Jason, thank you for the report. We have a similar issue open:
https://github.com/Graylog2/graylog2-server/issues/1105 We haven't been able to reproduce this. I will try again with your setup. Can you send us the syslog-ng configuration snippet for Graylog? That would be helpful. Thanks, Bernd Jason Haar [Tue, Jul 28, 2015 at 07:37:54PM -0700] wrote: >Hi there > >I'm using syslog-ng to feed in data via a syslog/TCP channel and it's >continually (every 10 seconds) dropping the TCP channel - forcing syslog-ng >to restart it > >2015-07-29T02:26:31+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection broken; fd='408', server='AF_INET(192.168.6.3:1514)', >time_reopen='10' >2015-07-29T02:26:41+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection established; fd='465', >server='AF_INET(192.168.6.3:1514)', local='AF_INET(0.0.0.0:0)' >2015-07-29T02:26:41+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection broken; fd='465', server='AF_INET(192.168.6.3:1514)', >time_reopen='10' >2015-07-29T02:26:51+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection established; fd='379', >server='AF_INET(192.168.6.3:1514)', local='AF_INET(0.0.0.0:0)' >2015-07-29T02:26:51+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection broken; fd='379', server='AF_INET(192.168.6.3:1514)', >time_reopen='10' >2015-07-29T02:27:01+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection established; fd='476', >server='AF_INET(192.168.6.3:1514)', local='AF_INET(0.0.0.0:0)' >2015-07-29T02:27:02+00:00 syslog.server syslog notice syslog-ng[30512]: >Syslog connection broken; fd='476', server='AF_INET(192.168.6.3:1514)', >time_reopen='10' > > >tcpdump shows normal data flow followed by two TCP resets coming back from >the graylog-1.1.5 server - so it's definitely graylog that's borking. > >BTW, this system *is working*: I'm seeing these syslogs flowing in - can do >searches/etc - but I assume I'm losing some records due to this issue. I >even created a xinetd.d based tcp service on the graylog server that just >logged what it received to a file, configured the syslog server to send to >both tcp channels - and it's running fine with no restarts (ie tcpdump of >both ports only shows TCP resets on the graylog port not the xinetd port). >So I think that implies it isn't the OS (CentOS-7) > >Whatever the root cause is should be logged somewhere - can someone point >out to me how the debug this? > >Thanks > >Jason > >-- >You received this message because you are subscribed to the Google Groups >"graylog2" group. >To unsubscribe from this group and stop receiving emails from it, send an >email to [email protected]. >For more options, visit https://groups.google.com/d/optout. -- Developer Tel.: +49 (0)40 609 452 077 Fax.: +49 (0)40 609 452 078 TORCH GmbH - A Graylog company Steckelhörn 11 20457 Hamburg Germany Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 Geschäftsführer: Lennart Koopmann (CEO) -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
