[syslog-ng] help- Problem with TCP Based Centralized LogServer using Syslog-ng

Padmanabhan, Rajeesh (GE Healthcare) Rajeesh.Padmanabhan at ge.com
Tue Oct 31 12:54:36 CET 2006

 Hi Bazsi,

Im using a Red Hat Enterprise Linux AS 4.0 as Syslog-ng Server (
Centralized Log Server).
I have got Syslog-ng 1.6 running on Solaris 8.0 and Syslog-ng 2.0rc1
running on Linux AS 4.0. All the logs from clients ( Both Linux &
Solaris ) are transferred to Syslog-ng Server ( Centralized Log Server)
on TCP Based communication(Destination).
I restarted the Central Log Server after I noticed the error messages in
Clients. After I restarted the server, server is able to accept the
Thanks a lot for your quick response.


-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs
Sent: Tuesday, October 31, 2006 4:29 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] help- Problem with TCP Based Centralized
LogServer using Syslog-ng

On Tue, 2006-10-31 at 14:52 +0530, Padmanabhan, Rajeesh (GE Healthcare)
>  Hi
> Im trying to setup a centralized, TCP Based Log Server using 
> Syslog-ng. Syslog-ng server stops accepting logs from clients 
> intermediatley.
> It works again, once i restart the syslog-ng server. Im getting 
> following error messages from clients.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Oct 18 10:29:28 System1 syslog-ng[11745]: Connection broken; 
> time_reopen='60'
> Oct 18 15:06:26 RADIUM syslog-ng[4999]: io.c: do_write: write() failed

> (errno 32), Broken pipe Oct 18 15:06:26 RADIUM syslog-ng[4999]: 
> pkt_buffer::do_flush(): Error flushing data Oct 18 15:06:26 RADIUM 
> syslog-ng[4999]: Connection broken to AF_INET(, 
> reopening in 10 seconds
>  syslog-ng[13843]: Connection failed; error='Connection refused 
> (111)', time_reopen='60
>  syslog-ng[302]: Error connecting to remote host 
> AF_INET(, reattempting in 10 seconds
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Please help me...

I'm sorry but you need to give further details, like OS, architecture
syslog-ng version that you used.

When did you receive the messages above? after restarting syslog-ng or
was this the reason why you restarted syslog-ng in the first place?

Because restarting syslog-ng naturally breaks existing connections and
there's a small race of opportunity while the port is closed and clients
try to connect to it, in this case you get connection refused.

So all in all we'd need more information in order to help you.


syslog-ng maillist  -  syslog-ng at lists.balabit.hu
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list