Hello list, this morning I had some problems with my syslog system I am adding lots of server to send TCP logs to the syslog-ng server. But there are not on the server. After readingon the web, I notice that there is a max-connections parameter on the TCP. So I fix to 50. With this there are more logs, then I added 100 and there more. So I fix it to 1000: source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); tcp(max-connections(1000)); }; Is this a good idea? How can I check if this is a good maximum connection value? Thanks for all your help and best regards.
Josu Lazkano <josu.lazkano@barcelonamedia.org> writes:
Hello list, this morning I had some problems with my syslog system I am adding lots of server to send TCP logs to the syslog-ng server. But there are not on the server.
After readingon the web, I notice that there is a max-connections parameter on the TCP. So I fix to 50. With this there are more logs, then I added 100 and there more.
So I fix it to 1000:
source s_all { internal(); unix-stream("/dev/log"); file("/proc/kmsg" log_prefix("kernel: ")); tcp(max-connections(1000)); };
Is this a good idea?
How can I check if this is a good maximum connection value?
The kernel-imposed limit is that each connection and each destination is a separate file descriptor, and the number of open file descriptors / process is usually limited. On most Linux systems, that is 1024. The total number of open files and TCP connections therefore is limited to 1024. However, this limit can also be raised, using ulimit (and perhaps poking into various configuration files, such as /etc/security/limits.conf). -- |8]
On 07/15/2011 01:46 PM, Gergely Nagy wrote:
However, this limit can also be raised, using ulimit (and perhaps poking into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is configured to use it, and the session is spawned by something that uses PAM; in general, things started by init.d at boot-time do not meet that criteria. Just fyi. :) -- Daniel Maher « makin' plans now to live on Mars 'cuz I got Earth on lock. »
Daniel Maher <dmaher@milestonelab.com> writes:
On 07/15/2011 01:46 PM, Gergely Nagy wrote:
However, this limit can also be raised, using ulimit (and perhaps poking into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is configured to use it, and the session is spawned by something that uses PAM; in general, things started by init.d at boot-time do not meet that criteria.
Yep, that's why I mentioned it in brackets only, and suggested ulimit as the primary means of achieving the goal ;) -- |8]
Hello, thanks for your help. I check my syslog file and this is what I get with max-connections(10): Jul 15 12:54:17 s_all@logserver syslog-ng[20780]: Number of allowed concurrent connections exceeded; num='10', max='10' I just change to max-connections(500) and it works great. I will read more about ulimit option. Best regards. -----Mensaje original----- De: syslog-ng-bounces@lists.balabit.hu [mailto:syslog-ng-bounces@lists.balabit.hu] En nombre de Gergely Nagy Enviado el: lunes, 18 de julio de 2011 15:28 Para: Syslog-ng users' and developers' mailing list Asunto: Re: [syslog-ng] max-connections(1000) Daniel Maher <dmaher@milestonelab.com> writes:
On 07/15/2011 01:46 PM, Gergely Nagy wrote:
However, this limit can also be raised, using ulimit (and perhaps poking into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is configured to use it, and the session is spawned by something that uses PAM; in general, things started by init.d at boot-time do not meet that criteria.
Yep, that's why I mentioned it in brackets only, and suggested ulimit as the primary means of achieving the goal ;) -- |8] ______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
On Mon, 2011-07-18 at 15:33 +0200, Josu Lazkano wrote:
Hello, thanks for your help.
I check my syslog file and this is what I get with max-connections(10):
Jul 15 12:54:17 s_all@logserver syslog-ng[20780]: Number of allowed concurrent connections exceeded; num='10', max='10'
I just change to max-connections(500) and it works great.
I will read more about ulimit option.
there's also --fd-limit command line option for syslog-ng to make it easier to increase. -- Bazsi
participants (4)
-
Balazs Scheidler
-
Daniel Maher
-
Gergely Nagy
-
Josu Lazkano