We are having a REALLY weird issue with syslog-ng that I need to request some assistance with resolving. It has to do with forwarding and spoofing. If I go into syslog-ng.conf and enable forwarding to my 3 remote servers along with spoofing, it causes issues on the server. First, the Recv-Q fills to capacity (as seen in "netstat -a | grep syslog"). Once that buffer fills, we start seeing "packet receive errors" (as seen in "netstat -su"). We have an INORDINATE amount of these errors (about 45%). Observe: [civey@logsvr2 syslog-ng]$ netstat -su Udp: 112958828 packets received 4084 packets to unknown port received. 50596174 packet receive errors 95393123 packets sent Here is kind of a tabular representation of what I have done so far, and the results: Action Results No forwarding, no spoofing Buffers stay at 0 about 99% of the time, no problems Forwarding to 1 server w/spoofing Buffers increase and stay high for a while, but do eventually get back to 0 Forwarding to 2 servers w/spoofing Buffers increase and stay high, eventually filling and causing "packet receive errors" Forwarding to 1 server, no spoofing Same as no forwarding enabled at all So far we have re-downloaded the syslog-ng source and recompiled on the server, we have re-downloaded and recompiled all the prerequisites for syslog-ng, and we have backed up all the libraries and executables on the bad server and replaced them with the libraries and executables from the good server. None of this has done any good, as we keep seeing the same issues. I am about at my wit's end here. Can someone please provide some direction on where to go from here? O/S: Fedora Core 4 RAM: 2 GB Syslog-ng: 1.6.11 Thanks in advance! Chris Ivey Affiliated Computer Services Enterprise Management Integration Services Infrastructure Management Senior Analyst 1120 Celebration Blvd. Celebration, FL 34747 chris.ivey@acs-inc.com "When you find yourself in a hole, the best thing to do is stop digging!" -- Nick Stokes