我们有一个带有几个rsyslog客户端的syslog-ng服务器。随着时间的推移,它们中的一些打开了许多客户端连接到服务器,而不是只有一个TCP连接。从客户端的角度来看,netstat只显示一个连接,但是从服务器端netstat显示了同一个客户端的几个连接。
有没有人有类似的pb?那可能是什么?
服务器配置:
@version:3.2
# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#
options {
time_reopen (10);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
keep_hostname (no);
stats-freq (3600);
};
source s_sys {
file ("/proc/kmsg" program_override("kernel: "));
unix-stream ("/dev/log");
internal();
};
source s_network {
tcp(ip(serverIP) port(601) max-connections(100) log-fetch-limit(100) log-iw-size(10000));
};
#FROM REMOTE CLIENTS
destination d_clients { file("/var/log/messages_${HOST}" perm(0644)); };
template log2db {
template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n");
template_escape(no);
};
destination go2db {
program( "/usr/bin/mysql -u myusername --password=mypass mybddname -Bs > /dev/null"
template(log2db) log_fifo_size(30000) flush_lines (100));
};
log { source(s_network); destination(d_clients); };
log { source(s_network); destination(go2db); flags(flow-control); };
客户conf:
# rsyslog v5 configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
$ModLoad immark # provides --MARK-- message capability
#### GLOBAL DIRECTIVES ####
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
$MarkMessagePeriod 3600
$preserveFQDN on
# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
*.*;cron.none;cron.warning @@serverIP:601
谢谢,