-
Title
Syslog-ng PE Not Receiving Connections; Number of allowed concurrent connections reached, rejecting connection -
Description
Hosts sending logs to Syslog-ng PE cannot connect and are not able to send logs. -
Cause
Cause 1. The number of active connections has reached the source's max-connections() limit.
By default Syslog-ng PE has a max connections allowed of 10 concurrent connections.Cause 2. Syslog-ng keeps registered connections, that were closed by the clients during flow-control was active and syslog-ng stopped reading and updating the source connections.
-
Resolution
Resolution - Cause 1
In the sources section of the Syslog-ng PE configuration file (syslog-ng.conf) set the option max-connections(n) to a number large enough to fit all clients sending logs to that source. See example source configuration below where max-connections(n) has been substituted for 300.
source s_localhost { network( ip(127.0.0.1) port(1999) transport("tcp") max-connections(300) ); };Resolution - Cause 2
The flow-control was activated because of an inaccessible destination.
The problem can be fixed by making available the remote destination.
To do that, you have to check the root cause of the connection issue, that can be different, for example- a connectivity issue because of networking (network outage, firewall etc.)
- the application at the remote server has an issue and cannot accept logs
If the remote destination was stopped on purpose, remove it from the logpathes in syslog-ng-conf, then restart syslog-ng.