For those of you who use rely on syslog and/or run a remote logging server where all your logs are sent, you should really consider upgrading to syslog-ng, and using tcp for the transport. Over the last couple of weeks, I've been running some stats on my centrally located maillog, and they didn't work out, it seemed like there were many missing lines that should have been there. It turns out that both the linux and freebsd syslog will very happily drop log lines if it gets behind at all. I've switched to syslog-ng, set a buffer of 100,000 lines on my main log server, set up tcp for the transport both on the logging box and the boxes that log to it, and I haven't lost a line yet, as far as I can tell. Even without logging over the network, syslog will still discard lines if it's behind. Here's a small program that someone (Vlad Marchenko) posted to the postfix mailing list a couple of days ago to test if your syslog sucks or not. Just run it and check the log to see if all the lines made it into the file. Jay -------------- #include <stdlib.h> #include <syslog.h> int main(int argc, char **argv) { int count=1000; int i=0; char str[256]; if ( argc < 2 ) { printf("usage: %s [number of lines to log]\n", argv[0]); return(0); } openlog(argv[0], LOG_NDELAY | LOG_PID, LOG_MAIL); count = atoi(argv[1]); for (i=0; i<count; i++) { sprintf(str,"this is line number %d. blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-b lah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-blah-bl ah-blah-blah-blah-blah",i); syslog(LOG_INFO, "%.*s", 2000, str); } return; }