stunnel connection retries flooding the firewall
Kenneth Holter
kenneho.ndu at gmail.com
Wed Jun 10 12:13:42 UTC 2009
Hi all.
We're using stunnel to transport syslog messages from clients to a central
log host. During a problem with our firewall, in which the clients lost
connection with the log host, I discovered that the syslog clients never
seemed to give up trying to contact the log host. This resultet in an
enormous amount of connection retires. I'm not sure if this is a feature of
TLS or TCP, but if I remember correctly TCP gives up after seven retries.
Now I'm worried about what will happen when I bring down the log host for
maintenace - will the clients flood the firewalls causing general network
problems? I figure I'll need to reduce the retry interval or take some other
measures.
I anyone know how to go about dealing with this issue I'd greatly appreciate
some hints.
Regards,
Kenneth Holter
More information about the redhat-list
mailing list