Hi,
I have two syslog-ng 3.2, one client and one server. The two are separated by a firewall and a load balancer. I noticed that after some inactivity I was not able to receive logs from my client. So I started some tcpdump on both servers to check the traffic. From what I see the firewall will close the connection after some time, so when the client sends traffic it gets dropped.
I added the keep-alive(yes) and so_keep-alive(yes) and the mark_freq(60) to the configs. But I still do not see keepalive packets with tcpdump.
Am I missing other parameters to have “keepalive” traffic sent ?
Thank you in advance.
#############################################################################
#
# Configuration file syslog-ng.conf.client
#
@version: 3.2
@include "scl.conf"
# add global settings
options {
# Disable DNS usage to gain the process time
use_dns(no);
flush_lines(1);
flush_timeout(500);
mark(59);
};
source s_TCP {
tcp( port(555)
flags(no-parse)
);
};
source s_syslogng {
internal();
};
destination d_syslogng {
file("/opt/syslog-ng/logs/$YEAR$MONTH$DAY.syslog-ng.log");
};
destination d_TCP {
tcp ( "server1" port(556)
keep-alive(yes)
so_keepalive(yes)
flags(no_multi_line)
flush_lines(1)
flush_timeout(500)
log_fifo_size(4096)
template("$MSG\n")
template_escape(no)
);
};
….
#############################################################################
#
# Configuration file syslog-ng.conf.server
#
@version: 3.2
@include "scl.conf"
# add global settings
options {
# Disable DNS usage to gain the process time
use_dns(no);
flush_lines(1);
flush_timeout(500);
mark(59);
};
source s_TCP_555 {
tcp( port(555)
flags(no-parse)
max-connections(200)
use_dns(no)
);
};
source s_TCP_556 {
tcp( port(556)
flags(no-parse)
so_keepalive(yes)
use_dns(no)
);
};
source s_syslogng {
internal();
};
destination d_syslogng {
file("/opt/syslog-ng/logs/$YEAR$MONTH$DAY.syslog-ng.log");
};
destination d_local {
file("/opt2/syslog-ng/logs/$YEAR$MONTH$DAY.TNT.Messages.log"
log_fifo_size(8192)
template("$MSG\n")
template_escape(no)
);
};
…