closing inactive or idle incoming connections
Using syslog-ng 3.26 at the moment but can use the latest if the options are available or easier. Is there a way to configure the idle timeout for incoming connections. I have a use case where we want to log from a mobile work force, which can be anywhere on the internet. This means that our syslog server needs to be open to the internet. The bad guys are connecting to our port and not sending anything, just tying up the port. The port requires a certificate so is "safe", however, the connection is consumed for approx 2 hours before syslog-ng dropes the connection with syslog-ng[22490]: Error reading RFC6587 style framed data; fd='3769', error='Connection timed out (110)' syslog-ng[22490]: Syslog connection closed; fd='4509', client='AF_INET()', local='AF_INET()' Is there a way to configure syslog-ng to drop the connection if it does not receive the certificate in 60 seconds? Is there a way to configure syslog-ng to drop the connection if no syslog messages are received in 10 minutes? Thanks, -- Evan
Hello, I could not find an option to close a connection if no syslog message is sent. In spite of that, there is an option to configure tcp-keepalive-time/probes/intervl per network source. -- kokan ________________________________________ From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Evan Rempel <erempel@uvic.ca> Sent: 06 April 2021 16:35 To: Syslog-ng users' and developers' mailing list Subject: [syslog-ng] closing inactive or idle incoming connections CAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe. Using syslog-ng 3.26 at the moment but can use the latest if the options are available or easier. Is there a way to configure the idle timeout for incoming connections. I have a use case where we want to log from a mobile work force, which can be anywhere on the internet. This means that our syslog server needs to be open to the internet. The bad guys are connecting to our port and not sending anything, just tying up the port. The port requires a certificate so is "safe", however, the connection is consumed for approx 2 hours before syslog-ng dropes the connection with syslog-ng[22490]: Error reading RFC6587 style framed data; fd='3769', error='Connection timed out (110)' syslog-ng[22490]: Syslog connection closed; fd='4509', client='AF_INET()', local='AF_INET()' Is there a way to configure syslog-ng to drop the connection if it does not receive the certificate in 60 seconds? Is there a way to configure syslog-ng to drop the connection if no syslog messages are received in 10 minutes? Thanks, -- Evan ______________________________________________________________________________ Member info: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=04%7C01%7CPeter.Kokai%40oneidentity.com%7C0d748578f4dc4ce6a31c08d8f9093c2d%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637533165375512806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=qifawNmzFxmovAo6121sUhm%2F2ty3QJd6imt6QTvXDFw%3D&reserved=0 Documentation: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=04%7C01%7CPeter.Kokai%40oneidentity.com%7C0d748578f4dc4ce6a31c08d8f9093c2d%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637533165375512806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=w1ZOGHfRjkojDFYhzUoVFN5JhAbXYK6Sfh%2BBZ2yzD8o%3D&reserved=0 FAQ: https://nam12.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=04%7C01%7CPeter.Kokai%40oneidentity.com%7C0d748578f4dc4ce6a31c08d8f9093c2d%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637533165375512806%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=do%2FX%2BK3hbvXV5341pRWx6cNiCdd308wucMT2CZUblR0%3D&reserved=0
participants (2)
-
Evan Rempel
-
Peter Kokai (pkokai)