I have Graylog 4.2.1+5442e44 .
Cluster with 5 servers when 2 servers used as “probes” only this servers collect data from agents and pushing to elastic.
Servers have Operating System: CentOS Linux 8
I monitoring open files number on servers (lsof -u graylog) ,and when it cross 20K graylog start to make problems.
Problem is user graylog configurate as nologin user in paswd.
So I thinking configuration in /etc/security/limits.conf on server not really help.
We can’t check it becase can’t connect as user graylog
somebody encounteredwith this problem?
I still don’t understand the problem and i don’t know the problem.
But, the graylog user has no shell.
If you want to become the Graylog user login, you must set a shell. (only for testing not for a productive environment!)
root@siem:~# chsh -s /bin/bash graylog root@siem:~# su graylog graylog@siem:/root$ id uid=111(graylog) gid=117(graylog) groups=117(graylog)
“lsof” shows more than just open files. It also counts network connections.
On ubuntu, the following line can be added to
/etc/sysctl.conf to increase the open files limit :
fs.file-max = 65535
To apply the above limit immediately, use the following command :
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.