[syslog-ng] Constant disconnects
Balazs Scheidler
bazsi at balabit.hu
Tue Jun 26 18:16:24 CEST 2007
On Tue, 2007-06-26 at 10:45 -0400, Tim Boyer wrote:
> I'm running 2.0.0, and have eight remote servers logging to a central
> server. Seven of those servers are running fine; the eighth keeps getting
> log messages like this:
>
> Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: syslog-ng starting
> up; version='2.0.0'
> Jun 26 10:41:33 kyushu.denmantire.com syslog-ng: syslog-ng startup succeeded
> Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: EOF occurred while
> idle;fd='5'
> Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: Connection broken;
> time_reopen='60'
>
> My first assumption was a firewall problem, but tcpdump says that data's
> getting there:
>
> 10:42:49.013423 IP kyushu-vpn-cli.denmantire.com.37759 >
> buran.denmantire.com.5142: S 1168830611:1168830611(0) win 5840 <mss
> 1460,sackOK,timestamp 316509070 0,nop,wscale 2>
> 10:42:49.014768 IP buran.denmantire.com.5142 >
> kyushu-vpn-cli.denmantire.com.37759: S 845996771:845996771(0) ack 1168830612
> win 5792 <mss 1460,sackOK,timestamp 39334539 316509070,nop,wscale 7>
>
> Any ideas what could be causing the connection to drop - but only on this
> server?
The "EOF" occurred while idle means that syslog-ng sensed incoming data
on a simplex channel, this should only happen if the remote end is
closing the channel.
Please start tcpdump on the given connection and check what kind of
packets go through when the connection is broken.
You should see a FIN packet or a packet data has data payload. This
should never happen.
--
Bazsi
More information about the syslog-ng
mailing list