Hi,

Recently I am using syslog-ng’s docker container as syslog generator as the following:

docker run -d \

--cpus=2 \

--name $name \

-v ${PWD}/syslog.log:/data/syslog.log \

--entrypoint="" \

--network=host \

balabit/syslog-ng:latest \

/usr/bin/loggen --dgram --inet --dont-parse --loop-reading --size 8192 --rate $rate --interval $duration --read-file /data/syslog.log $ip 514

I found something interesting, if my syslog server stopped, the client syslog-ng containers stopped too.

So I would like to know if syslog-ng detected the availability of the remote end? If so, how?

Besides, I didn’t see ICMP packets between the client and server using tcpdump.

Thanks

Grant

*** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***