[syslog-ng] "Syslog connection closed" but socket not closed
Patrick Hemmer
syslogng at stormcloud9.net
Thu Jan 21 18:53:50 CET 2016
We recently saw an issue where syslog-ng (version 3.6.4 on FreeBSD 10.1)
was configured with a `syslog()` source, received an invalid frame, shut
down the connection, but the socket remained open. I was looking through
the documented fixes in the versions since the one we're using (3.6.4),
but nothing looks related.
2016-01-21T07:44:21-05:00 iad1gweb01.ecom.chewy.com ERR
syslog-ng[27090]: - Invalid frame header; header='' [meta sequenceId="389"]
2016-01-21T07:44:21-05:00 iad1gweb01.ecom.chewy.com NOTICE
syslog-ng[27090]: - Syslog connection closed; fd='19',
client='AF_INET(127.0.0.1:59317)', local='AF_INET(127.0.0.1:601)' [meta
sequenceId="390"]
# netstat -an|grep 59317
tcp4 81660 0 127.0.0.1.601 127.0.0.1.59317 ESTABLISHED
tcp4 0 48923 127.0.0.1.59317 127.0.0.1.601 ESTABLISHED
From the netstat output (the buffer sizes), it looks like syslog-ng
stopped reading from the socket, but didn't close it, and the
application on the other end kept trying to write to it.
This is just my theory anyway. I can open a bug on github, but I wanted
to bring it up here first.
Thanks
-Patrick
More information about the syslog-ng
mailing list