[syslog-ng] closing inactive or idle incoming connections
erempel at uvic.ca
Tue Apr 6 14:35:27 UTC 2021
Using syslog-ng 3.26 at the moment but can use the latest if the options
are available or easier.
Is there a way to configure the idle timeout for incoming connections.
I have a use case where we want to log from a mobile work force, which
can be anywhere on the internet. This means that our syslog server needs
to be open to the internet. The bad guys are connecting to our port and
not sending anything, just tying up the port.
The port requires a certificate so is "safe", however, the connection is
consumed for approx 2 hours before syslog-ng dropes the connection with
syslog-ng: Error reading RFC6587 style framed data; fd='3769',
error='Connection timed out (110)'
syslog-ng: Syslog connection closed; fd='4509',
Is there a way to configure syslog-ng to drop the connection if it does
not receive the certificate in 60 seconds?
Is there a way to configure syslog-ng to drop the connection if no
syslog messages are received in 10 minutes?
More information about the syslog-ng