[syslog-ng]problem on HPUX with s_tcp snd d_tcp

Stephan Hendl syslog-ng@lists.balabit.hu
Thu, 01 Jul 2004 12:49:25 +0200 

Hi all,

I have an central syslog host on hpux 11.0 running syslog-ng-1.6.2 for
five linux systems (pns[3-7]). The linux systems send syslog data via
tcp to port 10514 on the hpux system (pns1).

The hpux system listen on that port, gets the data and put them into a
file called 'cic.log' as well as to localhost Port 10514, where a
ssh-tunnel is listening. The normal behaviour is like

root@pns1:/> netstat -a | grep 10514
tcp        0      0  localhost.49297        localhost.10514        
TIME_WAIT
tcp        0      0  pns1.10514             *.*                    
LISTEN
tcp        0      0  localhost.10514        *.*                    
LISTEN
tcp       98      0  localhost.10514        localhost.49153        
ESTABLISHED
tcp        0      0  pns1.10514             pns3.55228             
ESTABLISHED
tcp       98      0  pns1.10514             pns4.16048             
ESTABLISHED
tcp        0      0  pns1.10514             pns5.55717             
ESTABLISHED
tcp        0      0  pns1.10514             pns6.32356             
ESTABLISHED
tcp        0      0  pns1.10514             pns7.49633             
ESTABLISHED
tcp        0     98  localhost.49153        localhost.10514        
ESTABLISHED
root@pns1:/>

After a 'kill -HUP $PID' due to confoguration changes of the syslog-ng
process on the hpux box the syslog-ng doesn't get anymore data via tcp
(the file cic.log as well as the stream to the tunnel are empty). The
netstat output is like

root@pns1:/var/adm/syslog> netstat -a | grep 514
tcp        0      0  localhost.49618        localhost.10514        
TIME_WAIT
tcp        0      0  localhost.49587        localhost.10514        
TIME_WAIT
tcp        0      0  localhost.49619        localhost.10514        
ESTABLISHED
tcp        0      0  pns1.10514             pns3.55228             
FIN_WAIT_2
tcp        0      0  pns1.10514             pns4.16048             
FIN_WAIT_2
tcp        0      0  pns1.10514             pns5.55717             
FIN_WAIT_2
tcp        0      0  pns1.10514             pns6.32356             
FIN_WAIT_2
tcp        0      0  pns1.10514             pns7.49633             
FIN_WAIT_2
tcp        0      0  localhost.10514        *.*                    
LISTEN
tcp        0      0  pns1.10514             *.*                    
LISTEN
tcp        0      0  localhost.10514        localhost.49619        
ESTABLISHED
root@pns1:/var/adm/syslog>

It seems to me that the state 'FIN_WAIT_2' doesn't allow the hpux
syslog-ng to accept data from the linux clients and this state is quite
very long. 

Then I inserted the prameter 'keep-alive(no)' into the configuration
file of the hpux box but it doesn't help. The only thing that helps is a
'service syslog-ng restart' on every linux client. But that cannot be
done autimatically ;-(( and is not the preferred way. Maybe there are
some problems in the tcp/ip code of syslog-ng running on hpux?

Thanks for helping me!

regards
Stephan