[syslog-ng] Constant disconnects

Tim Boyer tim at denmantire.com
Wed Jun 27 01:19:49 CEST 2007 

> 
> On Tue, 2007-06-26 at 10:45 -0400, Tim Boyer wrote:
> > I'm running 2.0.0, and have eight remote servers logging to 
> a central
> > server.  Seven of those servers are running fine; the 
> eighth keeps getting
> > log messages like this:
> > 
> > Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: 
> syslog-ng starting
> > up; version='2.0.0'
> > Jun 26 10:41:33 kyushu.denmantire.com syslog-ng: syslog-ng 
> startup succeeded
> > Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: EOF 
> occurred while
> > idle;fd='5'
> > Jun 26 10:41:33 kyushu.denmantire.com syslog-ng[6829]: 
> Connection broken;
> > time_reopen='60'
> > 
> > My first assumption was a firewall problem, but tcpdump 
> says that data's
> > getting there:
> > 
> > 10:42:49.013423 IP kyushu-vpn-cli.denmantire.com.37759 >
> > buran.denmantire.com.5142: S 1168830611:1168830611(0) win 5840 <mss
> > 1460,sackOK,timestamp 316509070 0,nop,wscale 2>
> > 10:42:49.014768 IP buran.denmantire.com.5142 >
> > kyushu-vpn-cli.denmantire.com.37759: S 
> 845996771:845996771(0) ack 1168830612
> > win 5792 <mss 1460,sackOK,timestamp 39334539 316509070,nop,wscale 7>
> > 
> > Any ideas what could be causing the connection to drop - 
> but only on this
> > server?
> 
> The "EOF" occurred while idle means that syslog-ng sensed 
> incoming data
> on a simplex channel, this should only happen if the remote end is
> closing the channel.
> 
> Please start tcpdump on the given connection and check what kind of
> packets go through when the connection is broken.
> 
> You should see a FIN packet or a packet data has data payload. This
> should never happen.
> 
> -- 
> Bazsi

Not seeing it:

[root at buran tmp]# tcpdump port 5142
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
19:15:46.504529 IP kyushu-vpn-cli.denmantire.com.38378 >
buran.denmantire.com.5142: S 3593561021:3593561021(0) win 5840 <mss
1460,sackOK,timestamp 347293143 0,nop,wscale 2>
19:15:46.506014 IP buran.denmantire.com.5142 >
kyushu-vpn-cli.denmantire.com.38378: S 3279541618:3279541618(0) ack
3593561022 win 5792 <mss 1460,sackOK,timestamp 47028610 347293143,nop,wscale
7>
19:15:46.720099 IP kyushu-vpn-cli.denmantire.com.38378 >
buran.denmantire.com.5142: . ack 1 win 1460 <nop,nop,timestamp 347293280
47028610>
19:15:46.720119 IP kyushu-vpn-cli.denmantire.com.38378 >
buran.denmantire.com.5142: P 1:101(100) ack 1 win 1460 <nop,nop,timestamp
347293280 47028610>
19:15:46.720128 IP buran.denmantire.com.5142 >
kyushu-vpn-cli.denmantire.com.38378: . ack 101 win 46 <nop,nop,timestamp
47028664 347293280>
19:15:46.720505 IP buran.denmantire.com.5142 >
kyushu-vpn-cli.denmantire.com.38378: R 1:1(0) ack 101 win 46
<nop,nop,timestamp 47028664 347293280>
19:15:46.785157 IP kyushu-vpn-cli.denmantire.com.38378 >
buran.denmantire.com.5142: P 101:183(82) ack 1 win 1460 <nop,nop,timestamp
347293422 47028664>
19:15:46.785204 IP buran.denmantire.com.5142 >
kyushu-vpn-cli.denmantire.com.38378: R 3279541619:3279541619(0) win 0
 
Jun 26 19:15:46 kyushu.denmantire.com syslog-ng: syslog-ng startup succeeded
Jun 26 19:15:46 kyushu.denmantire.com syslog-ng[20057]: EOF occurred while
idle; fd='5'
Jun 26 19:15:46 kyushu.denmantire.com syslog-ng[20057]: Connection broken;
time_reopen='60'

-- tim --

More information about the syslog-ng mailing list