[syslog-ng] Increase file descriptors for syslog-ng.

Scheidler, Bal√°zs balazs.scheidler at balabit.com
Fri Mar 10 05:24:07 UTC 2017

On Mar 10, 2017 2:59 AM, "vijay amruth" <vijayamruth at gmail.com> wrote:

Hello everyone, Hope you are all doing great.

I am running into some issues with syslog-ng file descriptors, I have tried
to set up ulimit -n value to 65535,

*open files                      (-n) 65535*

set the parameter to the follwoing in /etc/sysctl.conf, *fs.file-max =

and tried raising the value with syslog-ng --fd-limit <number>, I get the
following error

####syslog-ng --fd-limit 8192
WARNING: Configuration file format is too old, syslog-ng is running in
compatibility mode Please update it to use the syslog-ng 3.5 format at your
time of convinience, compatibility mode can operate less efficiently in
some cases. To upgrade the configuration, please review the warnings about
incompatible changes printed by syslog-ng, and once completed change the
@version header at the top of the configuration file.;
WARNING: global: the default value of log_fifo_size() has changed to 10000
in syslog-ng 3.3 to reflect log_iw_size() changes for tcp()/udp() window
size changes;
Using a global log-fetch-limit() option was removed, please use a
per-source log-fetch-limit();
WARNING: window sizing for tcp sources were changed in syslog-ng 3.3, the
configuration value was divided by the value of max-connections(). The
result was too small, clamping to 100 entries. Ensure you have a proper
log_fifo_size setting to avoid message loss.; orig_log_iw_size='0',
new_log_iw_size='100', min_log_fifo_size='1300000'

These errors are not related to the FD limit setting, rather it tries you
that your config version is older than your syslog-ng version, and as
number of changes were made since the version you were previously using.

You should either remove the offending options, or adjust their value.

log-fifo-size needs to be at least 10000
log-iw-site should probably be removed
log-fetch-limit should probably be removed as well.

Once you are done with these changes, increase @version at the top of the
file, then the warnings should be gone.

The FD limit is probably set properly, the warnings had nothing to do with
that. You just need to make sure to add this parameter to the startup

and I am unable to  stop the syslog-ng service using systemctl, it
immediately re-starts, I am using centOS 7.2, I have noticed few other
people on the internet had the same problem, please advice, any help is

*OS: CentOS 7.2*
*Hardware : VM*
*Problems : 1) Unable to increase the file descriptors for syslog-ng. 2)
Unable to stop the service using systemctl stop command, it automatically
restarts right after with a new pid.*

You seem to be using 3.5.x please upgrade to 3.9.1. We did a number of
improvements wrt systemd in recent versions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170310/20183170/attachment.html>

More information about the syslog-ng mailing list