Hi All,
I am forwarding rsyslog messages from my client node to two rsyslog remote
servers, the following is the contents of my rsyslog.conf file:
>
>
> *$ModLoad imfile*
> *$ModLoad imuxsock # provides support for local system logging (e.g. via
> logger command)*
> *$ModLoad imjournal # provides access to the systemd journal*
> *$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem*
> *$DefaultNetstreamDriver gtls*
> *$ActionSendStreamDriverAuthMode anon*
> *$ActionSendStreamDriverMode 1*
> *$WorkDirectory /var/lib/rsyslog*
> *$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat*
> *$IncludeConfig /etc/rsyslog.d/*.conf*
> *$OmitLocalLogging on*
> *$IMJournalStateFile imjournal.state*
> **.info;mail.none;authpriv.none;cron.none /var/log/messages*
> *authpriv.* /var/log/secure*
> *mail.* -/var/log/maillog*
> *cron.* /var/log/cron*
> **.emerg :omusrmsg:**
> *uucp,news.crit /var/log/spooler*
> *local7.* /var/log/boot.log*
> **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
> @@xx.xxx.xxx.107:11514*
> *authpriv.* @@xx.xxx.xxx.107:11514*
> *auth.* /var/log/audit/audit.log*
> *auth.* @@xx.xxx.xxx.107:11514*
> *kern.* @@xx.xxx.xxx.107:11514*
> *mail.* @@xx.xxx.xxx.107:11514*
> *cron.* @@xx.xxx.xxx.107:11514*
> *local7.* @@xx.xxx.xxx.107:11514*
> **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
> @@xx.xxx.xxx.196:11514*
> *authpriv.* @@xx.xxx.xxx.196:11514*
> *auth.* @@xx.xxx.xxx.196:11514*
> *kern.* @@xx.xxx.xxx.196:11514*
> *mail.* @@xx.xxx.xxx.196:11514*
> *cron.* @@xx.xxx.xxx.196:11514*
> *local7.* @@xx.xxx.xxx.196:11514**$FileCreateMode 0640*
According to my configuration at max one client can make 7 connection to
each of the two rsyslog servers, however in every one or two days i see
that some of my connection goes into CLOSE_WAIT state and does not come
back to ESTABLISHED STATE, when i check at server side the connection
would have been already closed by the server but at client side it still
shows CLOSE_WAIT, this state only gets cleared when the service at client
side is restarted, I could not figure out the root cause of this issue, can
you help?
This is output of ss command from one of the client nodes:
> *[root@dell-fcap01 ~]$ ss -n4tp '( dport = :11514 )'*
> *State Recv-Q Send-Q Local
> Address:Port Peer
> Address:Port*
> *ESTAB 0 0
> xx.xxx.xxx.7:60270
> xx.xxx.xxx.107:11514*
> *CLOSE-WAIT 1 0
> xx.xxx.xxx:34486
> xx.xxx.xxx.196:11514*
> *ESTAB 0 7185
> xx.xxx.xxx:34526
> xx.xxx.xxx.196:11514*
> *ESTAB 0 0
> xx.xxx.xxx.7:60268
> xx.xxx.xxx.107:11514*
> *ESTAB 0 0
> xx.xxx.xxx:34532
> xx.xxx.xxx.196:11514*
> *CLOSE-WAIT 1 0
> xx.xxx.xxx.7:59642
> xx.xxx.xxx.107:11514*
> *ESTAB 0 1403
> xx.xxx.xxx.7:60266
> xx.xxx.xxx.107:11514*
> *ESTAB 0 3661
> xx.xxx.xxx:34528
> xx.xxx.xxx.196:11514*
> *ESTAB 0 35163
> xx.xxx.xxx.7:60254
> xx.xxx.xxx.107:11514**ESTAB 0 0
> xx.xxx.xxx:34524
> xx.xxx.xxx.196:11514 *
Regards,
*PRATIK RANA*
*Software Engineer*
*NEC Technologies India*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
