At blooming last....and FYI. Having now upgraded our PIX to version 6.3, and enabled TCP logging on port 1468... I can see that all messages ( in raw tcpdump trace ) are newline terminated ( note the 0a HEX bytes in the packet dump ) I can also we see that the 255 byte buffer length problem has been sorted out, as I can now see these messages in full. ( They used to truncate halfway through the dest_proxy definition... ) Jun 4 10:26:05 littlepix %PIX-7-702303: sa_request, (key eng. msg.) src= 11.11.11.11, dest= 22.22.22.22, src_proxy= 11.11.110/255.255.255.0/0/0 (type=4), dest_proxy= 22.22.22.128/255.255.255.192/0/0 (type=4), protocol= ESP, transform= esp-3des esp-sha-hmac , lifedur= 1200s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004 Jun 4 10:26:05 littlepix %PIX-7-702303: sa_request, (key eng. msg.) src= 11.11.11.11, dest= 22.22.22.22, src_proxy= 11.11.110/255.255.255.0/0/0 (type=4), dest_proxy= 22.22.22.128/255.255.255.192/0/0 (type=4), protocol= ESP, transform= esp-3des esp-md5-hmac , lifedur= 1200s and 4608000kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4004 The only problem so far is that these messages have appeared ( for some reason they didn't show up in Version 6.2 log stream but ARE listed on the syslog message listings for 6.2 ). I shall have to fancify my log filtering to suppress them.... They all correspond to regular MGMT station SNMP polling and are ignorable but are gradually filling the log... Jun 4 10:10:31 littlepix %PIX-7-710002: UDP access permitted from 33.33.33.4/943 to inside:33.33.33.15/snmp Jun 4 10:11:31 littlepix %PIX-7-710002: UDP access permitted from 33.33.33.4/9903 to inside:33.33.33.15/snmp Jun 4 10:11:42 littlepix %PIX-7-710002: UDP access permitted from 33.33.33.4/10159 to inside:33.33.33.15/snmp Whether or not any problems exist using the UDP syslog transport on the PIX under v6.3, I haven't actually tested, but I'd be fairly confident they've also been fixed.... All in all v6.3 has fixed up all my outstanding issues with PIX syslogging. Ted ************************************************************************************************ This E-mail message, including any attachments, is intended only for the person or entity to which it is addressed, and may contain confidential information. If you are not the intended recipient, any review, retransmission, disclosure, copying, modification or other use of this E-mail message or attachments is strictly forbidden. If you have received this E-mail message in error, please contact the author and delete the message and any attachments from your computer. You are also advised that the views and opinions expressed in this E-mail message and any attachments are the author's own, and may not reflect the views and opinions of FLEXTECH Television Limited. ************************************************************************************************