[syslog-ng]Problem with TCP connection not timing out
ARGEXT-HIDALGO, FRANCISCO
syslog-ng@lists.balabit.hu
Wed, 22 Dec 2004 17:16:54 -0300
I'm really not sure what the problem is, I'm logging with a server in =
different countries and they send through TCP the logs to a central =
server. The problem I'm having is that the central server is not =
dropping TCP connections that no longer exist.
As an example:
CENTRAL SERVER:
TCP
Local Address Remote Address Swind Send-Q Rwind Recv-Q =
State
-------------------- -------------------- ----- ------ ----- ------ =
-------
CENTRAL.shell syslogA.33969 5840 0 10136 0 =
ESTABLISHED
CENTRAL.shell syslogB.4930 5840 0 10136 0 =
ESTABLISHED
CENTRAL.shell syslogC.33924 24820 0 8760 0 =
ESTABLISHED
CENTRAL.shell syslogC.33925 24820 0 8760 0 =
ESTABLISHED
CENTRAL.shell syslogD.44925 5840 0 10136 0 =
ESTABLISHED
CENTRAL.shell syslogE.32783 24820 0 8760 0 =
ESTABLISHED
CENTRAL.shell syslogC.33926 24820 0 8760 0 =
ESTABLISHED
CENTRAL.22 host.1624 51968 0 10136 0 ESTABLISHED
CENTRAL.shell syslogD.44934 5840 0 10136 0 =
ESTABLISHED
SYSLOGC:
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q =
State
-------------------- -------------------- ----- ------ ----- ------ =
-------
syslogC.33926 CENTRAL.shell 8760 0 24820 0 =
ESTABLISHED
SyslogC.22 host.4663 57920 0 24616 0 =
ESTABLISHED
Notice that the active conection is the one from SyslogC port 33926, but =
CentralSyslog has 3 established connections (33924, 33925 and 33926), =
33924 is active since some days ago, but doesn't exist in the original =
server. The problem is that my total connections allowed start to fill =
up and then I can no longer connect.
Any ideas on what could this be?
Thank you.