Avoiding Potential Loss of TLS Syslog Logging

For Linux, by default, it takes about 15 minutes for kernel to end a TCP connection when transmitted data remains unacknowledged. This results in a potential loss of logs to TLS Syslog server during the 15 minutes window due to link down.

To reduce this time window, use the following command:

configure syslog tls tcp-user-timeout [seconds | default]

To view the value set for Syslog TLS TCP user timeout, use the following comamnd:

show log configuration