[syslog-ng] connection broken every few minutes

Wed Aug 13 12:57:33 CEST 2014

Anything that might affect tcp connection state: firewalls, load balancers,
"smart” network gear.

Try tcpdumping the connection and look for TCP RST and or normal closures
with FIN and the like.

You can also get a clue by using strace on syslog-ng, but tcpdump had more
details.
On Aug 12, 2014 5:53 PM, "Simão Mata" <simao.mata at wimdu.com> wrote:

> Hello,
>
> Our syslog-ng clients are losing their connection to our central log
> server every few minutes.
>
> In the client I have the following log:
>
> 2014-08-12T15:44:02+00:00 wimdu-app07 syslog.notice syslog-ng[14032]:
> Syslog connection broken; fd='10', server='AF_INET(<our ip>:514)',
> time_reopen='1'
> 2014-08-12T15:44:03+00:00 wimdu-app07 syslog.notice syslog-ng[14032]:
> Syslog connection established; fd='10', server='AF_INET(<our ip>:514)',
> local='AF_INET(0.0.0.0:0)'
>
>
> I am using the following configuration on the clients:
>
>
> destination d_net_wimdu {
>     syslog(<our ip>
>     transport("tcp")
>     port(514)
>     log-fifo-size(2048));
> };
>
> log { source(s_src); source(s_net); destination(d_net_wimdu); };
>
> And on the server:
>
>
>
> source s_net {
>     syslog(ip(0.0.0.0)
>     transport("tcp")
>     max-connections(300)
>     log-iw-size(3300)
>     so_rcvbuf(8000000000)
>     port(514));
> };
>
> log {
>     source(s_net);
>     destination(d_file_w);
> };
>
> destination d_prog_logparser {
>     program("< logparser_bin >"
>     template(t_w_filetemplate)
>     log_fifo_size(90000000)
>     flags(no-multi-line));
> };
>
> log {
>   source(s_net);
>   destination(d_prog_logparser);
>   flags(flow-control);
> };
>
>
> Any idea how I can even debug this?
>
> Thank you
>
>
> --
>
> [image: Wimdu] <http://www.wimdu.com/>*Wimdu GmbH* - Voltastraße 5, 13355
> Berlin, Germany
> *Managing Directors* - Arne Bleckwenn, Hinrich Dreiling
> *Commercial Register Number* - 129773 B Berlin[image: Contact]
> <contact at wimdu.com>[image: Blog] <http://blog.wimdu.com/?wt_vi=signature
> >[image:
> FB] <http://www.facebook.com/wimdu>[image: TW]
> <http://www.twitter.com/wimdu>[image: G+] <http://www.google.com/+wimdu
> >[image:
> YT] <http://www.youtube.com/wimtubechannel>[image: GH]
> <https://github.com/wimdu>[image: LI]
> <http://www.linkedin.com/company/wimdu-gmbh>[image: XI]
> <http://www.xing.com/companies/wimdu>
>
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation:
> http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.balabit.com/wiki/syslog-ng-faq
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20140813/fea22a7c/attachment.htm 