[syslog-ng] FreeBSD

Balazs Scheidler bazsi@balabit.hu
Thu, 3 Aug 2000 13:04:49 +0200 

> > > > I'm running syslog-ng on a FreeBSD 3.2-RELEASE machine.  It does
> > > > work but tends to start using alot of CPU time and after that stops
> > > > logging.  Maybe it's my dodgy config...
> > > 
> > > I'm not using syslog-ng on FreeBSD. Could you provide me some more
> > > details?  ktrace dump would be helpful.
> > 
> > Incidentally, the 1.4.5 release did fix some of the leak/CPU problems,
> > but only made it a longer period of time before the process eventually
> > uses all system resources; there's still a leak somewhere.  I'll have
> > more details within the next couple of weeks.
> 
> I've had lots of problems with the stability of syslog-ng on two debian
> installs, but look at the syslog-ng listing from top on a redhat 6.2 box:
> 
> 
> PID USER     PRI  NI  SIZE  RSS SHARE STAT LIB %CPU %MEM   TIME COMMAND
> 355 root      11   0 20952  20M   432 R      0 56.7  2.6 12616m syslog-ng
> 
> 
> It's been up and running for `expr 12616 / 60 / 24` == about 8 days with
> no problems, and it's logging both to the regular logfiles in /var/log
> plus archiving each host like this:
> 
> # separate logs
> destination std {
> file("/var/log/HOSTS/$HOST/$FACILITY/$YEAR$MONTH/$FACILITY$YEAR$MONTH$DAY" owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes)); };
> 
> # log it
> log { source(net);  source(local); destination(std); };
> 
> This is for around 50 hosts, so it's a not excactly a light load. It
> consumes most of the CPU since it's usually the only running process.
> 
> This is syslog-ng 1.4.4, I forget which libol version (deleted the
> tarball). I wonder what's so magic about redhat? Any thoughts?

The last leak I fixed in 1.4.5 was caused by UDP destinations, if the
receiving host was not accepting messages on the given port. (e.g. ICMP
destination unreachable is returned) If you don't use udp() destinations it
doesn't show up.

I captured a bug at one of our servers, the central log host went down, and
the client host didn't reestablish the connection for some reason. (it was
trying as long as the loghost came up, and when it succeeded, it simply
stopped logging there) I'll have to check it out, but didn't have too much
time.

ZORP is eating up all my time now. (it's a new generation proxy firewall
suite, check it out at http://www.balabit.hu/zorp.en.phtml)

-- 
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
     url: http://www.balabit.hu/pgpkey.txt