[syslog-ng]syslog-ng performance problems
Balazs Scheidler
syslog-ng@lists.balabit.hu
Fri, 03 Sep 2004 12:13:21 +0200
You have a lot of log() statements however I can't see right now why
syslog-ng is eating so much CPU time. Can you do some kind of profiling?
(oprofile with syslog-ng debug symbols, or easier compiling syslog-ng
with -pg and processing gmon.out with gprof)?
On Thu, 2004-09-02 at 14:22, west@x-dot.ch wrote:
> Hallo
>
> I have replaced the original syslog with syslog-ng.
> everything works fine. the only problem I have is that
> syslog-ng uses between 50% and 70% of the cpu.
> I think that it is a configuration problem because the
> old syslogd never uses more than 10% of the cpu.
>
> thank you for your help
> stefan
>
> here are my configuration files:
>
> traditional syslog:
>
> # /etc/syslog.conf syslog configuration
> file.###################################
>
> # output to local file "messages" for automatic log file analysis
> *.err;auth,daemon,mark,kern.debug;mail,user.notice /var/adm/messages
>
> # display emergencies on all terminals (uses WALL)
> *.emerg *
>
> #print time on console every 20mins (not needed if you have contool)
> #mark.* /dev/console
>
> kern.info ifdef(`LOGHOST', /var/log/kernlog, @loghost)
> user.info ifdef(`LOGHOST', /var/log/userlog, @loghost)
> mail.info ifdef(`LOGHOST', /var/log/maillog, @loghost)
> daemon.info ifdef(`LOGHOST', /var/log/daemonlog, @loghost)
> auth.info ifdef(`LOGHOST', /var/log/authlog, @loghost)
> lpr.info ifdef(`LOGHOST', /var/log/lprlog, @loghost)
> news,uucp.info ifdef(`LOGHOST', /var/log/newslog, @loghost)
> cron.info ifdef(`LOGHOST', /var/log/cronlog, @loghost)
>
> ## other "local" messages not yet used
> local0,local1.info ifdef(`LOGHOST', /var/log/local0log, @loghost)
> local2,local3,local4.info ifdef(`LOGHOST', /var/log/local2log, @loghost)
> local5.info ifdef(`LOGHOST', /var/log/local5log, @loghost)
> local6.info ifdef(`LOGHOST', /var/log/local6log, @loghost)
> local7.info ifdef(`LOGHOST', /var/log/local7log, @loghost)
>
> # Put all alerts (& higher) into a seperate log:
> *.err ifdef(`LOGHOST', /var/log/alertlog, @loghost)
> ###########################################################################
>
> syslog-ng:
> #
> # Syslog-ng configuration for SUN Solaris
> #
> # Copyright (c) 1999 anonymous
> # Copyright (c) 1999 Balazs Scheidler
> # Copyleft 2004 Stefan Wenger
> # $Id: syslog-ng.conf.sample,v 1.2 1999/11/15 12:30:41 bazsi Exp $
> #
> # Syslog-ng configuration file, compatible with default Debian syslogd
> # installation.
> #
>
> options {
> keep_hostname(yes);
> time_reopen (1);
> time_reap(300);
>
> use_dns(yes);
> use_fqdn(no);
> use_time_recvd(yes);
>
> dns_cache(yes);
> dns_cache_expire(3600);
> dns_cache_expire_failed(10);
>
> sync(4);
> gc_idle_threshold(300);
> gc_busy_threshold(1000);
> log_fifo_size(16777216);
> log_msg_size(8192);
> chain_hostnames(no);
>
> owner(root);
> group(nobody);
> perm(0644);
> dir_perm(0755);
> create_dirs(yes);
> };
>
> source src { sun_streams("/dev/log" door("/etc/.syslog_door")); internal (); };
> source net { udp(); };
>
> destination alertlog { file("/var/log/alertlog"); };
> destination messages { file("/var/adm/messages"); };
> destination console { usertty("root"); };
> destination console_all { file("/dev/tty12"); };
>
> destination kernlog { file("/var/log/kernlog"); };
> destination userlog { file("/var/log/userlog"); };
> destination maillog { file("/var/log/maillog"); };
> destination daemonlog { file("/var/log/daemonlog"); };
> destination authlog { file("/var/log/authlog"); };
> destination lprlog { file("/var/log/lprlog"); };
> destination newslog { file("/var/log/newslog"); };
> destination cronlog { file("/var/log/cronlog"); };
>
> destination local0log { file("/var/log/local0log"); };
> destination local2log { file("/var/log/local2log"); };
> destination local5log { file("/var/log/local5log"); };
> destination local6log { file("/var/log/local6log"); };
> destination local7log { file("/var/log/local7log"); };
>
> destination fallbacklog { file("/var/log/fallbacklog"); };
>
> destination loghost { udp("loghost"); };
> #destination xconsole { pipe("/dev/xconsole"); };
>
> destination d_mysql { pipe("/tmp/mysql.pipe"
> template("INSERT INTO logs (host, facility, priority, level, tag, date,time,
