[syslog-ng] increasing number of TCP connections from same number of remote hosts
Balazs Scheidler
bazsi at balabit.hu
Thu Jan 24 11:27:41 CET 2008
On Thu, 2008-01-24 at 08:39 +0100, Nagy Daniel wrote:
> Hi,
>
> It's syslog-ng v2.0.7 on RHEL4, compiled from source.
> The system is a log server, it receives logs via TCP from
> various clients.
>
> After restarting syslog-ng, netstat -t shows that each remote
> host open only one TCP connection to the server, which is normal.
> The problem is, that the number of established TCP connections
> is increasing constantly, but the number of clients is the same.
>
>
> For example netstat -t --numeric-ports | grep fmx23 now shows:
>
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:52391 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:50852 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:50172 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:59367 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:50979 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:55828 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:53013 ESTABLISHED
> tcp 0 0 barapp1:514
> fmx23.freemail.privat:50038 ESTABLISHED
>
> Why is that? AFAIK there should be only one established connection
> per client. Is it a server or client problem?
Hmm.. strange, it should not do that. It is probably a client problem,
can you check if it is indeed the syslog-ng process that opens these
connections?
Can you see messages like this on the client:
msg_error("Connection broken",
evt_tag_int("time_reopen", self->time_reopen),
NULL);
If you enable verbose logging, somewhat more information should be
displayed about the reasons why syslog-ng reconnects.
--
Bazsi
More information about the syslog-ng
mailing list