I'm using Event Reporter on my Windows servers to forward their event log to my syslog-ng server. Recently, I've switched all of my Linux syslog clients to use TCP to speak to the syslog-ng server, without any problems. I've just enabled TCP on Event Reporter, and its behaving rather unusually. I'm seeing 30+ open TCP connections from the one Windows host I've enabled TCP on, and am experiencing messages that I'm frequently hitting my max connections value of 100 open connections. Is anyone running a similar configuration and seen similar problems? I suspect that Event Reporter is using one connection per message, as silly as that sounds. Its wild to contemplate it leaving those connections open. If its not a known problem, I'll break out a sniffer to see whats going on. Russell