syslog-ng 1.5.17 and tcp-keep-alive not working
Hallo! I want to do a centralized sysloging, where some embedded devices, running a ppc version of linux 2.2.14, also running syslog-ng 1.5.17 shall log their data received bei some Interfaces to a central loghost. In a test scenario, with the loghost being syslog-ng 1.6.5, and running on a different port than the system syslog, everything is fine via udp and tcp with basic features. Some tests show, that when the syslog-ng on the loghost receives a -HUP, the connection is dropped, unless the option "keep-alive(yes)" is configured, like in the following example: source s_tcp { tcp(ip(0.0.0.0) port(8514) max-connections(100) keep-alive(yes)); }; with that config the loghost is working. So now I wanted to activate tcp keepalive on the client, in the hope, that whenever the syslog server closed the connection, that the client can reopen it upon new data arriving, what it is not doing in the basic config: working: destination syslog_server { tcp("10.0.0.1" port(8514)); } new line: destination syslog_server { tcp("10.0.0.1" port(8514) tcp-keep-alive(yes)); } But: [root@test /root]# syslog-ng parse error at 199 Parse error reading configuration file, exiting. (line 199) [root@test /root]# head -199 /etc/syslog-ng/syslog-ng.conf |tail -1 destination syslog_server { tcp("10.0.0.1" port(8514) tcp-keep-alive(yes)); }; Could someone enlighten me if a) syslog-ng 1.5 understands the "tcp-keep-alive" directive b) my thoughts are correct regarding the re-establishment of the tcp connection Thanks in advance Olaf -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)
On Wed, 2005-06-15 at 17:32 +0200, Olaf Hoyer wrote:
Hallo!
So now I wanted to activate tcp keepalive on the client, in the hope, that whenever the syslog server closed the connection, that the client can reopen it upon new data arriving, what it is not doing in the basic config:
tcp-keep-alive enables the SO_KEEPALIVE socket option, thus sends TCP keepalive packets form time to time, and indicates a broken connection when those packets are not properly acked. So it basically detects IP connectivity without actually sending messages.
[root@test /root]# syslog-ng parse error at 199 Parse error reading configuration file, exiting. (line 199)
[root@test /root]# head -199 /etc/syslog-ng/syslog-ng.conf |tail -1 destination syslog_server { tcp("10.0.0.1" port(8514) tcp-keep-alive(yes)); };
tcp-keep-alive was added in syslog-ng 1.6.3 -- Bazsi
On Thu, 16 Jun 2005, Balazs Scheidler wrote:
On Wed, 2005-06-15 at 17:32 +0200, Olaf Hoyer wrote:
Hallo!
So now I wanted to activate tcp keepalive on the client, in the hope, that whenever the syslog server closed the connection, that the client can reopen it upon new data arriving, what it is not doing in the basic config:
tcp-keep-alive enables the SO_KEEPALIVE socket option, thus sends TCP keepalive packets form time to time, and indicates a broken connection when those packets are not properly acked. So it basically detects IP connectivity without actually sending messages.
Ahh, ok. makes sense. But how do I solve my problem, that, whenever the syslog-ng on the loghost has to be restarted or other problems, that I have to manually restart the syslog-ng on the client? There are some scenarios, where on the loghost the syslog-ng does not only get a SIGHUP, but might die and needs to be restarted, some admin or startscript does a full stop/start etc. So in that case it would be fine if the client can upon detection of a terminated tcp connection try to re-establish it, therefore avoiding the manual restart of syslog-ng on the client side. How can this be solved? With kind regards Olaf Hoyer -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)
On Thu, 2005-06-16 at 12:16 +0200, Olaf Hoyer wrote:
On Thu, 16 Jun 2005, Balazs Scheidler wrote:
On Wed, 2005-06-15 at 17:32 +0200, Olaf Hoyer wrote:
Hallo! tcp-keep-alive enables the SO_KEEPALIVE socket option, thus sends TCP keepalive packets form time to time, and indicates a broken connection when those packets are not properly acked. So it basically detects IP connectivity without actually sending messages.
Ahh, ok. makes sense. But how do I solve my problem, that, whenever the syslog-ng on the loghost has to be restarted or other problems, that I have to manually restart the syslog-ng on the client?
There are some scenarios, where on the loghost the syslog-ng does not only get a SIGHUP, but might die and needs to be restarted, some admin or startscript does a full stop/start etc.
So in that case it would be fine if the client can upon detection of a terminated tcp connection try to re-establish it, therefore avoiding the manual restart of syslog-ng on the client side.
How can this be solved?
This is how it works. syslog-ng automatically reconnects if the connection is broken. 1.5.17 might not be perfect in this regard however, this functionality had some bugs in the past. (1.5.17 is a development release, 1.6.x is stable series) -- Bazsi
On Thu, 16 Jun 2005, Balazs Scheidler wrote:
Ahh, ok. makes sense. But how do I solve my problem, that, whenever the syslog-ng on the loghost has to be restarted or other problems, that I have to manually restart the syslog-ng on the client?
There are some scenarios, where on the loghost the syslog-ng does not only get a SIGHUP, but might die and needs to be restarted, some admin or startscript does a full stop/start etc.
So in that case it would be fine if the client can upon detection of a terminated tcp connection try to re-establish it, therefore avoiding the manual restart of syslog-ng on the client side.
How can this be solved?
This is how it works. syslog-ng automatically reconnects if the connection is broken. 1.5.17 might not be perfect in this regard however, this functionality had some bugs in the past. (1.5.17 is a development release, 1.6.x is stable series)
Ahh, ok- I already assumed so. I would have liked to test against both 1.6.x versions of syslog-ng, but because of being the one of them an embedded device, I could not test this with the concrete application. It also looks like that on the loghost itself after stop/start of syslog-ng, the tcp socket enters FIN_WAIT_2, and on the client CLOSE_WAIT. After some time (I had to wait several minutes, will do some timing measurements later, to check for the CLOSE_WAIT timeout) I sent 3 messages, the first 2 got lost, the third arrived. So the session has been reestablished as it should, and some data has been lost, which also was foreseeable. Hmm, I'll make some timing tests and will post the results... Thanks a lot Olaf -- Olaf Hoyer ohoyer@ohoyer.de Fuerchterliche Erlebniss geben zu raten, ob der, welcher sie erlebt, nicht etwas Fuerchterliches ist. (Nietzsche, Jenseits von Gut und Boese)
participants (2)
-
Balazs Scheidler
-
Olaf Hoyer