How to increase open files limit (nofiles) for user graylog on linux server

Hi,
I have Graylog 4.2.1+5442e44 .
Cluster with 5 servers when 2 servers used as “probes” only this servers collect data from agents and pushing to elastic.
Servers have Operating System: CentOS Linux 8
I monitoring open files number on servers (lsof -u graylog) ,and when it cross 20K graylog start to make problems.
Problem is user graylog configurate as nologin user in paswd.
So I thinking configuration in /etc/security/limits.conf on server not really help.
We can’t check it becase can’t connect as user graylog
somebody encounteredwith this problem?

Hey @vpolizki,

I still don’t understand the problem and i don’t know the problem.
But, the graylog user has no shell.
If you want to become the Graylog user login, you must set a shell. (only for testing not for a productive environment!)

root@siem:~# chsh -s /bin/bash graylog
root@siem:~# su graylog
graylog@siem:/root$ id
uid=111(graylog) gid=117(graylog) groups=117(graylog)

“lsof” shows more than just open files. It also counts network connections.

On ubuntu, the following line can be added to /etc/sysctl.conf to increase the open files limit :

fs.file-max = 65535

To apply the above limit immediately, use the following command :

sysctl -p

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.