RSYSLOG 在临时(高)端口上侦听
我一直在互联网上浏览,试图找到这个问题的答案,但到目前为止,我只将其视为“正常”行为。
我有一台 fedora 29 主机,配置为通过默认 514 端口发送 rsyslog 消息。这正如预期的那样,并且已经持续了一段时间了。我有一个客户注意到主机会“监听”一个临时端口,该端口似乎会随着每次重新启动而改变:
ss -tulnp | grep 46852
udp UNCONN 1536 0 0.0.0.0:468520.0.0.0:* users:(("rsyslogd",pid=676,fd=15))
还有:
lsof -i :46852 -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 676 root 15u IPv4 24836 0t0 UDP *:46852
有人知道为什么 rsyslog 这样做吗?这似乎是默认行为,我并不担心它,因为端口无法从外部访问(防火墙禁止它),但我只是想了解它。我在 rsyslog 文档中也找不到任何讨论它的内容。
谢谢!
这只是我很好奇观察到的行为。
I've been poking around the internet trying to get an answer to this one but so far I've only seen it as "normal" behavior.
I have a fedora 29 host configured to send rsyslog messages over the default 514 port. That works as intented and has been for some time now. I had a client notice that the host would "listen" on an ephemeral port that appears to change with each reboot:
ss -tulnp | grep 46852
udp UNCONN 1536 0 0.0.0.0:468520.0.0.0:* users:(("rsyslogd",pid=676,fd=15))
also:
lsof -i :46852 -P
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
rsyslogd 676 root 15u IPv4 24836 0t0 UDP *:46852
Anyone know why rsyslog is doing this? It appears to be default behavior, and I'm not worried about it as the port can't be hit externally (firewall prohibits it) but just wanted to understand it. I also couldn't find anything in the rsyslog docs that talked about it.
Thanks!
This is just observed behavior I am curious about.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
这不是 rsyslog 正在做的事情,而是您的操作系统正在做的事情。
操作系统为客户端分配端口号(随机和顺序),作为创建网络连接的系统调用序列的一部分。例如,
TCP和UDP通常使用“临时”端口作为客户端-服务器的客户端沟通。正如您所说,这些端口号被称为“短暂的”,因为它们仅在连接的生命周期内有效,并且没有特殊意义。
至于为什么使用临时端口..我不知道。也许 ServerFault 或 网络工程 上的人可以回答这个问题问题。
据我了解,临时端口可以使用临时或私有。因此,如果服务(暂时)需要端口,它可以使用临时端口。服务完成其请求并超时一段时间后,端口将被释放并可供其他服务使用。这样,服务就不会阻塞端口,即使它甚至不使用它,或者只是经常使用它。
This isn't something that rsyslog is doing, but rather your OS.
Clients are assigned port numbers (random and sequential) by your operating system, as part of the sequence of system calls, that create a network connection. For example
TCPandUDPtypically use an "ephemeral" port for the client-end of a client–server communication.These port numbers are - as you said - called "ephemeral" because they are valid only for the life of the connection and have no special significance.
As to why ephemeral ports are used.. I don't know. Maybe someone on ServerFault or Network Engineering can answer this question.
From my understanding ephemeral ports can be used either temporary or private. So if a service (temporarily) needs a port it can use an ephemeral port. After the service has done it's requests and has timed-out for some time, the port is released and can be used by some other service. This way a service doesn't block a port even though it doesn't even use it, or just frequently uses it.