connection broken every few minutes
Hello, Our syslog-ng clients are losing their connection to our central log server every few minutes. In the client I have the following log: 2014-08-12T15:44:02+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection broken; fd='10', server='AF_INET(<our ip>:514)', time_reopen='1' 2014-08-12T15:44:03+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection established; fd='10', server='AF_INET(<our ip>:514)', local='AF_INET(0.0.0.0:0)' I am using the following configuration on the clients: destination d_net_wimdu { syslog(<our ip> transport("tcp") port(514) log-fifo-size(2048)); }; log { source(s_src); source(s_net); destination(d_net_wimdu); }; And on the server: source s_net { syslog(ip(0.0.0.0) transport("tcp") max-connections(300) log-iw-size(3300) so_rcvbuf(8000000000) port(514)); }; log { source(s_net); destination(d_file_w); }; destination d_prog_logparser { program("< logparser_bin >" template(t_w_filetemplate) log_fifo_size(90000000) flags(no-multi-line)); }; log { source(s_net); destination(d_prog_logparser); flags(flow-control); }; Any idea how I can even debug this? Thank you -- [image: Wimdu] <http://www.wimdu.com/>*Wimdu GmbH* - Voltastraße 5, 13355 Berlin, Germany *Managing Directors* - Arne Bleckwenn, Hinrich Dreiling *Commercial Register Number* - 129773 B Berlin[image: Contact] <contact@wimdu.com>[image: Blog] <http://blog.wimdu.com/?wt_vi=signature>[image: FB] <http://www.facebook.com/wimdu>[image: TW] <http://www.twitter.com/wimdu>[image: G+] <http://www.google.com/+wimdu>[image: YT] <http://www.youtube.com/wimtubechannel>[image: GH] <https://github.com/wimdu>[image: LI] <http://www.linkedin.com/company/wimdu-gmbh>[image: XI] <http://www.xing.com/companies/wimdu>
Hello, I was actually having that problem just few days back and my issue was related to DNS, if you DNS infrastructure is solid then I would not have any idea. I just thought it could help to eliminate that out. regards, Moitshepi On 12 August 2014 16:53, Simão Mata <simao.mata@wimdu.com> wrote:
Hello,
Our syslog-ng clients are losing their connection to our central log server every few minutes.
In the client I have the following log:
2014-08-12T15:44:02+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection broken; fd='10', server='AF_INET(<our ip>:514)', time_reopen='1' 2014-08-12T15:44:03+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection established; fd='10', server='AF_INET(<our ip>:514)', local='AF_INET(0.0.0.0:0)'
I am using the following configuration on the clients:
destination d_net_wimdu { syslog(<our ip> transport("tcp") port(514) log-fifo-size(2048)); };
log { source(s_src); source(s_net); destination(d_net_wimdu); };
And on the server:
source s_net { syslog(ip(0.0.0.0) transport("tcp") max-connections(300) log-iw-size(3300) so_rcvbuf(8000000000) port(514)); };
log { source(s_net); destination(d_file_w); };
destination d_prog_logparser { program("< logparser_bin >" template(t_w_filetemplate) log_fifo_size(90000000) flags(no-multi-line)); };
log { source(s_net); destination(d_prog_logparser); flags(flow-control); };
Any idea how I can even debug this?
Thank you
--
[image: Wimdu] <http://www.wimdu.com/>*Wimdu GmbH* - Voltastraße 5, 13355 Berlin, Germany *Managing Directors* - Arne Bleckwenn, Hinrich Dreiling *Commercial Register Number* - 129773 B Berlin[image: Contact] <contact@wimdu.com>[image: Blog] <http://blog.wimdu.com/?wt_vi=signature
[image: FB] <http://www.facebook.com/wimdu>[image: TW] <http://www.twitter.com/wimdu>[image: G+] <http://www.google.com/+wimdu [image: YT] <http://www.youtube.com/wimtubechannel>[image: GH] <https://github.com/wimdu>[image: LI] <http://www.linkedin.com/company/wimdu-gmbh>[image: XI] <http://www.xing.com/companies/wimdu>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-- This message and its attachments are private and confidential. If you have received this message in error, please notify the sender and remove it and its attachments from your system. The University of Westminster is a charity and a company limited by guarantee. Registration number: 977818 England. Registered Office: 309 Regent Street, London W1B 2UW.
Anything that might affect tcp connection state: firewalls, load balancers, "smart” network gear. Try tcpdumping the connection and look for TCP RST and or normal closures with FIN and the like. You can also get a clue by using strace on syslog-ng, but tcpdump had more details. On Aug 12, 2014 5:53 PM, "Simão Mata" <simao.mata@wimdu.com> wrote:
Hello,
Our syslog-ng clients are losing their connection to our central log server every few minutes.
In the client I have the following log:
2014-08-12T15:44:02+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection broken; fd='10', server='AF_INET(<our ip>:514)', time_reopen='1' 2014-08-12T15:44:03+00:00 wimdu-app07 syslog.notice syslog-ng[14032]: Syslog connection established; fd='10', server='AF_INET(<our ip>:514)', local='AF_INET(0.0.0.0:0)'
I am using the following configuration on the clients:
destination d_net_wimdu { syslog(<our ip> transport("tcp") port(514) log-fifo-size(2048)); };
log { source(s_src); source(s_net); destination(d_net_wimdu); };
And on the server:
source s_net { syslog(ip(0.0.0.0) transport("tcp") max-connections(300) log-iw-size(3300) so_rcvbuf(8000000000) port(514)); };
log { source(s_net); destination(d_file_w); };
destination d_prog_logparser { program("< logparser_bin >" template(t_w_filetemplate) log_fifo_size(90000000) flags(no-multi-line)); };
log { source(s_net); destination(d_prog_logparser); flags(flow-control); };
Any idea how I can even debug this?
Thank you
--
[image: Wimdu] <http://www.wimdu.com/>*Wimdu GmbH* - Voltastraße 5, 13355 Berlin, Germany *Managing Directors* - Arne Bleckwenn, Hinrich Dreiling *Commercial Register Number* - 129773 B Berlin[image: Contact] <contact@wimdu.com>[image: Blog] <http://blog.wimdu.com/?wt_vi=signature
[image: FB] <http://www.facebook.com/wimdu>[image: TW] <http://www.twitter.com/wimdu>[image: G+] <http://www.google.com/+wimdu [image: YT] <http://www.youtube.com/wimtubechannel>[image: GH] <https://github.com/wimdu>[image: LI] <http://www.linkedin.com/company/wimdu-gmbh>[image: XI] <http://www.xing.com/companies/wimdu>
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Balazs Scheidler
-
Moitshepi Dikota
-
Simão Mata