[syslog-ng] TCP Resets
Michael Starks
syslog-ng-list at michaelstarks.com
Tue Sep 29 00:54:22 CEST 2015
On 09/28/2015 03:57 PM, Michael Starks wrote:
> I am running syslog-ng 3.4.7 as distributed by ELSA. I have a problem
> whereby nxlog agents (v2.9.1347) making a new TCP connection to the
> syslog-ng server repeatedly show lines like this in nxlog.log:
> 2015-09-28 14:28:25 INFO reconnecting in 1 seconds
>
> Many connections are working, but it especially has a problem with new
> agents coming online. Sometimes when I restart syslog-ng it helps, but
> not always.
<snip>
By George I think it's fixed!
So even though I was running syslog-ng in the foreground and in debug
mode, the filter I had in place looking for dropped messages was
filtering out the wrong thing. I *was* having dropped messages at first,
but there was something else going on as well. I saw lots of these after
I took out the grep and started to poke around: Number of allowed
concurrent connections reached, rejecting connection;
client='AF_INET(172.16.1.109:2308)', local='AF_INET(0.0.0.0:514)', max='10'
So after Googling a bit, I learned that the default max TCP connections
is 10. That strikes me as a very low value for a log server.
So I added this to the appropriate line: max-connections(500).
Now I see lots of established sessions and no more RSTs! I think the
inconsistency before was due to whichever 10 hosts got there first after
restarting got one of the 10 sessions.
Looks like it was a combination of things.
More information about the syslog-ng
mailing list