<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Nope, i was hoping that everything will work fine with syslog-ng, but
now it keeps the CPU again at 100 percent.<br>
<br>
<i>top - 15:40:20 up 6:53, 2 users, load average: 1.59, 3.35, 3.86<br>
Tasks: 141 total, 2 running, 139 sleeping, 0 stopped, 0 zombie<br>
Cpu(s): 12.5%us, 38.4%sy, 0.0%ni, 48.9%id, 0.0%wa, 0.0%hi, 0.2%si,
0.0%st<br>
Mem: 2060488k total, 1506968k used, 553520k free, 104856k buffers<br>
Swap: 2931820k total, 0k used, 2931820k free, 975856k cached<br>
<br>
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
<br>
2528 root 20 0 3464 1416 832 R <b>100</b> 0.1 259:49.18
syslog-ng<br>
<br>
</i>I have attached the config file, instalation has been done with:<br>
sudo apt-get install syslog-ng.<br>
Version:<br>
cosmin@CosminDell:~$ syslog-ng -V<br>
syslog-ng 2.0.9<br>
<br>
<br>
I was doing some learning with GNS3, and only 3 cisco IOS loaded.<br>
My machine has this hardware/software:<br>
Linux CosminDell 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 19:49:51
UTC 2009 i686 GNU/Linux<br>
cosmin@CosminDell:~$ cat /proc/cpuinfo <br>
processor : 0<br>
vendor_id : GenuineIntel<br>
cpu family : 6<br>
model : 15<br>
model name : Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz<br>
stepping : 13<br>
cpu MHz : 2001.000<br>
cache size : 2048 KB<br>
cosmin@CosminDell:~$ cat /proc/meminfo <br>
MemTotal: 2060488 kB<br>
MemFree: 553376 kB<br>
Buffers: 104980 kB<br>
<br>
Stiil the cpu stays at 100%.<br>
<br>
When i have install syslog-ng, the folowing repos were configured:<br>
<br>
cosmin@CosminDell:~$ less /etc/apt/sources.list | grep deb<br>
<i>deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty main restricted<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty main restricted<br>
deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates main restricted<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates main
restricted<br>
deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty universe<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty universe<br>
deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates universe<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates universe<br>
deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty multiverse<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty multiverse<br>
deb <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates multiverse<br>
deb-src <a class="moz-txt-link-freetext" href="http://ro.archive.ubuntu.com/ubuntu/">http://ro.archive.ubuntu.com/ubuntu/</a> jaunty-updates multiverse<br>
deb <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security main restricted<br>
deb-src <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security main
restricted<br>
deb <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security universe<br>
deb-src <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security universe<br>
deb <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security multiverse<br>
deb-src <a class="moz-txt-link-freetext" href="http://security.ubuntu.com/ubuntu">http://security.ubuntu.com/ubuntu</a> jaunty-security multiverse<br>
deb <a class="moz-txt-link-freetext" href="http://archive.ubuntu.com/ubuntu">http://archive.ubuntu.com/ubuntu</a> jaunty universe multiverse<br>
deb-src <a class="moz-txt-link-freetext" href="http://archive.ubuntu.com/ubuntu">http://archive.ubuntu.com/ubuntu</a> jaunty universe multiverse</i><br>
<br>
<br>
<br>
I have even restarted syslog-ng, and still stays at 100%.<br>
<br>
<br>
<i><br>
<br>
</i>
<pre class="moz-signature" cols="72">Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
<a class="moz-txt-link-abbreviated" href="http://www.omnilogic.ro">www.omnilogic.ro</a>
</pre>
<br>
<br>
Cosmin Neagu wrote:
<blockquote cite="mid:4A547B29.3090209@omnilogic.ro" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
The config is like this (i will only show what i have added, the rest
is the default config):<br>
<br>
source s_internal { internal(); };<br>
source s_local {file ("/proc/kmsg" log_prefix("kernel: "));<br>
unix-stream ("/dev/log"); };<br>
destination d_remote {udp ("192.168.53.248" port(514)); };<br>
log { source(s_internal); destination(d_remote); };<br>
<br>
<br>
<br>
The thing is that i have noticed this only twice, and the last time was
when i have used the PC for a day, without network conectivity. I think
that the next day, when i started the PC with network connectivity,
syslog was taking his time sending all the logs from previos day. I
will watch to see if that happends again and in what condition, until
then, now is working ok, no high cpu anymore.<br>
<br>
PS: i never doubt that i could'nt get help here, without your replys,
syslog-ng would not have been running right now :)<br>
<br>
<pre class="moz-signature" cols="72">Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="http://www.omnilogic.ro">www.omnilogic.ro</a>
</pre>
<br>
<br>
Balazs Scheidler wrote:
<blockquote cite="mid:1247040283.2328.27.camel@bzorp.balabit"
type="cite">
<pre wrap="">On Tue, 2009-07-07 at 09:49 +0300, Cosmin Neagu wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Sorry for answering so late.
You were right guys about the firewall, on the Fedora server iptables
was on, and as soon as I turned it off, everything worked great.
Know i have to learn how to configure iptables, cause i don't want to
leave it off.
Anyone knows a good starting point for iptables?
And another thing that bothers me...why the hell does the cpu stays
most of the time at 100% because of the syslog-ng process?
top - 09:42:37 up 55 min, 2 users, load average: 1.10, 1.07, 0.98
Tasks: 134 total, 3 running, 131 sleeping, 0 stopped, 0 zombie
Cpu(s): 12.3%us, 39.0%sy, 0.0%ni, 48.6%id, 0.0%wa, 0.0%hi, 0.2%si,
0.0%st
Mem: 2060488k total, 850036k used, 1210452k free, 77172k
buffers
Swap: 2931820k total, 0k used, 2931820k free, 460408k
cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+
COMMAND
2527 root 20 0 3344 1268 848 R 100 0.1 32:13.86
syslog-ng
3028 root 20 0 305m 34m 11m S 2 1.7 1:04.90
Xorg
22 root 15 -5 0 0 0 S 0 0.0 0:00.12
ata/1
3788 cosmin 20 0 221m 102m 26m S 0 5.1 1:12.27
firefox
I have a dual core processor, and either CPU1 or CPU2 stays at 100%
utilization...
</pre>
</blockquote>
<pre wrap=""><!---->
This seems to be a bug, however I don't know anything similar in 2.0.
Can you please post your configuration file which shows this symptom? Do
you get this right after you start syslog-ng? Is it always reproducible?
Can you list the exact version you are using and the way you got it
compiled? Is it a distribution package?
So as you may see, we're happy to help you, but we need more
information.
</pre>
</blockquote>
<pre wrap="">
<hr size="4" width="90%">
______________________________________________________________________________
Member info: <a class="moz-txt-link-freetext" href="https://lists.balabit.hu/mailman/listinfo/syslog-ng">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a class="moz-txt-link-freetext" href="http://www.balabit.com/support/documentation/?product=syslog-ng">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a class="moz-txt-link-freetext" href="http://www.campin.net/syslog-ng/faq.html">http://www.campin.net/syslog-ng/faq.html</a>
</pre>
</blockquote>
</body>
</html>