[syslog-ng] Syslog-ng beginners guide

Cosmin Neagu cosmin.neagu at omnilogic.ro
Wed Jul 8 12:55:37 CEST 2009 

The config is like this (i will only show what i have added, the rest is 
the default config):

source s_internal { internal(); };
source s_local {file ("/proc/kmsg" log_prefix("kernel: "));
                          unix-stream ("/dev/log"); };
destination d_remote {udp ("192.168.53.248" port(514)); };
log { source(s_internal);       destination(d_remote);    };



The thing is that i have noticed this only twice, and the last time was 
when i have used the PC for a day, without network conectivity. I think 
that the next day, when i started the PC with network connectivity, 
syslog was taking his time sending all the logs from previos day. I will 
watch to see if that happends again and in what condition, until then, 
now is working ok, no high cpu anymore.

PS: i never doubt that i could'nt get help here, without your replys, 
syslog-ng would not have been running right now :)

Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
www.omnilogic.ro



Balazs Scheidler wrote:
> On Tue, 2009-07-07 at 09:49 +0300, Cosmin Neagu wrote:
>   
>> Sorry for answering so late.
>> You were right guys about the firewall, on the Fedora server iptables
>> was on, and as soon as I turned it off, everything worked great. 
>> Know i have to learn how to configure iptables, cause i don't want to
>> leave it off.
>> Anyone knows a good starting point for iptables?
>>
>>
>>
>> And another thing that bothers me...why the hell does the cpu stays
>> most of the time at 100% because of the syslog-ng process?
>>
>> top - 09:42:37 up 55 min,  2 users,  load average: 1.10, 1.07, 0.98
>> Tasks: 134 total,   3 running, 131 sleeping,   0 stopped,   0 zombie
>> Cpu(s): 12.3%us, 39.0%sy,  0.0%ni, 48.6%id,  0.0%wa,  0.0%hi,  0.2%si,
>> 0.0%st
>> Mem:   2060488k total,   850036k used,  1210452k free,    77172k
>> buffers
>> Swap:  2931820k total,        0k used,  2931820k free,   460408k
>> cached
>>
>>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+
>> COMMAND                                                                                         
>>  2527 root      20   0  3344 1268  848 R  100  0.1  32:13.86
>> syslog-ng                                                                                       
>>  3028 root      20   0  305m  34m  11m S    2  1.7   1:04.90
>> Xorg                                                                                            
>>    22 root      15  -5     0    0    0 S    0  0.0   0:00.12
>> ata/1                                                                                           
>>  3788 cosmin    20   0  221m 102m  26m S    0  5.1   1:12.27
>> firefox     
>>
>> I have a dual core processor, and either CPU1 or CPU2 stays at 100%
>> utilization...
>>     
>
> This seems to be a bug, however I don't know anything similar in 2.0.
>
> Can you please post your configuration file which shows this symptom? Do
> you get this right after you start syslog-ng? Is it always reproducible?
> Can you list the exact version you are using and the way you got it
> compiled? Is it a distribution package?
>
> So as you may see, we're happy to help you, but we need more
> information.
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090708/f63de513/attachment.htm

More information about the syslog-ng mailing list