Hi all, I have an central syslog host on hpux 11.0 running syslog-ng-1.6.2 for five linux systems (pns[3-7]). The linux systems send syslog data via tcp to port 10514 on the hpux system (pns1). The hpux system listen on that port, gets the data and put them into a file called 'cic.log' as well as to localhost Port 10514, where a ssh-tunnel is listening. The normal behaviour is like root@pns1:/> netstat -a | grep 10514 tcp 0 0 localhost.49297 localhost.10514 TIME_WAIT tcp 0 0 pns1.10514 *.* LISTEN tcp 0 0 localhost.10514 *.* LISTEN tcp 98 0 localhost.10514 localhost.49153 ESTABLISHED tcp 0 0 pns1.10514 pns3.55228 ESTABLISHED tcp 98 0 pns1.10514 pns4.16048 ESTABLISHED tcp 0 0 pns1.10514 pns5.55717 ESTABLISHED tcp 0 0 pns1.10514 pns6.32356 ESTABLISHED tcp 0 0 pns1.10514 pns7.49633 ESTABLISHED tcp 0 98 localhost.49153 localhost.10514 ESTABLISHED root@pns1:/> After a 'kill -HUP $PID' due to confoguration changes of the syslog-ng process on the hpux box the syslog-ng doesn't get anymore data via tcp (the file cic.log as well as the stream to the tunnel are empty). The netstat output is like root@pns1:/var/adm/syslog> netstat -a | grep 514 tcp 0 0 localhost.49618 localhost.10514 TIME_WAIT tcp 0 0 localhost.49587 localhost.10514 TIME_WAIT tcp 0 0 localhost.49619 localhost.10514 ESTABLISHED tcp 0 0 pns1.10514 pns3.55228 FIN_WAIT_2 tcp 0 0 pns1.10514 pns4.16048 FIN_WAIT_2 tcp 0 0 pns1.10514 pns5.55717 FIN_WAIT_2 tcp 0 0 pns1.10514 pns6.32356 FIN_WAIT_2 tcp 0 0 pns1.10514 pns7.49633 FIN_WAIT_2 tcp 0 0 localhost.10514 *.* LISTEN tcp 0 0 pns1.10514 *.* LISTEN tcp 0 0 localhost.10514 localhost.49619 ESTABLISHED root@pns1:/var/adm/syslog> It seems to me that the state 'FIN_WAIT_2' doesn't allow the hpux syslog-ng to accept data from the linux clients and this state is quite very long. Then I inserted the prameter 'keep-alive(no)' into the configuration file of the hpux box but it doesn't help. The only thing that helps is a 'service syslog-ng restart' on every linux client. But that cannot be done autimatically ;-(( and is not the preferred way. Maybe there are some problems in the tcp/ip code of syslog-ng running on hpux? Thanks for helping me! regards Stephan
Stephan Hendl <Stephan.Hendl@lds.brandenburg.de> - Thu, Jul 01, 2004:
It seems to me that the state 'FIN_WAIT_2' doesn't allow the hpux syslog-ng to accept data from the linux clients and this state is quite very long.
I could not reproduce this on my Linux 2.6 system: - I killed syslog-ng with SIGTERM, SIGINT, SIGKILL, and SIGHUP while a telnet connection was open to the TCP port; - I restarted syslog-ng as soon as it was dead, and telneted successfully to the same port again, and syslog-ng saw my connection. Could it be a problem on the client side? My TCP connection gets closed when I kill -HUP syslog-ng. Or could it be a socket(7) option missing on the listening TCP socket? I do a setsockopt with SO_REUSEADDR on my sockets prior to binding them, which does not seem to be in syslog-ng. -- Loïc Minier <lool@dooz.org>
participants (2)
-
Loic Minier
-
Stephan Hendl