Skip to content
Snippets Groups Projects
Commit 3a677acb authored by Thomas Bellman's avatar Thomas Bellman
Browse files

Enable TCP keepalives on server TCP sockets. 

If a syslog client crashes or reboots, the syslog server would never
notice that the TCP connection from the client has gone away, as it
has no time-out for not receiving any messages from the client, and
the server never sends any data *to* the client .  Those TCP connec-
tions will thus stay forever, or at least until the *server* restarts.
When the client boots again, it will just make a new TCP connection to
the server, and over time the server will accrue more and more TCP
connections.

Note that this happens even for controlled reboots of the client, as
the client network is typically brought down before the syslog daemon
is shut down, and the TCP FIN segments are never actually sent to the
server.

This has not been a practical problem for us at NSC, as we only have a
couple of hundred clients, and have set the limit for TCP sessions to
4096.  There would thus need to be a *lot* of client reboots, with no
server restart during that time, before we would hit the limit.  But
it is good hygiene to avoid this if we can anyway.  So do that, by
enabling TCP keepalives for the imtcp and imrelp input modules.  This
will make the server notice when the client is dead or has rebooted,
and will then close those dead TCP connections.

With the default settings of TCP keepalives in Linux, it can take
about 2 hours 12 minutes before the server detects that the client
has died.  This should be good enough for us, so we don't set any
more or less aggressive settings.
parent c5ccbd68
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
templates/rsyslog-el7.conf-logserver.erb
+ 7
2
View file @ 3a677acb
......@@ -189,7 +189,10 @@ module(load="imjournal" StateFile="imjournal.state")
## module(load="imklog") # Kernel messages comes via systemd journal
module(load="imuxsock")
module(load="imudp")
module(load="imtcp" maxSessions="4096") # Sync with $MaxOpenFiles
module(load="imtcp"
maxSessions="4096" # Sync with $MaxOpenFiles
KeepAlive="on" # GC sockets to dead/rebooted clients
)
## input(type="imjournal") # imjournal does not need input()
## input(type="imklog") # imklog does not need input()
......@@ -197,7 +200,9 @@ input(type="imudp" port="514")
input(type="imtcp" port="514") # syslog port
<% if @relp_port.to_i > 0 -%>
module(load="imrelp") # Reliable Event Logging Protocol
module(load="imrelp" # Reliable Event Logging Protocol
KeepAlive="on" # GC sockets to dead/rebooted clients
)
input(type="imrelp" port="<%= @relp_port %>")
<% end -%>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment