Max TCP Connections
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 G'day, I'm currently running syslog-ng 1.6.5 on Red Hat 2.1AS (syslog-ng will be upgraded to 1.6.9 shortly) as a central log server, and I'm having a problem with a growing number of TCP connections. Most hosts log to the central log server via UDP, but there are 7 remote syslog-ng servers using TCP. I currently allow up to 250 connections: source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250)); }; but this is reached within about a fortnight. I restart the daemon each week to ensure that it doesn't max out, but figure that there must be a better way. I haven't seen any specific fixes in the last few releases, so is there a particular option I need? Our network is reasonably reliable so I don't think that this is the problem, but there's always a chance ... Any thoughts? Phil -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDhoegT2yvGjk/8+MRAoeGAJ42YH4BtcjnIxoggrynxesEeHpp4gCeJT19 gOe3dRE69P3IlPI7BdV39m8= =Pbix -----END PGP SIGNATURE-----
you might want to look at using tcp-keep-alive() http://www.balabit.com/products/syslog_ng/reference-1.6/syslog-ng.html/refer... sometimes when one of your remote syslog hosts terminates their log connection, they do not fully close the TCP session. turning on tcp-keep-alive() on your central host will help fix this. On Fri, 25 Nov 2005, Philip Webster wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
G'day,
I'm currently running syslog-ng 1.6.5 on Red Hat 2.1AS (syslog-ng will be upgraded to 1.6.9 shortly) as a central log server, and I'm having a problem with a growing number of TCP connections. Most hosts log to the central log server via UDP, but there are 7 remote syslog-ng servers using TCP. I currently allow up to 250 connections:
source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250)); };
but this is reached within about a fortnight. I restart the daemon each week to ensure that it doesn't max out, but figure that there must be a better way.
I haven't seen any specific fixes in the last few releases, so is there a particular option I need? Our network is reasonably reliable so I don't think that this is the problem, but there's always a chance ...
Any thoughts?
Phil
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDhoegT2yvGjk/8+MRAoeGAJ42YH4BtcjnIxoggrynxesEeHpp4gCeJT19 gOe3dRE69P3IlPI7BdV39m8= =Pbix -----END PGP SIGNATURE----- _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks Mike, | you might want to look at using tcp-keep-alive() | http://www.balabit.com/products/syslog_ng/reference-1.6/syslog-ng.html/refer... | | sometimes when one of your remote syslog hosts terminates their log | connection, they do not fully close the TCP session. turning on | tcp-keep-alive() on your central host will help fix this. I'll monitor it over the next few weeks. Cheers Phil | I'm currently running syslog-ng 1.6.5 on Red Hat 2.1AS (syslog-ng will be | upgraded to 1.6.9 shortly) as a central log server, and I'm having a problem | with a growing number of TCP connections. Most hosts log to the central log | server via UDP, but there are 7 remote syslog-ng servers using TCP. I | currently allow up to 250 connections: | | source src_tcp { tcp(ip(x.x.x.x) port(514) max-connections(250)); }; | | but this is reached within about a fortnight. I restart the daemon each week | to ensure that it doesn't max out, but figure that there must be a better way. | -----BEGIN PGP SIGNATURE----- iD8DBQFDijLBT2yvGjk/8+MRAkiVAJ9BBSrYPQaAYewIZel1h1Hun0+uBgCg4gvU rSEkQmxE4k+IogfAUuUvx58= =g3B6 -----END PGP SIGNATURE-----
participants (2)
-
Mike
-
Philip Webster