I'm running redhat 6.0 with some changes. The syslog package logs from other firewall machines. I haven't checked 6.1's sysklogd, but it seems to be the same version as 6.0's. ps auxw | grep syslog shows: root 4639 0.0 34.9 114484 44816 ? S Nov24 14:46 syslogd -m 0 -r -s alltrading.es and top shows PID USER PRI NI SIZE RSS SHARE STAT LIB %CPU %MEM TIME COMMAND 4639 root 2 0 110M 43M 348 S 0 0.0 34.9 14:46 syslogd [root@mail3 /root]# rpm -q sysklogd redhat-release sysklogd-1.3.31-12 redhat-release-6.0-1 [root@mail3 /root]# rpm -V sysklogd S.5....T c /etc/logrotate.d/syslog S.5....T c /etc/rc.d/init.d/syslog S.5....T c /etc/syslog.conf [root@mail3 /root]# /etc/syslog.conf (pasted from vi) # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* -/var/log/maillog # log to local0 all router information local0.* /var/log/router # Everybody gets emergency messages, plus log them on another # machine. *.emerg * # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # # INN # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice daemon.*,local2.* /var/log/ppp /etc/rc.d/init.d/syslog has the following change: # daemon syslogd -m 0 daemon syslogd -m 0 -r -s alltrading.es More information on request.
Upgrade your glibc (to the one in 6.1, for example), or turn off NIS+ in /etc/nsswitch.conf. That's where the memory leak is...