Discussion:
[syslog-ng] max-connections(1000)
Josu Lazkano
2011-07-15 11:07:35 UTC
Permalink
Hello list, this morning I had some problems with my syslog system I am adding lots of server to send TCP logs to the syslog-ng server. But there are not on the server.

After readingon the web, I notice that there is a max-connections parameter on the TCP. So I fix to 50. With this there are more logs, then I added 100 and there more.

So I fix it to 1000:

source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" log_prefix("kernel: "));
tcp(max-connections(1000));
};

Is this a good idea?

How can I check if this is a good maximum connection value?

Thanks for all your help and best regards.
Gergely Nagy
2011-07-15 11:46:30 UTC
Permalink
Post by Josu Lazkano
Hello list, this morning I had some problems with my syslog system I am adding lots of server to send TCP logs to the syslog-ng server. But there are not on the server.
After readingon the web, I notice that there is a max-connections parameter on the TCP. So I fix to 50. With this there are more logs, then I added 100 and there more.
source s_all {
internal();
unix-stream("/dev/log");
file("/proc/kmsg" log_prefix("kernel: "));
tcp(max-connections(1000));
};
Is this a good idea?
How can I check if this is a good maximum connection value?
The kernel-imposed limit is that each connection and each destination is
a separate file descriptor, and the number of open file descriptors /
process is usually limited.

On most Linux systems, that is 1024. The total number of open files and
TCP connections therefore is limited to 1024.

However, this limit can also be raised, using ulimit (and perhaps poking
into various configuration files, such as /etc/security/limits.conf).
--
|8]
Daniel Maher
2011-07-18 13:25:33 UTC
Permalink
Post by Gergely Nagy
However, this limit can also be raised, using ulimit (and perhaps poking
into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is
configured to use it, and the session is spawned by something that uses
PAM; in general, things started by init.d at boot-time do not meet that
criteria.

Just fyi. :)
--
Daniel Maher
« makin' plans now to live on Mars 'cuz I got Earth on lock. »
Gergely Nagy
2011-07-18 13:27:49 UTC
Permalink
Post by Daniel Maher
Post by Gergely Nagy
However, this limit can also be raised, using ulimit (and perhaps poking
into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is
configured to use it, and the session is spawned by something that uses
PAM; in general, things started by init.d at boot-time do not meet that
criteria.
Yep, that's why I mentioned it in brackets only, and suggested ulimit as
the primary means of achieving the goal ;)
--
|8]
Josu Lazkano
2011-07-18 13:33:31 UTC
Permalink
Hello, thanks for your help.

I check my syslog file and this is what I get with max-connections(10):

Jul 15 12:54:17 ***@logserver syslog-ng[20780]: Number of allowed concurrent connections exceeded; num='10', max='10'

I just change to max-connections(500) and it works great.

I will read more about ulimit option.

Best regards.

-----Mensaje original-----
De: syslog-ng-***@lists.balabit.hu [mailto:syslog-ng-***@lists.balabit.hu] En nombre de Gergely Nagy
Enviado el: lunes, 18 de julio de 2011 15:28
Para: Syslog-ng users' and developers' mailing list
Asunto: Re: [syslog-ng] max-connections(1000)
Post by Daniel Maher
Post by Gergely Nagy
However, this limit can also be raised, using ulimit (and perhaps poking
into various configuration files, such as /etc/security/limits.conf).
It may be worth noting that limits.conf is only respected if PAM is
configured to use it, and the session is spawned by something that uses
PAM; in general, things started by init.d at boot-time do not meet that
criteria.
Yep, that's why I mentioned it in brackets only, and suggested ulimit as
the primary means of achieving the goal ;)
--
|8]

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
Balazs Scheidler
2011-07-20 11:06:27 UTC
Permalink
Post by Josu Lazkano
Hello, thanks for your help.
I just change to max-connections(500) and it works great.
I will read more about ulimit option.
there's also --fd-limit command line option for syslog-ng to make it
easier to increase.
--
Bazsi
Loading...