I am running syslog-ng version 1.6.4 in place of syslogd on Solaris 8. Getting the following results when receiving syslog events with an embedded dash '-': Actual Event Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed -Traceback= 253274 253414 252B98 2524FC E97CC E75D4 E9974 124DDC Shows up in Syslog log as Aug 10 04:15:22 <Device Name A>.<Domain Name> 4844: Aug 10 05:15:21.204 R: %AAA-3-BUFFER_OVERFLOW: Radius I/O buffer has overflowed Aug 10 04:15:22 <Device Name A>.<Domain Name> 4845: -Traceback= 253274 253414 252B98 2524FC E97CC E75D4 E9974 124DDC Actual Event May 6 10:04:45 <Device Name B>.<Domain Name> 40: May 6 07:04:44: %TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434 -Process= \"DLSw msg proc\", ipl= 0, pid= 62 -Traceback= 6035CF34 6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4 607147A8 602616E4 602616D0 Shows up in Syslog log as May 6 10:04:45 <Device Name B>.<Domain Name> 40: May 6 07:04:44: %TCP-2-INVALIDTCPENCAPS: Invalid TCB encaps pointer: 0x61180434 May 6 10:04:45 <Device Name B>.<Domain Name> 41: -Process= \"DLSw msg proc\", ipl= 0, pid= 62 May 6 10:04:45 <Device Name B>.<Domain Name> 42: -Traceback= 6035CF34 6035E4A8 60709AE0 607067DC 60706370 607359A0 6072BDB8 6072911C 60716EE4 607147A8 602616E4 602616D0 Anyone have an answer as to why it is splitting up the Syslog events this way, and if so, how do you correct it? Also, is there a search function for the archives? Visually looking through month after month put me to sleep pretty quickly! Thanks Bill