<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
I am currently having an issue with syslog-ng 3.0.4 where my TCP connection between my client and server is lost throughout the day. By looking at the pcap file from tcpdump I can tell that the TCP connection reset was initiated by the syslog-ng server. The only information that was initially in the log file regarding this disconnection was the following 2 lines:<BR>
<BR><SPAN lang=EN>
<45>1 2010-01-05T10:29:32.323-06:00 server-db-01 syslog-ng 29213 - [meta sequenceId="2733719"] notice Syslog connection closed; fd='9', client='AF_INET(192.168.27.218:46326)', local='AF_INET(192.168.27.198:20514)'<BR>
<BR>
and <BR>
<BR><SPAN lang=EN>
<46>1 2010-01-05T10:29:32.323-06:00 server-db-01 syslog-ng 29213 - [meta sequenceId="2733720"] info Closing log transport fd; fd='9'<BR>
<BR>
<BR>
In order to get more information, I set the following flags in init.d: "-v -d -t".<BR>
<BR>
This did not give me any more information about the TCP disconnect, however I did notice that a lot of my normal messages were preceeded by the following text:<BR>
<BR><SPAN lang=EN>
<47>1 2010-01-05T10:29:32.323-06:00 server-db-01 syslog-ng 29213 - [meta sequenceId="2733718"] debug Incoming log entry; line=<BR>
<BR>
A normal log message then follows the '=' sign. <BR>
<BR>
A decent percentage of my messages are preceeded by this throughout the day, but just before the disconnect it appears that all of my messages from server-db-01 are preceeded by the debug line. Any ideas as to what could be going on? I have included my config file below if that helps.<BR>
<BR>
Any assistance would be greatly appreciated.<BR>
-Jim<BR>
<BR><SPAN lang=EN>
@version: 3.0<BR>
#Default configuration file for syslog-ng.<BR>
#<BR>
# For a description of syslog-ng configuration file directives, please read<BR>
# the syslog-ng Administrator's guide at:<BR>
#<BR>
# http://www.balabit.com/dl/html/syslog-ng-admin-guide_en.html/bk01-toc.html<BR>
#<BR>
options {<BR>
keep_hostname(yes);<BR>
keep_timestamp(yes);<BR>
frac_digits(3);<BR>
};<BR>
source all {<BR>
internal();<BR>
syslog(ip("192.168.27.198") port(20514) transport("tcp") log_fetch_limit(100));<BR>
};<BR>
destination allclientsfile {<BR>
file("/data/local/Logs/server-$YEAR-$MONTH-$DAY.log"<BR>
flags(syslog-protocol)<BR>
flush_timeout(100)<BR>
create_dirs(yes)<BR>
dir_owner(jpirman)<BR>
dir_group(jpirman)<BR>
owner(jpirman)<BR>
group(jpirman)<BR>
template("$PRIORITY $MESSAGE")<BR>
);<BR>
};<BR>
destination msgserver {<BR>
udp("127.0.0.1" port(20515)<BR>
flush_timeout(100) <BR>
template("$ISODATE $PROGRAM $PRIORITY $MESSAGE\n"));<BR>
};<BR>
log { source(all); destination(allclientsfile); destination(msgserver);};<BR></SPAN>
<BR>
<BR></SPAN></SPAN></SPAN> <br /><hr />Hotmail: Powerful Free email with security by Microsoft. <a href='http://clk.atdmt.com/GBL/go/171222986/direct/01/' target='_new'>Get it now.</a></body>
</html>