We have been facing the same issue. It is related to "full buffer" for /dev/log device, which is used by sudo, PAM, SSH and other services to log authentication messages. The "unavailability" is caused by SSH not able to write to /dev/log. The same issue might appear with use of any other syslog server.
Peter On Tue, Mar 12, 2019 at 6:32 PM Ani Sinha via rsyslog < [email protected]> wrote: > Hi guys, > > We rsyslog 5.8 in our centOS 6 based systems and we have bumped into the > much discussed syslog issue where when log forwarding is enabled using tcp > and the remote server is unavailable, after some time, the ssh connection > to the host dies. I have been able to reproduce it and I believe the issue > arises from the 2 sec default timeout interval set for messages to wait > when the spooled queue (In-memory or disk or disk assisted) is completely > full. Restarting the rsyslog service promptly bring ssh connectivity back. > > I have also experimented with rsyslog7 on centOS 6 system and I do not see > the same issue. > > Can someone please throw some light as to what changed between rsyslog 5.8 > and rsyslog 7.10 that the issue has been fixed. Are there other issues > with rsyslog7 which I should be aware of? > > thanks > ani > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
