[syslog-ng] syslog-ng overload
Serge Torop
tsp at peterlink.ru
Tue Dec 12 19:50:39 CET 2006
Hello, all.
On my system Linux RedHat EL AS3
kernel:
Linux 2.4.21-20.EL #1 Wed Aug 18 20:58:25 EDT 2004 i686 i686 i386 GNU/Linux
I note high loading CPU 99% by syslog-ng.
Syslog-ng version 1.6.11 (1.6.8 too), libol 0.3.18 (0.3.16 too).
Is this possible to resolve high loading CPU problem?
Thanks to advance.
Top cmd output:
21:33:07 up 20 days, 10:13, 3 users, load average: 1,09, 1,71, 1,93
112 processes: 109 sleeping, 3 running, 0 zombie, 0 stopped
CPU states: cpu user nice system irq softirq iowait idle
total 21,6% 0,0% 78,4% 0,0% 0,0% 0,0% 0,0%
Mem: 510932k av, 351192k used, 159740k free, 0k shrd, 80412k
buff
201384k actv, 82448k in_d, 2608k in_c
Swap: 1975912k av, 13060k used, 1962852k free 181536k cached
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
23460 root 25 0 852 852 664 R 99,8 0,1 3:36 0 syslog-ng
23518 root 15 0 1188 1188 848 R 0,1 0,2 0:00 0 top
1 root 15 0 496 460 436 S 0,0 0,0 0:04 0 init
2 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 keventd
3 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 kapmd
4 root 34 19 0 0 0 SWN 0,0 0,0 0:00 0 ksoftirqd/0
7 root 25 0 0 0 0 SW 0,0 0,0 0:00 0 bdflush
5 root 15 0 0 0 0 SW 0,0 0,0 0:21 0 kswapd
6 root 15 0 0 0 0 SW 0,0 0,0 0:14 0 kscand
8 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 kupdated
9 root 15 0 0 0 0 SW 0,0 0,0 0:18 0 mdrecoveryd
18 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 raid1d
19 root 15 0 0 0 0 SW 0,0 0,0 0:05 0 raid1d
20 root 15 0 0 0 0 SW 0,0 0,0 0:14 0 raid1d
21 root 15 0 0 0 0 SW 0,0 0,0 0:03 0 raid1d
22 root 15 0 0 0 0 SW 0,0 0,0 0:03 0 kjournald
79 root 23 0 0 0 0 SW 0,0 0,0 0:00 0 khubd
1648 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 kjournald
1649 root 15 0 0 0 0 SW 0,0 0,0 0:00 0 kjournald
1650 root 15 0 0 0 0 SW 0,0 0,0 20:21 0 kjournald
# ldd /sbin/syslog-ng
librt.so.1 => /lib/tls/librt.so.1 (0x00d02000)
libnsl.so.1 => /lib/libnsl.so.1 (0x007b5000)
libresolv.so.2 => /lib/libresolv.so.2 (0x00ef5000)
libc.so.6 => /lib/tls/libc.so.6 (0x00111000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0x00df5000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00691000)
