I have 3 remote servers, logging to a central syslog-ng server over a reverse SSH tunnel, i.e the central server SSH's to the remote hosts, then opens a tunnel back. All servers are running 1.5.25 on Solaris 8. My problem is this, every night around 10 or 10:30pm, the log file gets overwritten, meaning it suddenly goes from starting at 00:00:01 to starting at 22:28:05 or whatever, and all the log entries prior to that are lost. There are no log rotation or other processes that would be causing this that I can find, syslog-ng appears to just mysteriously decide to start over at the begnning. Help! Relevant configs are below. --- central server --- options { time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); use_time_recvd(yes); }; source net { udp(); tcp( keep-alive(yes) ); }; destination inboundlog { file("/system/inbound_mail/logs/$YEAR-$MONTH-$DAY.log"); }; log { source(net); destination(inboundlog); }; --- remote server --- options { time_reopen (10); log_fifo_size (1000); long_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); keep_hostname (yes); }; destination loghost { tcp( "127.0.0.1" port(51400) ); }; log { source(local); destination(loghost); }; -- Brian Landers | packetslave@sapient.com Network System Exorcist | vox://404/439.4117 Sapient Information Technology | aim://Bluecoat93 CCNA, SCSA, EIEIO | yim://brian_landers "I know," said Harry. "We can all hang out. Go to the beach. Watch Malfoy not get tan."