Hi,
We have several central syslog servers, and we are on the process of
enabling TLS for all syslog clients, we started in one of our less
populated regions with just QA hosts, and as soon as we enabled TLS for
all QA hosts (350) we started observing in the central syslog server
this error:
rsyslogd: too many tcp sessions - dropping incoming request
[v8.2102.0-13.el8 try https://www.rsyslog.com/e/2079 ]
I then did some tests in our lab and see this behavior:
for syslog001 - imtcp (TLS)
from client1 i used loggen to simulate 1000 connections
loggen -U -P -r 1 -I 300 --active-connections=1000 syslog001 6514
and started to see right away the "too many tcp sessions" on the
syslog001
also watch -n5 "netstat -an | grep ip_client1 | wc -l" showed
constantly 194 connections
for syslog002 - imtcp (plain text)
from client1 i used loggen to simulate 1000 connections
loggen -S -P -r 1 -I 300 --active-connections=1000 syslog002 514
no "too many tcp sessions" messages on the syslog002
and watch -n5 "netstat -an | grep ip_client1 | wc -l" showed
constantly 1000 connections
Seems imtcp in TLS mode enforces the MaxSessions and in plaintext doesn't?
If i want to enable TLS in our most populated region which has +/- 13000
hosts, do i need to set MaxSessions to a value bigger the 13000 ?
Best regards.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
