Hi, I've just run into a problem I had already seen during my tests for the previous bug report I sent : I see pieces of logs that appear in the middle of other messages. Example: $ grep 'Sep 22 06:17:0' messages Sep 22 06:17:01 ker0009901 )<38>Sep 22 06:17:01 cron(pam_unix)[1173]: session closed for user mail We see, in the middle of a message, the beginning of a syslog header ( "<..>" ) and the message that follows does not belong to the 'messages' destination, and we see that it is actually missing from the 'auth.log' file : $ grep 'Sep 22 06:17:0' auth.log Sep 22 06:17:01 ker0009901 cron(pam_unix)[1173]: session opened for user mail by (uid=0) Sep 22 06:17:01 ker0009901 cron(pam_unix)[1174]: session opened for user root by (uid=0) Sep 22 06:17:02 ker0009901 cron(pam_unix)[1174]: session closed for user root (no "session closed" for user mail) This kind of problem might be a security issue if it can be triggered easily. I'm no expert here, but this looks a bit similar to the other bug I've just reported, since the same thing (interlaced messages) is happening when syslog-ng receives UDP syslog messages not NULL terminated of which size exceeds log_msg_size. Regards, -Thomas PS: this is syslog-ng 1.6.0, version 1.6.0rc1+20030310 (debian package), running on Linux 2.6.0-test5 -- == Thomas Morin == Ingénieur Consultant Atlantide - www.ago.fr - thomas.morin@ago.fr == PGP Id:8CEA233D Key FP:503BF6CFD3AE8719377B832A02FB94E08CEA233D --