I've a 400 rsyslog-4.4.2-1.fc12.i686 clients connecting to a 4.6.2-1 server on debian. Eventually the server exhausts it's connections as there are multiple connections from each client.
Taking 1 client in particular: server# lsof -n [email protected] COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME rsyslogd 29775 root 325u IPv4 81017793 TCP 10.132.253.51:shell->10.132.8.1:33554 (ESTABLISHED) rsyslogd 29775 root 515u IPv4 81085917 TCP 10.132.253.51:shell->10.132.8.1:42570 (ESTABLISHED) rsyslogd 29775 root 531u IPv4 81187589 TCP 10.132.253.51:shell->10.132.8.1:52954 (ESTABLISHED) rsyslogd 29775 root 568u IPv4 81263960 TCP 10.132.253.51:shell->10.132.8.1:58950 (ESTABLISHED) rsyslogd 29775 root 570u IPv4 81275186 TCP 10.132.253.51:shell->10.132.8.1:45307 (ESTABLISHED) rsyslogd 29775 root 573u IPv4 81300023 TCP 10.132.253.51:shell->10.132.8.1:49261 (ESTABLISHED) rsyslogd 29775 root 574u IPv4 81412888 TCP 10.132.253.51:shell->10.132.8.1:44849 (ESTABLISHED) rsyslogd 29775 root 588u IPv4 81503100 TCP 10.132.253.51:shell->10.132.8.1:51290 (ESTABLISHED) rsyslogd 29775 root 591u IPv4 81559427 TCP 10.132.253.51:shell->10.132.8.1:55079 (ESTABLISHED) rsyslogd 29775 root 593u IPv4 81593574 TCP 10.132.253.51:shell->10.132.8.1:51555 (ESTABLISHED) rsyslogd 29775 root 595u IPv4 81624236 TCP 10.132.253.51:shell->10.132.8.1:42867 (ESTABLISHED) rsyslogd 29775 root 599u IPv4 81631713 TCP 10.132.253.51:shell->10.132.8.1:39681 (ESTABLISHED) rsyslogd 29775 root 601u IPv4 81641244 TCP 10.132.253.51:shell->10.132.8.1:46118 (ESTABLISHED) rsyslogd 29775 root 603u IPv4 82260661 TCP 10.132.253.51:shell->10.132.8.1:51732 (ESTABLISHED) rsyslogd 29775 root 684u IPv4 84358985 TCP 10.132.253.51:shell->10.132.8.1:51261 (ESTABLISHED) rsyslogd 29775 root 699u IPv4 84499197 TCP 10.132.253.51:shell->10.132.8.1:39875 (ESTABLISHED) rsyslogd 29775 root 701u IPv4 84557429 TCP 10.132.253.51:shell->10.132.8.1:56892 (ESTABLISHED) rsyslogd 29775 root 714u IPv4 86973034 TCP 10.132.253.51:shell->10.132.8.1:47320 (ESTABLISHED) rsyslogd 29775 root 823u IPv4 88591917 TCP 10.132.253.51:shell->10.132.8.1:47729 (ESTABLISHED) rsyslogd 29775 root 999u IPv4 90314222 TCP 10.132.253.51:shell->10.132.8.1:34290 (ESTABLISHED) rsyslogd 29775 root 1003u IPv4 125443032 TCP 10.132.253.51:shell->10.132.8.1:46721 (ESTABLISHED) server# ssh 10.132.8.1 lsof -n -i :514 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rsyslogd 1595 root 8u IPv4 59789 0t0 TCP 10.132.8.1:45219->10.132.253.51:shell (ESTABLISHED) So you can see that the client has only 1 connection open, while the server has many. Could the server be changed to close connections old connections to a particular IP? I guess that would have issues for NATing, or perhaps the server could just timeout the TCP connections after a period of inactivity? Any ideas appreciated. cheers, Pádraig. For my own reference, these seem closely related: http://kb.monitorware.com/post5056.html http://bugzilla.adiscon.com/show_bug.cgi?id=190 _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
