To keep the number of open TCP connections of the Log Auditing server under control, the SyslogView version 2.1.8 contains a control in the daily archiviation script, to check the number of currently open connections.
This issue could be found in particular situations, where SAFED or other Audit agents might send across a routing device from another network. If those connections are not closed properly, the number of pending connections grows, till reaching a limit of the server. Therefore this issue sould be considered in those situations and appear only in very specific situations.
This new version contains now a control of the number of open FH. If the number of suggested 1024 unclosed connections is exceeded, the HUP operation on the Rsyslog service, makes sure, to close not needed pending connections. An additional parameter ( -F ) in the check_neteye_logManager.sh verifies this conditions. This parameter is activated automatically in the SyslogView’s cron job, and alerts automatically into your NetEye monitoring environment.
An additional template of the rsyslog.conf configuration file is stored in the includes folder of the syslogview installation folder (/var/lib/neteye/syslogview/).