# [SOLVED] syslog-ng and max number of connections

## SoylentGreen

since i updated to syslog-ng 2.0.4 i see the following in my syslog:

```

syslog-ng[8827]: Number of allowed concurrent connections exceeded; num='10', max='10'

```

i am using the syslog from the gentoo wiki. infact of the above error, my last service does not start (webmin in my case).

i do not think this is a bug, but i guess i have to set the max number of connection somewhere in he syslog.conf? where?

any hints?Last edited by SoylentGreen on Wed May 23, 2007 12:27 pm; edited 1 time in total

----------

## think4urs11

max-connections() has a default of 10 and is an option to the source object; e.g. source s_stream { unix-stream("/dev/log" max-connections(20)); };

----------

## SoylentGreen

ah, thx. this isnt in the manpage..

should i change

```

source src { unix-stream("/dev/log"); internal(); };

```

to

```

source src { unix-stream("/dev/log"); max-connections(20); };

```

 :Shocked: 

or is the "internal" important?

ps: i guess the extra closing bracket "(20))" is a typo?

//edit: hmm, no, i get syntax errors then ;(

heres my conf:

```

# /etc/syslog-ng/syslog-ng.conf

# From the Gentoo Linux Security Guide

# http://www.gentoo.org/doc/en/gentoo-security.xml

# Creative Commons - Attribution / Share Alike License

# http://creativecommons.org/licenses/by-sa/2.0

options {

long_hostnames(off);

sync(0);

stats(43200);

};

#source where to read log

source src { unix-stream("/dev/log"); internal(); };

source kernsrc { file("/proc/kmsg"); };

#define destinations

destination authlog { file("/var/log/auth.log"); };

destination syslog { file("/var/log/syslog"); };

destination cron { file("/var/log/cron.log"); };

destination daemon { file("/var/log/daemon.log"); };

destination kern { file("/var/log/kern.log"); };

destination lpr { file("/var/log/lpr.log"); };

destination user { file("/var/log/user.log"); };

# Should be maillog (Without dot) as it was the default on logwatch

destination mail { file("/var/log/maillog"); };

destination mailinfo { file("/var/log/mail.info"); };

destination mailwarn { file("/var/log/mail.warn"); };

destination mailerr { file("/var/log/mail.err"); };

destination newscrit { file("/var/log/news/news.crit"); };

destination newserr { file("/var/log/news/news.err"); };

destination newsnotice { file("/var/log/news/news.notice"); };

destination debug { file("/var/log/debug"); };

destination messages { file("/var/log/messages"); };

destination console { usertty("root"); };

destination console_all { file("/dev/tty12"); };

destination xconsole { pipe("/dev/xconsole"); };

#create filters

filter f_auth { facility(auth); };

filter f_authpriv { facility(auth, authpriv); };

filter f_syslog { not facility(authpriv, mail); };

filter f_cron { facility(cron); };

filter f_daemon { facility(daemon); };

filter f_kern { facility(kern); };

filter f_lpr { facility(lpr); };

filter f_mail { facility(mail); };

filter f_user { facility(user); };

filter f_debug { not facility(auth, authpriv, news, mail); };

filter f_messages { level(info..warn)

    and not facility(auth, authpriv, mail, news); };

    filter f_emergency { level(emerg); };

    filter f_info { level(info); };

    filter f_notice { level(notice); };

    filter f_warn { level(warn); };

    filter f_crit { level(crit); };

    filter f_err { level(err); };

    filter f_failed { match("failed"); };

    filter f_denied { match("denied"); };

    #connect filter and destination

    log { source(src); filter(f_authpriv); destination(authlog); };

    log { source(src); filter(f_syslog); destination(syslog); };

    log { source(src); filter(f_cron); destination(cron); };

    log { source(src); filter(f_daemon); destination(daemon); };

    log { source(kernsrc); filter(f_kern); destination(kern); };

    log { source(src); filter(f_lpr); destination(lpr); };

    log { source(src); filter(f_mail); destination(mail); };

    log { source(src); filter(f_user); destination(user); };

    log { source(src); filter(f_mail); filter(f_info); destination(mailinfo); };

    log { source(src); filter(f_mail); filter(f_warn); destination(mailwarn); };

    log { source(src); filter(f_mail); filter(f_err); destination(mailerr); };

   log { source(src); filter(f_debug); destination(debug); };

    log { source(src); filter(f_messages); destination(messages); };

    log { source(src); filter(f_emergency); destination(console); };

    #default log

    log { source(src); destination(console_all); };

```

----------

## think4urs11

 *SoylentGreen wrote:*   

> ah, thx. this isnt in the manpage..
> 
> should i change
> 
> ```
> ...

 

Read more exact  :Wink: 

change 

```
source src { unix-stream("/dev/log"); internal(); };
```

 to 

```
source src { unix-stream("/dev/log") max-connections(20); internal(); };
```

about the ps - no it isn't; it is an option to unix-stream, *not* to s_stream

everything taken from original documentation

----------

## SoylentGreen

well, if i change like you suggested i get the syntax error i mentioned.

```

syntax error at 15

 * Configuration error. Please fix your configfile (/etc/syslog-ng/syslog-ng.conf)  

```

line 15 is the line you suggested.

----------

## think4urs11

are you sure 2.04 is running and not the older 1.6? (syslog-ng -V)

about the documentation: http://www.balabit.com/dl/white_papers/syslog_admin_guide_en.pdf, Page 48

----------

## SoylentGreen

yes, 2.0.4 is running and the only one installed, but it doesnt like the line you suggested.

hmm..

will have a look at the pdf now..

hmm, it doesnt like max_connections in my options section either (like this):

```

options {

long_hostnames(off);

sync(0);

stats(43200);

max_connections(20);

};

```

 :Shocked: 

pretty odd, redarding to the pdf it should work.

are you using 2.0.,4 as well, and it works for you?

----------

## SoylentGreen

well, i read:

```

2.0.4

        Mon, 14 May 2007 11:47:48 +0200

        IMPORTANT NOTES:

        * This version of syslog-ng fixes a bug in enforcing the

          max-connections() limit for various stream-like sources

          (unix-stream and tcp). Previously this limit was not enforced,

          thus production environments may use an inadequate value.

          Validate your max-connection() settings before upgrading

          and check your logs for rejected connections.

```

so there must have changed something. i'll emerge 2.03 to see if this is perhaps a bug?

//edit: doesnt work using 2.03 either   :Shocked: 

----------

## think4urs11

got it ... the documentation has a bug!

It must read as max-connections, not max_connections, e.g. source src { unix-stream("/dev/log" max-connections(20)); internal(); pipe("/proc/kmsg"); };

tested and working on a testbox with 2.04

----------

## SoylentGreen

duh! good shot   :Laughing: 

well, a real PIA they sometimes use "_" and sometimes "-" in the very same config file  :Twisted Evil: 

```
source src { unix-stream("/dev/log" max-connections(20)); internal(); pipe("/proc/kmsg"); }; 
```

does the trick (with or without using kmsg). i just copy&pasted it, worked  :Very Happy: 

//edit: btw, the docu contains both, max-connections *and* max_connections. looks like they good pretty confused themself?   :Laughing: 

----------

