Hi, I found the timeout issue. It turns out that the keep_alive is not generated by Syslog-NG but by the OS. I adjusted the following values: tcp_keepalive_time tcp_keepalive_intvl tcp_keepalive_probes First in the live Kernel with the command : sysctl -w net.ipv4.tcp_keepalive_time=180 net.ipv4.tcp_keepalive_intvl=180 net.ipv4.tcp_keepalive_probes=9 Then I made it permanent with adding to /etc/sysctl.conf: cat >>/etc/sysctl.conf <<EOF # # Keepalive parameters for the syslog-ng # net.ipv4.tcp_keepalive_time = 180 net.ipv4.tcp_keepalive_intvl = 180 net.ipv4.tcp_keepalive_probes = 9 EOF You can verify your work is done with the following command: sysctl net.ipv4.tcp_keepalive_time net.ipv4.tcp_keepalive_intvl net.ipv4.tcp_keepalive_probes net.ipv4.tcp_keepalive_time = 180 net.ipv4.tcp_keepalive_intvl = 180 net.ipv4.tcp_keepalive_probes = 9 I found the information from this URL: http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html Maybe it could be mentioned in the documentation that the so_keep-alive option can be tweaked at the kernel level. Regards, ------------------------------ Message: 8 Date: Tue, 3 Jan 2012 17:46:06 -0500 From: Andr? Larose <andre.larose@telus.com<mailto:andre.larose@telus.com>> Subject: [syslog-ng] Syslog-ng 3.2 connection timeout with firewall To: "syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>" <syslog-ng@lists.balabit.hu<mailto:syslog-ng@lists.balabit.hu>> Message-ID: <BDB004F99074254BBCEE3AB94F31FDF5435439F706@WP40066.corp.ads<mailto:BDB004F99074254BBCEE3AB94F31FDF5435439F706@WP40066.corp.ads>> Content-Type: text/plain; charset="iso-8859-1" Hi, I have two syslog-ng 3.2, one client and one server. The two are separated by a firewall and a load balancer. I noticed that after some inactivity I was not able to receive logs from my client. So I started some tcpdump on both servers to check the traffic. From what I see the firewall will close the connection after some time, so when the client sends traffic it gets dropped. I added the keep-alive(yes) and so_keep-alive(yes) and the mark_freq(60) to the configs. But I still do not see keepalive packets with tcpdump. Am I missing other parameters to have "keepalive" traffic sent ? Thank you in advance.