I am forwarding rsyslog messages from my client node to two rsyslog remote
servers, the following is the contents of my rsyslog.conf file:
>
>
> *$ModLoad imfile*
> *$ModLoad imuxsock # provides support for local system logging (e.g. via
> logger command)*
> *$ModLoad imjournal # provides access to the systemd journal*
> *$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem*
> *$DefaultNetstreamDriver gtls*
> *$ActionSendStreamDriverAuthMode anon*
> *$ActionSendStreamDriverMode 1*
> *$WorkDirectory /var/lib/rsyslog*
> *$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat*
> *$IncludeConfig /etc/rsyslog.d/*.conf*
> *$OmitLocalLogging on*
> *$IMJournalStateFile imjournal.state*
> **.info;mail.none;authpriv.none;cron.none /var/log/messages*
> *authpriv.* /var/log/secure*
> *mail.* -/var/log/maillog*
> *cron.* /var/log/cron*
> **.emerg :omusrmsg:**
> *uucp,news.crit /var/log/spooler*
> *local7.* /var/log/boot.log*
> **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
> @@xx.xxx.xxx.107:11514*
> *authpriv.* @@xx.xxx.xxx.107:11514*
> *auth.* /var/log/audit/audit.log*
> *auth.* @@xx.xxx.xxx.107:11514*
> *kern.* @@xx.xxx.xxx.107:11514*
> *mail.* @@xx.xxx.xxx.107:11514*
> *cron.* @@xx.xxx.xxx.107:11514*
> *local7.* @@xx.xxx.xxx.107:11514*
> **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none
> @@xx.xxx.xxx.196:11514*
> *authpriv.* @@xx.xxx.xxx.196:11514*
> *auth.* @@xx.xxx.xxx.196:11514*
> *kern.* @@xx.xxx.xxx.196:11514*
> *mail.* @@xx.xxx.xxx.196:11514*
> *cron.* @@xx.xxx.xxx.196:11514*
> *local7.* @@xx.xxx.xxx.196:11514**$FileCreateMode 0640*
According to my configuration at max one client can make 7 connection to
each of the two rsyslog servers, however in every one or two days i see
that some of my connection goes into CLOSE_WAIT state and does not come
back to ESTABLISHED STATE, when i check at server side the connection
would have been already closed by the server but at client side it still
shows CLOSE_WAIT, this state only gets cleared when the service at client
side is restarted, I could not figure out the root cause of this issue, can
you help?
This is output of ss command from one of the client nodes:
> *[root@dell-fcap01 ~]$ ss -n4tp '( dport = :11514 )'*
> *State Recv-Q Send-Q Local
> Address:Port Peer
> Address:Port*
> *ESTAB 0 0
> xx.xxx.xxx.7:60270
> xx.xxx.xxx.107:11514*
> *CLOSE-WAIT 1 0
> xx.xxx.xxx:34486
> xx.xxx.xxx.196:11514*
> *ESTAB 0 7185
> xx.xxx.xxx:34526
> xx.xxx.xxx.196:11514*
> *ESTAB 0 0
> xx.xxx.xxx.7:60268
> xx.xxx.xxx.107:11514*
> *ESTAB 0 0
> xx.xxx.xxx:34532
> xx.xxx.xxx.196:11514*
> *CLOSE-WAIT 1 0
> xx.xxx.xxx.7:59642
> xx.xxx.xxx.107:11514*
> *ESTAB 0 1403
> xx.xxx.xxx.7:60266
> xx.xxx.xxx.107:11514*
> *ESTAB 0 3661
> xx.xxx.xxx:34528
> xx.xxx.xxx.196:11514*
> *ESTAB 0 35163
> xx.xxx.xxx.7:60254
> xx.xxx.xxx.107:11514**ESTAB 0 0
> xx.xxx.xxx:34524
> xx.xxx.xxx.196:11514 *
Regards,
*PRATIK RANA*
*Software Engineer*
*NEC Technologies India*
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.