> There also apepars to be a bug in syslog. If you do something like: > grep -v "ROOT" messages > mmm; mv mmm messages > logging is disabled. I suspect this problem is that the file pointer > maintained by syslog is getting ahead of the physical EOF, and thus > writes will fail, but this is just a guess, Every syslogd I've ever seen behaves this way. The problem is that syslogd doesn't close and re-open the messages file; rather, it keeps its original file descriptor around. Thus, syslogd is still writing messages to the same file it's been writing to all along. But the mv destroyed that file's only name, so there's no way for anyone else to access it; it's become a classic case of "unlinked but still open" and will stay that way until syslogd closes it, at which point it will be truly deleted. This is why rotate-syslog-files scripts always send syslogd a SIGHUP, because that makes it (among other things) close and reopen its logfiles. der Mouse mouse@collatz.mcrcim.mcgill.edu