Connection failed syslog errors

Question

I set up the F5 to send syslogs to logstash and I keep seeing these messages...
{
    "message": "&lt;43&gt;Mar 17 12:15:04 local/lb3 err syslog-ng[23508]: Connection failed; error='Connection refused (111)', time_reopen='60'",
    "@version": "1",
    "@timestamp": "2015-03-17T16:17:14.229Z",
    "host": "10.0.0.12:52838",
    "type": "syslog",
    "tags": [
        "_grokparsefailure"
    ],
    "syslog_severity_code": 5,
    "syslog_facility_code": 1,
    "syslog_facility": "user-level",
    "syslog_severity": "notice"
}

(Don't mind the _grokparsefailure, I am in the process of writing patterns to categorize the syslogs)
What are these errors and how do I trace them down to fix?

hannes_rapp · Answer

The interesting line is:&nbsp;
"err syslog-ng[23508]: Connection failed; error='Connection refused (111)', time_reopen='60'"&nbsp;
In my experience, the "connection refused" message indicates that the TCP SYN packet received it's intended destination, but the TCP socket was not established. This usually means one of two things - either the application supposed to listen on a given TCP port is not up and running, or the TCP destination port you have configured is incorrect.Recommend to use the Telnet tool to try and verify TCP connectivity: e.g. "telnet 10.0.0.12 Your-TCP-Port-Number"

Forum Discussion

Connection failed syslog errors

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

get_statistics method failing when trying to get current connection counts

remote SYSlog setup

F5 Connection Mirroring question

Rebalancing connections

DevCentral Connects hosts Capture the Flag!