# syslog-ng configuration file.
# Main configuration
# --------------------------------------------------------
options {
sync (0);
time_reopen (10);
log_fifo_size (1000);
long_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (yes);
keep_hostname (yes);
use_time_recvd(yes);
stats(3600);
};
source s_sys {
pipe ("/proc/kmsg" log_prefix("kernel: "));
unix-stream ("/dev/log" max_connections(2000)); internal(); };
# Filters section
# ---------------------------------------------------------------
destination d_kern { file("/var/log/kernel/kernel.$MONTH.$YEAR");
file("/dev/tty12"); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages.$FACILITY.$LEVEL"); };
destination d_auth { file("/var/log/secure/secure.$MONTH.$YEAR"); };
destination d_authinfo { file("/var/log/secure/auth-info.$MONTH.$YEAR");
};
destination d_mail { file("/var/log/mail/maillog.$DAY.$MONTH.$YEAR"); };
destination d_mailacct { file("/var/log/mail/act/mailacct.$DAY.$MONTH.$YEAR"); };
destination d_fetchm {file("/var/log/fetchmail/fetchmaillog.$DAY.$MONTH.$YEAR"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot/boot.$MONTH.$YEAR"); };
destination d_cron { file("/var/log/cron/cron.$MONTH.$YEAR"); };
destination d_mlal { usertty("*"); file("/var/log/console/console.$MONTH.$YEAR"); file("/dev/tty10"); };
destination d_named { file("/var/log/named/named.$MONTH.$YEAR"); };
destination d_iptbl { file("/var/log/iptables/iptables.$MONTH.$YEAR"); file("/dev/tty11"); };
destination d_daemons { file("/var/log/daemons/daemons-info.$MONTH.$YEAR"); };
destination d_pop { file("/var/log/pop/poplog.$DAY.$MONTH.$YEAR"); };
destination d_useradd { file("/var/log/secure/useradd.log"); };
destination d_apcupsd { file("/var/log/apc/apcupsd.log"); };
destination d_syslogngd { file("/var/log/syslog-ng/syslog-ng.$MONTH.$YEAR"); };
destination d_smartd { file("/var/log/smartd/smartd.$MONTH.$YEAR"); };
destination d_drwebp { file("/var/log/drweb/mail/drweb-postfix-$DAY.$MONTH.$YEAR"); };
# Filters sections
# -----------------------------------------------------------------
filter f_filter1 { facility(kern) and not match("IPFILTER"); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv)
or facility(cron)
or facility(local1)
or facility(local2)
or facility(local3)
or facility(local4)
or facility(local5)
or (facility(daemon) and level(info))
or (facility(kern) and level(info))
or (facility(auth) and level(info))
); };
filter f_filter3 { facility(authpriv) and not match("useradd"); };
filter f_filter4 { facility(mail) and not (match("mailacct") or
match("fetchmail")); }
;
filter f_filter5 { level(err..emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_filter9 { facility(mail) and match("mailacct"); };
filter f_filter10 { match("named"); };
filter f_filter11 { facility(kern) and match("IPFILTER"); };
filter f_filter12 { facility(daemon) and not match("dhcpd") and not match("apcupsd");
};
filter f_filter13 { facility(auth) and level(info); };
filter f_filter14 { facility(local2) and not match("pppd"); };
filter f_filter15 { facility(mail) and match("fetchmail"); };
filter f_filter18 { facility(authpriv) and match("useradd"); };
filter f_filter20 { match("apcupsd"); };
filter f_filter21 { match("syslog-ng"); };
filter f_filter22 { match("sshd"); };
filter f_filter23 { facility(local5); };
filter f_filter24 { facility(local4); };
# Bodybuilding
# -------------------------------------------------------------
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter1); destination(d_kern); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
log { source(s_sys); filter(f_filter9); destination(d_mailacct); };
log { source(s_sys); filter(f_filter10); destination(d_named); };
log { source(s_sys); filter(f_filter11); destination(d_iptbl); };
log { source(s_sys); filter(f_filter12); destination(d_daemons); };
log { source(s_sys); filter(f_filter13); destination(d_authinfo); destination(d_mlal); };
log { source(s_sys); filter(f_filter14); destination(d_pop); };
log { source(s_sys); filter(f_filter15); destination(d_fetchm); };
log { source(s_sys); filter(f_filter18); destination(d_useradd); };
log { source(s_sys); filter(f_filter20); destination(d_apcupsd); };
log { source(s_sys); filter(f_filter21); destination(d_syslogngd); };
log { source(s_sys); filter(f_filter22); destination(d_mlal); };
log { source(s_sys); filter(f_filter23); destination(d_smartd); };
log { source(s_sys); filter(f_filter24); destination(d_drwebp); };
--
Serge P. Torop
St.Petersburg, Russia
More information about the syslog-ng
mailing list