Question:
I am seeing the following errors reported within the collector.log file. What do these mean?
2017-10-03 13:22:09,366 -0400 [Thread-293021] ERROR com.sumologic.scala.collector.input.syslog.EventInput - Received event: Exception. server com.sumologic.scala.collector.input.syslog.TCPSyslogServer@79cf98f2, socketAddress xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx:xxxx
java.net.SocketTimeoutException: Read timed out
Answer:
These errors may be seen when using a TCP Syslog Source and where a sending client does not properly close its connection after sending a syslog message. In order to help prevent abandoned sockets from accumulating on a host, The Sumo Logic Collector will timeout and close a TCP Syslog connection if it has detected that connection as being idle for longer than 120 seconds.
If your Syslog client is opening a persistent connection AND you expect it will not send message data at a rate less than 120 seconds you may increase this timeout setting via the following Collector property in order to keep these connections open for a longer period of time.
NOTE: This option is only supported for Collector versions 19.209-5 or higher.
- Navigate to the Sumo Logic Collector installation directory on your host.
- Stop the current running Collector process using the following command(s)
Linux:
$ sudo ./collector stop
Windows:
Open Windows Service Manager and Stop the Sumo Logic Collector service - Open the following Collector configuration file for edit.
/<collector_installation_directory>/config/collector.properties - Add the following line to the end of the collector.properties file, where the provided value will be the new timeout interval in milliseconds. (ex. 5 minutes = 300000)
tcp.syslog.server.socket.timeout.ms =300000 - Save the collector.properties file.
- Restart the Collector process or service.
Linux:
$ sudo ./collector start
Windows:
Open Windows Service Manager and Start the Sumo Logic Collector service.
Comments
0 comments
Please sign in to leave a comment.