[syslog-ng] syslog-ng overload

Serge Torop tsp at peterlink.ru
Tue Dec 12 19:50:39 CET 2006


Hello, all.

On my system Linux RedHat EL AS3

kernel:
Linux 2.4.21-20.EL #1 Wed Aug 18 20:58:25 EDT 2004 i686 i686 i386 GNU/Linux

I note high loading CPU 99% by syslog-ng.
Syslog-ng version 1.6.11 (1.6.8 too), libol 0.3.18 (0.3.16 too).

Is this possible to resolve high loading CPU problem?
Thanks to advance.


Top cmd output:

  21:33:07  up 20 days, 10:13,  3 users,  load average: 1,09, 1,71, 1,93
112 processes: 109 sleeping, 3 running, 0 zombie, 0 stopped
CPU states:  cpu    user    nice  system    irq  softirq  iowait    idle
            total   21,6%    0,0%   78,4%   0,0%     0,0%    0,0%    0,0%
Mem:   510932k av,  351192k used,  159740k free,       0k shrd,   80412k 
buff
                     201384k actv,   82448k in_d,    2608k in_c
Swap: 1975912k av,   13060k used, 1962852k free                  181536k cached

   PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
23460 root      25   0   852  852   664 R    99,8  0,1   3:36   0 syslog-ng
23518 root      15   0  1188 1188   848 R     0,1  0,2   0:00   0 top
     1 root      15   0   496  460   436 S     0,0  0,0   0:04   0 init
     2 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 keventd
     3 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 kapmd
     4 root      34  19     0    0     0 SWN   0,0  0,0   0:00   0 ksoftirqd/0
     7 root      25   0     0    0     0 SW    0,0  0,0   0:00   0 bdflush
     5 root      15   0     0    0     0 SW    0,0  0,0   0:21   0 kswapd
     6 root      15   0     0    0     0 SW    0,0  0,0   0:14   0 kscand
     8 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 kupdated
     9 root      15   0     0    0     0 SW    0,0  0,0   0:18   0 mdrecoveryd
    18 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 raid1d
    19 root      15   0     0    0     0 SW    0,0  0,0   0:05   0 raid1d
    20 root      15   0     0    0     0 SW    0,0  0,0   0:14   0 raid1d
    21 root      15   0     0    0     0 SW    0,0  0,0   0:03   0 raid1d
    22 root      15   0     0    0     0 SW    0,0  0,0   0:03   0 kjournald
    79 root      23   0     0    0     0 SW    0,0  0,0   0:00   0 khubd
  1648 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 kjournald
  1649 root      15   0     0    0     0 SW    0,0  0,0   0:00   0 kjournald
  1650 root      15   0     0    0     0 SW    0,0  0,0  20:21   0 kjournald


# ldd /sbin/syslog-ng

         librt.so.1 => /lib/tls/librt.so.1 (0x00d02000)
         libnsl.so.1 => /lib/libnsl.so.1 (0x007b5000)
         libresolv.so.2 => /lib/libresolv.so.2 (0x00ef5000)
         libc.so.6 => /lib/tls/libc.so.6 (0x00111000)
         libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00df5000)
         /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00691000)


# syslog-ng configuration file.

# Main configuration
# --------------------------------------------------------

options {
           sync (0);
           time_reopen (10);
           log_fifo_size (1000);
           long_hostnames (off);
           use_dns (no);
           use_fqdn (no);
           create_dirs (yes);
           keep_hostname (yes);
           use_time_recvd(yes);
           stats(3600);
         };

source s_sys {
           pipe ("/proc/kmsg" log_prefix("kernel: "));
           unix-stream ("/dev/log" max_connections(2000)); internal(); };

