[syslog-ng] allowed concurrent connections - bug?

Evan Rempel erempel at uvic.ca
Thu Feb 17 18:01:18 UTC 2022


I am having an issue that is a little difficult to reproduce so I wanted 
some input from others.

I have a syslog-ng 3.35.1 that has a TLS source defined with 
max-connections(10000)

After some time the server starts logging a lot of messages

syslog-ng[12802]: Number of allowed concurrent connections reached, 
rejecting connection; client='AF_INET(XXXX:61062)', 
local='AF_INET(YYYY:6514)', group_name='client_network_tcp', 
location='/etc/syslog-ng/syslog-ng.server.conf:61:9', max='10000'

To the best of my ability I can only find about 2500 actual connections.

Both lsof and netstat report around the 2500 connections.

I had to restart syslog-ng to stop this situation.

Has anyone seen this behavior before?

I get a lot of TLS connections without a certificate.

Error reading RFC6587 style framed data

Pperhaps the counters are not decremented for those timed out connections?

-- 
Evan Rempel



More information about the syslog-ng mailing list