Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
www.omnilogic.ro

The config is like this (i will only show what i have added, the rest is the default config):

source s_internal { internal(); };
source s_local {file ("/proc/kmsg" log_prefix("kernel: "));
                          unix-stream ("/dev/log"); };
destination d_remote {udp ("192.168.53.248" port(514)); };
log { source(s_internal);       destination(d_remote);    };



The thing is that i have noticed this only twice, and the last time was when i have used the PC for a day, without network conectivity. I think that the next day, when i started the PC with network connectivity, syslog was taking his time sending all the logs from previos day. I will watch to see if that happends again and in what condition, until then, now is working ok, no high cpu anymore.

PS: i never doubt that i could'nt get help here, without your replys, syslog-ng would not have been running right now :)

Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
www.omnilogic.ro
  

Balazs Scheidler wrote:

On Tue, 2009-07-07 at 09:49 +0300, Cosmin Neagu wrote:
  

Sorry for answering so late.
You were right guys about the firewall, on the Fedora server iptables
was on, and as soon as I turned it off, everything worked great. 
Know i have to learn how to configure iptables, cause i don't want to
leave it off.
Anyone knows a good starting point for iptables?



And another thing that bothers me...why the hell does the cpu stays
most of the time at 100% because of the syslog-ng process?

top - 09:42:37 up 55 min,  2 users,  load average: 1.10, 1.07, 0.98
Tasks: 134 total,   3 running, 131 sleeping,   0 stopped,   0 zombie
Cpu(s): 12.3%us, 39.0%sy,  0.0%ni, 48.6%id,  0.0%wa,  0.0%hi,  0.2%si,
0.0%st
Mem:   2060488k total,   850036k used,  1210452k free,    77172k
buffers
Swap:  2931820k total,        0k used,  2931820k free,   460408k
cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+
COMMAND                                                                                         
 2527 root      20   0  3344 1268  848 R  100  0.1  32:13.86
syslog-ng                                                                                       
 3028 root      20   0  305m  34m  11m S    2  1.7   1:04.90
Xorg                                                                                            
   22 root      15  -5     0    0    0 S    0  0.0   0:00.12
ata/1                                                                                           
 3788 cosmin    20   0  221m 102m  26m S    0  5.1   1:12.27
firefox     

I have a dual core processor, and either CPU1 or CPU2 stays at 100%
utilization...
    

This seems to be a bug, however I don't know anything similar in 2.0.

Can you please post your configuration file which shows this symptom? Do
you get this right after you start syslog-ng? Is it always reproducible?
Can you list the exact version you are using and the way you got it
compiled? Is it a distribution package?

So as you may see, we're happy to help you, but we need more
information.

  

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.campin.net/syslog-ng/faq.html