Yeah the only other services than syslog are sshd and iptables, nothing else was installed, the only worry I have with moving from udp to tcp for such a large number of messages would be denial of service. I recall some years ago some mmorpg tried using tcp instead of udp for client data and it brought their system(s) to a halt. Since I am looking at (on avg) 26000 messages per minute I am worried about what this will do not only to the syslog server performance but to the agents as well (and thus the servers the agents reside on). I am still trying to get time to work on the lab syslog-ng system to convert redhat es 4 syslog configs into syslog-ng so the standard logging format for the system is not lost. Then create a rule for tcp based syslog and slowly ramp up traffic and see what happens in the lab to get an idea on what to expect. -Greg -----Original Message----- From: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] On Behalf Of Kevin Sent: Wednesday, August 23, 2006 10:41 AM To: Syslog-ng users' and developers' mailing list Subject: Re: [syslog-ng] Performance tuning questions Both TCP and UDP have risks and limitations. If message loss/spoofing are important to you, TCP is the way to go. (One key exception being logs from PIX firewalls :) Is the log server handling other services as well? Kevin _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html