Whilst at least some of the following has been mentioned before, I'd like to make a another little plea for some extra features and tidyups to syslog-ng and its associated documentation. a) SIGHUP/keep-listening feature request The current version supports the keepalive stream socket feature for both TCP and Unix-Stream which means that existing connections are kept open across a SIGHUP/reconfig. This is all well and good, and provides sufficient functionality to avoid losing a Stream Source Socket message. However, for UDP sockets, I believe the socket is closed/re-opened on SIGHUP, which thereby has the potential for loss of messages across a SIGHUP. Unix syslog client boxes in general could in theory all be reconfigured to use syslog-ng and hence use TCP, and hence avoid message drops on a central syslog server, but most embedded devices such as Cisco routers, HP printers, etc etc, can only use UDP. Hence the request to provide the "enhanced Frasier" option, as in "I'm still listening" for both types of datagram socket. I would suggest calling this option "keep-listening()". I'm well aware this may be tricky to code, but given the large population of UDP only devices, I would have thought many people would like to see it implemented. I did have a brief attempt to try and follow enough of the code layout to work out how and where it might be glued into place - but this bear of little brain got somewhat too confused to take it further. b) SIGUSR1/logrotate feature. To avoid losing UDP messages, one extra trick might be to include another signal - say SIGUSR1 - which is used merely to close all open destinations. This would be used for log rotation - I'm assuming there would never be a requirement to add open() code to this as well, as any required destination should be simply opened on demand. At present, SIGHUP is used to ensure destination closure for log rotation purposes, but this has the side-effect of closing sources, and hence potentially losing UDP messages. Adding SIGUSR1 would avoid any loss of messages during the overnight rotation, although there is obviously still the potential for message loss during any other required SIGHUP/reconfiguration without the keep-listening() feature. c) --checkconf option Once a new syslog-ng.conf has been built, it may be dangerous to SIGHUP it into life; a simple spelling error or a missed semi-colon could in theory lead to death of the running daemon, I believe. In mimicry of bind9's named-checkconf utility, can we have an extra command-line option to syslog-ng which merely checks for all potential syntactical errors in syslog-ng.conf returning non-zero error code and messaging stderr with any syntax errors thus found. I suggest "--checkconf" for the command line option name. Using this, a general init script wrapper might contain: syslog-ng.conf --checkconf && kill -HUP `cat /var/run/syslog-ng.pid` to avoid sending a signal if the configuration check fails. This option is also probably dependent on making the SIGUSR1 option available, elsewise a broken configuration file may lead to loss of log rotation. d) Default options settings documentation. This page in the current copy of the documentation: http://www.balabit.hu/static/syslog-ng/reference/x564.html would benefit greatly from a rewrite showing the default setting as an extra column for each option. Some options have their defaults listed here, but most do not. e) Working examples of regex usage. There are very few of the example configurations I have seen which show specific examples of the regex matching capabilities of the filter() functions. If anyone has some samples perhaps some more examples could be added to either the FAQ or the Documentation or both, please? Ted ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************