you might want to look at using tcp-keep-alive() http://www.balabit.com/products/syslog_ng/reference-1.6/syslog-ng.html/refer... sometimes when one of your remote syslog hosts terminates their log connection, they do not fully close the TCP session. turning on tcp-keep-alive() on your central host will help fix this. On Fri, 25 Nov 2005, Philip Webster wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
G'day,
I'm currently running syslog-ng 1.6.5 on Red Hat 2.1AS (syslog-ng will be upgraded to 1.6.9 shortly) as a central log server, and I'm having a problem with a growing number of TCP connections. Most hosts log to the central log server via UDP, but there are 7 remote syslog-ng servers using TCP. I currently allow up to 250 connections:
source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250)); };
but this is reached within about a fortnight. I restart the daemon each week to ensure that it doesn't max out, but figure that there must be a better way.
I haven't seen any specific fixes in the last few releases, so is there a particular option I need? Our network is reasonably reliable so I don't think that this is the problem, but there's always a chance ...
Any thoughts?
Phil
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDhoegT2yvGjk/8+MRAoeGAJ42YH4BtcjnIxoggrynxesEeHpp4gCeJT19 gOe3dRE69P3IlPI7BdV39m8= =Pbix -----END PGP SIGNATURE----- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html