# Filters section
# ---------------------------------------------------------------

destination d_kern { file("/var/log/kernel/kernel.$MONTH.$YEAR");
                      file("/dev/tty12"); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages.$FACILITY.$LEVEL"); };

destination d_auth { file("/var/log/secure/secure.$MONTH.$YEAR"); };
destination d_authinfo { file("/var/log/secure/auth-info.$MONTH.$YEAR"); 
};

destination d_mail { file("/var/log/mail/maillog.$DAY.$MONTH.$YEAR"); };
destination d_mailacct { file("/var/log/mail/act/mailacct.$DAY.$MONTH.$YEAR"); };
destination d_fetchm {file("/var/log/fetchmail/fetchmaillog.$DAY.$MONTH.$YEAR"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot/boot.$MONTH.$YEAR"); };
destination d_cron { file("/var/log/cron/cron.$MONTH.$YEAR"); };
destination d_mlal { usertty("*"); file("/var/log/console/console.$MONTH.$YEAR"); file("/dev/tty10"); };
destination d_named { file("/var/log/named/named.$MONTH.$YEAR"); };
destination d_iptbl { file("/var/log/iptables/iptables.$MONTH.$YEAR"); file("/dev/tty11"); };
destination d_daemons { file("/var/log/daemons/daemons-info.$MONTH.$YEAR"); };
destination d_pop { file("/var/log/pop/poplog.$DAY.$MONTH.$YEAR"); };
destination d_useradd { file("/var/log/secure/useradd.log"); };
destination d_apcupsd { file("/var/log/apc/apcupsd.log"); };
destination d_syslogngd { file("/var/log/syslog-ng/syslog-ng.$MONTH.$YEAR"); };
destination d_smartd  { file("/var/log/smartd/smartd.$MONTH.$YEAR"); };
destination d_drwebp { file("/var/log/drweb/mail/drweb-postfix-$DAY.$MONTH.$YEAR"); };

# Filters sections
# -----------------------------------------------------------------

filter f_filter1     { facility(kern) and not match("IPFILTER"); };
filter f_filter2     { level(info) and
                         not (facility(mail)
                         or facility(authpriv)
                         or facility(cron)
                         or facility(local1)
                         or facility(local2)
                         or facility(local3)
                         or facility(local4)
                         or facility(local5)
                         or (facility(daemon) and level(info))
                         or (facility(kern) and level(info))
                         or (facility(auth) and level(info))
                      ); };
filter f_filter3     { facility(authpriv) and not match("useradd"); };
filter f_filter4     { facility(mail) and not (match("mailacct") or 
match("fetchmail")); }
;
filter f_filter5     { level(err..emerg); };
filter f_filter6     { facility(uucp) or
                      (facility(news) and level(crit)); };
filter f_filter7     { facility(local7); };
filter f_filter8     { facility(cron); };
filter f_filter9     { facility(mail) and match("mailacct"); };
filter f_filter10    { match("named"); };
filter f_filter11     { facility(kern) and match("IPFILTER"); };
filter f_filter12     { facility(daemon) and not match("dhcpd") and not match("apcupsd");
};
filter f_filter13     { facility(auth) and level(info); };
filter f_filter14     { facility(local2) and not match("pppd"); };
filter f_filter15     { facility(mail) and match("fetchmail"); };
filter f_filter18     { facility(authpriv) and match("useradd"); };
filter f_filter20     { match("apcupsd"); };
filter f_filter21     { match("syslog-ng"); };
filter f_filter22     { match("sshd"); };
filter f_filter23     { facility(local5); };
filter f_filter24     { facility(local4); };

# Bodybuilding
# -------------------------------------------------------------

#log { source(s_sys); filter(f_filter1); destination(d_cons); };

log { source(s_sys); filter(f_filter1); destination(d_kern); };

log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter9); destination(d_mailacct); };
log { source(s_sys); filter(f_filter10); destination(d_named); };
log { source(s_sys); filter(f_filter11); destination(d_iptbl); };
log { source(s_sys); filter(f_filter12); destination(d_daemons); };
log { source(s_sys); filter(f_filter13); destination(d_authinfo); destination(d_mlal); };
log { source(s_sys); filter(f_filter14); destination(d_pop); };
log { source(s_sys); filter(f_filter15); destination(d_fetchm); };
log { source(s_sys); filter(f_filter18); destination(d_useradd); };
log { source(s_sys); filter(f_filter20); destination(d_apcupsd); };
log { source(s_sys); filter(f_filter21); destination(d_syslogngd); };
log { source(s_sys); filter(f_filter22); destination(d_mlal); };
log { source(s_sys); filter(f_filter23); destination(d_smartd); };
log { source(s_sys); filter(f_filter24); destination(d_drwebp); };


-- 
Serge P. Torop
St.Petersburg, Russia


More information about the syslog-ng mailing list