> program, msg)
> VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL',
> '$TAG','$YEAR-$MONTH-$DAY', '$HOUR:$MIN:$SEC',
> '$PROGRAM', '$MSG' );\n") template-escape(yes));
> };
>
> filter f_emerg { level(emerg); };
> filter f_kern_info {facility(kern) and not priority(debug); };
> filter f_user_info {facility(user) and not priority(debug); };
> filter f_mail_info {facility(mail) and not priority(debug); };
> filter f_daemon_info {facility(daemon) and not priority(debug); };
> filter f_auth_info {facility(auth) and not priority(debug); };
> filter f_lpr_info {facility(lpr) and not priority(debug); };
> filter f_news_info {(facility(news) or facility(uucp)) and not
> priority(debug);
> };
> filter f_cron_info {facility(cron) and not priority(debug); };
>
> filter f_local0 {facility(local0, local1) and not priority(debug); };
> filter f_local2 {facility(local2, local3, local4) and not priority(debug); };
> filter f_local5 {facility(local5) and not priority(debug); };
> filter f_local6 {facility(local6) and not priority(debug); };
> filter f_local7 {facility(local7) and not priority(debug); };
> filter f_err {priority(err..emerg); };
> filter f_messages {priority(err..emerg) or facility(auth, daemon, kern)
> or (facility(mail, user) and priority(notice..emerg)); };
>
> log { source(src); filter(f_messages); destination(messages); };
> log { source(src); filter(f_emerg); destination(console); };
> log { source(src); filter(f_kern_info); destination(kernlog);
> destination(loghost); };
> log { source(src); filter(f_user_info); destination(userlog);
> destination(loghost); };
> log { source(src); filter(f_mail_info); destination(maillog);
> destination(loghost); };
> log { source(src); filter(f_daemon_info); destination(daemonlog);
> destination(loghost); };
> log { source(src); filter(f_auth_info); destination(authlog);
> destination(loghost); };
> log { source(src); filter(f_lpr_info); destination(lprlog);
> destination(loghost); };
> log { source(src); filter(f_news_info); destination(newslog);
> destination(loghost); };
> log { source(src); filter(f_cron_info); destination(cronlog);
> destination(loghost); };
>
> log { source(src); filter(f_local0); destination(local0log);
> destination(loghost); };
> log { source(src); filter(f_local2); destination(local2log);
> destination(loghost); };
> log { source(src); filter(f_local5); destination(local5log);
> destination(loghost); };
> log { source(src); filter(f_local6); destination(local6log);
> destination(loghost); };
> log { source(src); filter(f_local7); destination(local7log);
> destination(loghost); };
> log { source(src); filter(f_err); destination(alertlog); destination(loghost);
> };
>
> log { source(src); destination(fallbacklog); flags(fallback); };
>
>
> log { source(net); filter(f_messages); destination(messages); };
> #log { source(net); filter(f_emerg); destination(console); };
> log { source(net); filter(f_kern_info); destination(kernlog);
> destination(loghost); };
> log { source(net); filter(f_user_info); destination(userlog);
> destination(loghost); };
> log { source(net); filter(f_mail_info); destination(maillog);
> destination(loghost); };
> log { source(net); filter(f_daemon_info); destination(daemonlog);
> destination(loghost); };
> log { source(net); filter(f_auth_info); destination(authlog);
> destination(loghost); };
> log { source(net); filter(f_lpr_info); destination(lprlog);
> destination(loghost); };
> log { source(net); filter(f_news_info); destination(newslog);
> destination(loghost); };
>
> log { source(net); filter(f_local0); destination(local0log);
> destination(loghost); };
> log { source(net); filter(f_local2); destination(local2log);
> destination(loghost); };
> log { source(net); filter(f_local5); destination(local5log);
> destination(loghost); };
> log { source(net); filter(f_local6); destination(local6log);
> destination(loghost); };
> log { source(net); filter(f_local7); destination(local7log);
> destination(loghost); };
> log { source(net); filter(f_err); destination(alertlog); destination(loghost);
> };
>
> log { source(net); destination(fallbacklog); flags(fallback); };
>
> ## MYSQL
> #log { source(src); destination(d_mysql); };
> #log { source(net); destination(d_mysql); };
>
>
>
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
>
--
Bazsi