On Tue, 2007-06-26 at 10:45 -0400, Tim Boyer wrote:
I'm running 2.0.0, and have eight remote servers logging to a central server. Seven of those servers are running fine; the eighth keeps getting log messages like this:
Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: syslog-ng starting up; version='2.0.0' Jun 26 10:41:33 kyushu.denmantire.com syslog-ng: syslog-ng startup succeeded Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: EOF occurred while idle;fd='5' Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: Connection broken; time_reopen='60'
My first assumption was a firewall problem, but tcpdump says that data's getting there:
10:42:49.013423 IP kyushu-vpn-cli.denmantire.com.37759 > buran.denmantire.com.5142: S 1168830611:1168830611(0) win 5840 <mss 1460,sackOK,timestamp 316509070 0,nop,wscale 2> 10:42:49.014768 IP buran.denmantire.com.5142 > kyushu-vpn-cli.denmantire.com.37759: S 845996771:845996771(0) ack 1168830612 win 5792 <mss 1460,sackOK,timestamp 39334539 316509070,nop,wscale 7>
Any ideas what could be causing the connection to drop - but only on this server?
The "EOF" occurred while idle means that syslog-ng sensed incoming data on a simplex channel, this should only happen if the remote end is closing the channel. Please start tcpdump on the given connection and check what kind of packets go through when the connection is broken. You should see a FIN packet or a packet data has data payload. This should never happen. -- Bazsi