Hi there.
One of my rsyslog servers (getting input from many sources) started
segfaulting. Since there were no changes introduced recently to the
configuration I have to assume that it's an issue with "the surroundings".
What is interesting is that the segfault logs seem to be accompanied in
dmesg by warnings of "Possible SYN flooding".
Like, for example:
[Thu Aug 12 14:08:57 2021] rs:worker-relp-[19563]: segfault at 30 ip
00005627e4ead2f1 sp 00007f10477fdad0 error 4 in rsyslogd[5627e4e54000+a2000]
[Thu Aug 12 14:11:21 2021] TCP: request_sock_TCP: Possible SYN flooding
on port 514. Sending cookies. Check SNMP counters.
As you can see, it's not strictly connected (like a second after second)
but it usually occurs in within a few minutes around one another.
I raised net.core.somaxconn and net.ipv4.tcp_max_syn_backlog from the
default values so we'll see if it helps.
But has anyone encountered something similar? Might it be that it can be
caused by too many connections from sources?
Regards,
MK
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
One of my rsyslog servers (getting input from many sources) started
segfaulting. Since there were no changes introduced recently to the
configuration I have to assume that it's an issue with "the surroundings".
What is interesting is that the segfault logs seem to be accompanied in
dmesg by warnings of "Possible SYN flooding".
Like, for example:
[Thu Aug 12 14:08:57 2021] rs:worker-relp-[19563]: segfault at 30 ip
00005627e4ead2f1 sp 00007f10477fdad0 error 4 in rsyslogd[5627e4e54000+a2000]
[Thu Aug 12 14:11:21 2021] TCP: request_sock_TCP: Possible SYN flooding
on port 514. Sending cookies. Check SNMP counters.
As you can see, it's not strictly connected (like a second after second)
but it usually occurs in within a few minutes around one another.
I raised net.core.somaxconn and net.ipv4.tcp_max_syn_backlog from the
default values so we'll see if it helps.
But has anyone encountered something similar? Might it be that it can be
caused by too many connections from sources?
Regards,
MK
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.