Why does syslog-ng do a PTR lookup for EVERY message? It uses them for $HOST stuff? But why not cache these and avoid the lookup? At first I thought, the caching belongs in the libc, possibly in nscd. But despite nscd running (this is Linux with glibc-2.1), gethostbyaddr() still does a full name server PTR lookup for every single message. I started running a slave name server on the localhost just to avoid the bandwidth hit doing all these queries :) But now there is a bunch of extra CPU usage (syslog-ng has accumulated 600 minutes of CPU time after running for just one day; this is a 333Mhz machine and there are only a couple dozen logging hosts, most of which comes relayed through other syslog-ngs anyways). If I were to set use_dns to `no' this would probably make the problem go away. Is there any reason not to do this? Would I then get IPs for $HOST instead of names? Incidentally, the assert fix definitely got rid of the crashing, and the string free definitely fixed some memory leakage. But I have only been running it for one day and it's up to 6 meg VSZ so far (would have been 30 by now before the fix) ...hopefully this is just some data structures which will plateau out once it's been running for some time (xinetd does this in a big way ;)