You are not logged in.
For some reason the normal syslog-ng.conf file contains a section like this:
source src {
unix-stream("/dev/log");
internal();
pipe("/proc/kmsg");
};
Which can result in the error is you have a busy server on Syslog-ng 2.04 and above.
Modifying that section to read lik this:
source src {
unix-stream("/dev/log" max-connections(20));
internal();
pipe("/proc/kmsg");
};
Fixes the problem
I hope that helps people.
Kind regards
Benedict White
Offline
thank you so much, i couldn't find what was wrong. now, i dont quite understand: what do you mean with "if you have a busy server"
what are those 10 connections?
Offline
This is the number of applications that print to the syslog simultaneously. Although the option makes sense, the default value (10) is too low for virtually everyone.
Offline
ok, i get it now. once more, thank you .
Offline
Hello,
for those that like me met the same error but for TCP sources while not having more than 10 remote hosts over the network, a better solution is to activate the so_keepalive on the syslog-ng server, to avoid having 2, 3 or more opened sockets to a given host, one been created after each host reboot or the like:
source s_lan {
tcp(ip(1.2.3.4)
port(514)
so_keepalive(yes)
);
};
I just do not understand why so_keepalive is not activated by default, as it really makes sens to have it on any TCP sessions!
Of course, if you have more than 10 hosts you can both use so_keepalive and tune max-connections
source s_lan {
tcp(ip(1.2.3.4)
port(514)
max-connections(50)
so_keepalive(yes)
);
};
Cheers,
Edrusb.
Offline