@rnowitzki , Thanks for taking time in replying. Before writing the question here in the group below are the things that I did: * We are receiving data from three sources on the same port, so that way only one set of data which is not seen extracting from the syslog-ng. * So then, I tried to dump everything irrespective of the host into a different location and i observed that the cyberark logs are stored with the receiver hostname and logs are with the error "error processing log file". * Then i did tcpdump on the host that is receiving the logs and observed that the logs are seen without any error message. * After i realized that this is something related to the syslog-ng configuration then i used lot of rules and templates along with no parse flag, still no luck. Now, again i realized that the no parse flag is not used\set in the way it is supposed to use, then again when i corrected the configuration, i can see the logs are receiving. Thanks a lot for your help, so i would say no parse flag helped me in this case. Regards, BK
... View more