来自同一syslog ng客户端的多个tcp连接_Tcp_Rsyslog_Syslog Ng

来自同一syslog ng客户端的多个tcp连接

tcp

来自同一syslog ng客户端的多个tcp连接,tcp,rsyslog,syslog-ng,Tcp,Rsyslog,Syslog Ng,我们有一个带有多个rsyslog客户端的syslog ng服务器。随着时间的推移，它们中的一些会打开很多到服务器的客户端连接，而不仅仅是一个TCP连接。从客户机的角度来看，netstat只显示一个连接，但从服务器端来看，netstat显示了同一客户机的多个连接有人有过类似的pb吗？那会是什么服务器配置： @version:3.2 # syslog-ng configuration file. # # This should behave pretty much like the origi

我们有一个带有多个rsyslog客户端的syslog ng服务器。随着时间的推移，它们中的一些会打开很多到服务器的客户端连接，而不仅仅是一个TCP连接。从客户机的角度来看，netstat只显示一个连接，但从服务器端来看，netstat显示了同一客户机的多个连接

有人有过类似的pb吗？那会是什么

服务器配置：

@version:3.2

# syslog-ng configuration file.
#
# This should behave pretty much like the original syslog on RedHat. But
# it could be configured a lot smarter.
#
# See syslog-ng(8) and syslog-ng.conf(5) for more information.
#

options {
        time_reopen (10);
        long_hostnames (off);
        use_dns (no);
        use_fqdn (no);
        create_dirs (no);
        keep_hostname (no);
        stats-freq (3600);
};

source s_sys {
        file ("/proc/kmsg" program_override("kernel: "));
        unix-stream ("/dev/log");
        internal();
};

source s_network {
        tcp(ip(serverIP) port(601) max-connections(100) log-fetch-limit(100) log-iw-size(10000));
};


#FROM REMOTE CLIENTS 
destination d_clients { file("/var/log/messages_${HOST}" perm(0644)); };

template log2db {
        template("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n");
        template_escape(no);
};
destination go2db {
        program( "/usr/bin/mysql -u myusername --password=mypass mybddname -Bs > /dev/null"
                template(log2db) log_fifo_size(30000) flush_lines (100));
};


log { source(s_network); destination(d_clients); };
log { source(s_network); destination(go2db); flags(flow-control); };

客户端配置：

# rsyslog v5 configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imklog   # provides kernel logging support (previously done by rklogd)
$ModLoad immark  # provides --MARK-- message capability

#### GLOBAL DIRECTIVES ####

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

$MarkMessagePeriod 3600
$preserveFQDN on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

*.*;cron.none;cron.warning @@serverIP:601

谢谢，

可能是客户端的多线程。您能再详细一点吗？