Hi All, I am forwarding rsyslog messages from my client node to two rsyslog remote servers, the following is the contents of my rsyslog.conf file:
> > > *$ModLoad imfile* > *$ModLoad imuxsock # provides support for local system logging (e.g. via > logger command)* > *$ModLoad imjournal # provides access to the systemd journal* > *$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/ca.pem* > *$DefaultNetstreamDriver gtls* > *$ActionSendStreamDriverAuthMode anon* > *$ActionSendStreamDriverMode 1* > *$WorkDirectory /var/lib/rsyslog* > *$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat* > *$IncludeConfig /etc/rsyslog.d/*.conf* > *$OmitLocalLogging on* > *$IMJournalStateFile imjournal.state* > **.info;mail.none;authpriv.none;cron.none /var/log/messages* > *authpriv.* /var/log/secure* > *mail.* -/var/log/maillog* > *cron.* /var/log/cron* > **.emerg :omusrmsg:** > *uucp,news.crit /var/log/spooler* > *local7.* /var/log/boot.log* > **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none > @@xx.xxx.xxx.107:11514* > *authpriv.* @@xx.xxx.xxx.107:11514* > *auth.* /var/log/audit/audit.log* > *auth.* @@xx.xxx.xxx.107:11514* > *kern.* @@xx.xxx.xxx.107:11514* > *mail.* @@xx.xxx.xxx.107:11514* > *cron.* @@xx.xxx.xxx.107:11514* > *local7.* @@xx.xxx.xxx.107:11514* > **.info;mail.none;authpriv.none;cron.none;auth.none;kern.none;local7.none > @@xx.xxx.xxx.196:11514* > *authpriv.* @@xx.xxx.xxx.196:11514* > *auth.* @@xx.xxx.xxx.196:11514* > *kern.* @@xx.xxx.xxx.196:11514* > *mail.* @@xx.xxx.xxx.196:11514* > *cron.* @@xx.xxx.xxx.196:11514* > *local7.* @@xx.xxx.xxx.196:11514**$FileCreateMode 0640* According to my configuration at max one client can make 7 connection to each of the two rsyslog servers, however in every one or two days i see that some of my connection goes into CLOSE_WAIT state and does not come back to ESTABLISHED STATE, when i check at server side the connection would have been already closed by the server but at client side it still shows CLOSE_WAIT, this state only gets cleared when the service at client side is restarted, I could not figure out the root cause of this issue, can you help? This is output of ss command from one of the client nodes: > *[root@dell-fcap01 ~]$ ss -n4tp '( dport = :11514 )'* > *State Recv-Q Send-Q Local > Address:Port Peer > Address:Port* > *ESTAB 0 0 > xx.xxx.xxx.7:60270 > xx.xxx.xxx.107:11514* > *CLOSE-WAIT 1 0 > xx.xxx.xxx:34486 > xx.xxx.xxx.196:11514* > *ESTAB 0 7185 > xx.xxx.xxx:34526 > xx.xxx.xxx.196:11514* > *ESTAB 0 0 > xx.xxx.xxx.7:60268 > xx.xxx.xxx.107:11514* > *ESTAB 0 0 > xx.xxx.xxx:34532 > xx.xxx.xxx.196:11514* > *CLOSE-WAIT 1 0 > xx.xxx.xxx.7:59642 > xx.xxx.xxx.107:11514* > *ESTAB 0 1403 > xx.xxx.xxx.7:60266 > xx.xxx.xxx.107:11514* > *ESTAB 0 3661 > xx.xxx.xxx:34528 > xx.xxx.xxx.196:11514* > *ESTAB 0 35163 > xx.xxx.xxx.7:60254 > xx.xxx.xxx.107:11514**ESTAB 0 0 > xx.xxx.xxx:34524 > xx.xxx.xxx.196:11514 * Regards, *PRATIK RANA* *Software Engineer* *NEC Technologies India* _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
