|
bjornf
|
 |
« on: October 29, 2009, 06:08:43 am » |
|
Hi,
We've experienced an outage when one syslog server which we sent logs further to went down. We used TCP to send logs to this syslog server. When this happened our syslog-ng server stopped accepting UDP syslog sources in general , but TCP sources continued to work. Is this a known problem? That TCP still worked could perhaps be due to the fact that we partly use different IP's to receive TCP and UDP syslog. Removal of the destination that was down and restart seems to have solved the problem.
Here's output from log when TCP Syslog destination went down:
syslog-ng[29889]: EOF occurred while idle; fd='11'
Oct 27 04:12:31 syslog-ng[29889]: Syslog connection broken; fd='11', server='AF_INET(x.x.x.x:514)', time_reopen='60'
Oct 27 04:13:31 syslog-ng[29889]: Syslog connection failed; fd='11', server='AF_INET(x.x.x.x:514)', error='Connection refused (111)', time_reopen='60'
Oct 27 04:14:31 syslog-ng[29889]: Syslog connection failed; fd='20', server='AF_INET(x.x.x.x:514)', error='Connection refused (111)', time_reopen='60'
We're running Balabits version 3.0.4 for RHEL 5 64bit version(syslog-ng-3.0.4-1.rhel5).
Regards, Bjorn
|
