Hi All, I've come across what looks like a bug. Whether it's syslog-ng, stunnel or Solaris I can't tell. I'm also going to report this to Michal (Stunnel). The setup/problem is as follows: I'm effectively re-creating a syslog-ng client/server setup, except, the traffic is being encrypted using Stunnel, and it's talking to two servers simultaneously for redundancy. In order for this to happen, I have stunnel set to listen to two separate ports on the client, and syslog-ng set to send to the two separate ports. The configuration, parts of which are below, are working fine with 6 or so Linux clients, and also appears to work fine with Solaris 8, but not under Solaris 9. The config for the stunnel side is: stunnel-4.15 client = yes cert = /usr/local/ssl/certs/syslog-ng-client.pem CAfile = /usr/local/ssl/certs/syslog-ng-server.pem chroot = /var/run/stunnel pid = /run/stunnel.pid setuid = stunnel setgid = stunnel verify = 3 debug = 7 output = /var/log/stunnel.log [5140] accept = 127.0.0.1:5140 connect = x.x.x.x:5140 TIMEOUTclose = 0 [5141] accept = 127.0.0.1:5141 connect = y.y.y.y:5140 TIMEOUTclose = 0 As you can see it's set to listen to ports 5140 and 5141 on the localhost. If you start this first, the process runs fine, and shows up with a netstat -a: localhost.5140 *.* 0 0 32768 0 LISTEN localhost.5141 *.* 0 0 32768 0 LISTEN The config for the syslog-ng process is: syslog-ng-1.6.11 options { sync (0); keep_hostname (yes); use_fqdn (yes); chain_hostnames (no); use_dns (no); time_reopen (10); time_reap (120); log_fifo_size (2048); }; source s_local { sun-streams("/dev/log" door("/etc/.syslog_door")); internal(); }; destination ....... destination d_stunnel { tcp ("127.0.0.1" port(5140)); }; destination d_stunnel2 { tcp ("127.0.0.1" port(5141)); }; Here showing that two of the destinations are to tcp ports 5140 and 5141 on the localhost. It seems reasonable enough, and as I mentioned does work on Linux. However as soon as the syslog-ng process starts, the stunnel process is either killed or just dies. The netstat then shows: localhost.64142 localhost.5141 32768 0 32768 0 CLOSE_WAIT localhost.5141 localhost.64142 32768 0 32768 0 FIN_WAIT_2 localhost.64143 localhost.5140 32768 0 32768 0 CLOSE_WAIT localhost.5140 localhost.64143 32768 0 32768 0 FIN_WAIT_2 and after a while you are just left with the CLOSE_WAIT lines. I've tried this on two separate Solaris 9 systems, both the same result. One actually producing a core dump of the stunnel process. Has anyone seen anything like this, or can shed any light as to why this may not be working. Thanks, Richard -- Richard Whelan Senior Systems & NMS Administrator Pipex Communications Tel: +44 (0) 1865 381568 Mob: +44 (0) 7786 276020 Web: http://www.pipex.com This e-mail is subject to: http://www.pipex.net/disclaimer.html