. like $MessageSourceAddress) to specify the interface the message was received by. I was thinking to something like that: <Input udp_lan_host> Module im_udp Host 0.0.0.0 # <--- accept all Port 514 <Exec> if $??? != "10.200.255.254" and $??? != "127.0.0.1" drop(); # <--- which variable here? parse_syslog(); </Exec> </Input> Thanks, Giorgio