[syslog-ng] allowed concurrent connections - bug?
Evan Rempel
erempel at uvic.ca
Thu Feb 17 18:01:18 UTC 2022
I am having an issue that is a little difficult to reproduce so I wanted
some input from others.
I have a syslog-ng 3.35.1 that has a TLS source defined with
max-connections(10000)
After some time the server starts logging a lot of messages
syslog-ng[12802]: Number of allowed concurrent connections reached,
rejecting connection; client='AF_INET(XXXX:61062)',
local='AF_INET(YYYY:6514)', group_name='client_network_tcp',
location='/etc/syslog-ng/syslog-ng.server.conf:61:9', max='10000'
To the best of my ability I can only find about 2500 actual connections.
Both lsof and netstat report around the 2500 connections.
I had to restart syslog-ng to stop this situation.
Has anyone seen this behavior before?
I get a lot of TLS connections without a certificate.
Error reading RFC6587 style framed data
Pperhaps the counters are not decremented for those timed out connections?
--
Evan Rempel
More information about the syslog-ng
mailing list