[syslog-ng] Syslog-ng beginners guide

Cosmin Neagu cosmin.neagu at omnilogic.ro
Wed Jul 8 14:51:57 CEST 2009 

Nope, i was hoping that everything will work fine with syslog-ng, but 
now it keeps the CPU again at 100 percent.

/top - 15:40:20 up  6:53,  2 users,  load average: 1.59, 3.35, 3.86
Tasks: 141 total,   2 running, 139 sleeping,   0 stopped,   0 zombie
Cpu(s): 12.5%us, 38.4%sy,  0.0%ni, 48.9%id,  0.0%wa,  0.0%hi,  0.2%si,  
0.0%st
Mem:   2060488k total,  1506968k used,   553520k free,   104856k buffers
Swap:  2931820k total,        0k used,  2931820k free,   975856k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  
COMMAND                                                                                         

 2528 root      20   0  3464 1416  832 R  *100*  0.1 259:49.18 syslog-ng

/I have attached the config file, instalation has been done with:
sudo apt-get install syslog-ng.
Version:
cosmin at CosminDell:~$ syslog-ng -V
syslog-ng 2.0.9


I was doing some learning with GNS3, and only 3 cisco IOS loaded.
My machine has this hardware/software:
Linux CosminDell 2.6.28-13-generic #45-Ubuntu SMP Tue Jun 30 19:49:51 
UTC 2009 i686 GNU/Linux
cosmin at CosminDell:~$ cat /proc/cpuinfo
processor    : 0
vendor_id    : GenuineIntel
cpu family    : 6
model        : 15
model name    : Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz
stepping    : 13
cpu MHz        : 2001.000
cache size    : 2048 KB
cosmin at CosminDell:~$ cat /proc/meminfo
MemTotal:        2060488 kB
MemFree:          553376 kB
Buffers:          104980 kB

Stiil the cpu stays at 100%.

When i have install syslog-ng, the folowing repos were configured:

cosmin at CosminDell:~$ less /etc/apt/sources.list | grep deb
/deb http://ro.archive.ubuntu.com/ubuntu/ jaunty main restricted
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty main restricted
deb http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted
deb http://ro.archive.ubuntu.com/ubuntu/ jaunty universe
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty universe
deb http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates universe
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates universe
deb http://ro.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
deb-src http://ro.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse
deb http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb-src http://security.ubuntu.com/ubuntu jaunty-security main restricted
deb http://security.ubuntu.com/ubuntu jaunty-security universe
deb-src http://security.ubuntu.com/ubuntu jaunty-security universe
deb http://security.ubuntu.com/ubuntu jaunty-security multiverse
deb-src http://security.ubuntu.com/ubuntu jaunty-security multiverse
deb http://archive.ubuntu.com/ubuntu jaunty universe multiverse
deb-src http://archive.ubuntu.com/ubuntu jaunty universe multiverse/



I have even restarted syslog-ng, and still stays at 100%.


/

/

Cosmin Neagu
NOC Team Leader
Str. I. G. Duca nr 36
Otopeni, Judetul Ilfov, 075100 Romania
Tel: 021 303 3159 / 0732 669 193
www.omnilogic.ro



Cosmin Neagu wrote:
> The config is like this (i will only show what i have added, the rest 
> is the default config):
>
> source s_internal { internal(); };
> source s_local {file ("/proc/kmsg" log_prefix("kernel: "));
>                           unix-stream ("/dev/log"); };
> destination d_remote {udp ("192.168.53.248" port(514)); };
> log { source(s_internal);       destination(d_remote);    };
>
>
>
> The thing is that i have noticed this only twice, and the last time 
> was when i have used the PC for a day, without network conectivity. I 
> think that the next day, when i started the PC with network 
> connectivity, syslog was taking his time sending all the logs from 
> previos day. I will watch to see if that happends again and in what 
> condition, until then, now is working ok, no high cpu anymore.
>
> PS: i never doubt that i could'nt get help here, without your replys, 
> syslog-ng would not have been running right now :)
>
> Cosmin Neagu
> NOC Team Leader
> Str. I. G. Duca nr 36
> Otopeni, Judetul Ilfov, 075100 Romania
> Tel: 021 303 3159 / 0732 669 193
> www.omnilogic.ro
>   
>
>
> Balazs Scheidler wrote:
>> On Tue, 2009-07-07 at 09:49 +0300, Cosmin Neagu wrote:
>>   
>>> Sorry for answering so late.
>>> You were right guys about the firewall, on the Fedora server iptables
>>> was on, and as soon as I turned it off, everything worked great. 
>>> Know i have to learn how to configure iptables, cause i don't want to
>>> leave it off.
>>> Anyone knows a good starting point for iptables?
>>>
>>>
>>>
>>> And another thing that bothers me...why the hell does the cpu stays
>>> most of the time at 100% because of the syslog-ng process?
>>>
>>> top - 09:42:37 up 55 min,  2 users,  load average: 1.10, 1.07, 0.98
>>> Tasks: 134 total,   3 running, 131 sleeping,   0 stopped,   0 zombie
>>> Cpu(s): 12.3%us, 39.0%sy,  0.0%ni, 48.6%id,  0.0%wa,  0.0%hi,  0.2%si,
>>> 0.0%st
>>> Mem:   2060488k total,   850036k used,  1210452k free,    77172k
>>> buffers
>>> Swap:  2931820k total,        0k used,  2931820k free,   460408k
>>> cached
>>>
>>>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+
>>> COMMAND                                                                                         
>>>  2527 root      20   0  3344 1268  848 R  100  0.1  32:13.86
>>> syslog-ng                                                                                       
>>>  3028 root      20   0  305m  34m  11m S    2  1.7   1:04.90
>>> Xorg                                                                                            
>>>    22 root      15  -5     0    0    0 S    0  0.0   0:00.12
>>> ata/1                                                                                           
>>>  3788 cosmin    20   0  221m 102m  26m S    0  5.1   1:12.27
>>> firefox     
>>>
>>> I have a dual core processor, and either CPU1 or CPU2 stays at 100%
>>> utilization...
>>>     
>>
>> This seems to be a bug, however I don't know anything similar in 2.0.
>>
>> Can you please post your configuration file which shows this symptom? Do
>> you get this right after you start syslog-ng? Is it always reproducible?
>> Can you list the exact version you are using and the way you got it
>> compiled? Is it a distribution package?
>>
>> So as you may see, we're happy to help you, but we need more
>> information.
>>
>>   
> ------------------------------------------------------------------------
>
> ______________________________________________________________________________
> Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
> FAQ: http://www.campin.net/syslog-ng/faq.html
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090708/2044f648/attachment-0001.htm 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: syslog-ng.conf
Url: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20090708/2044f648/attachment-0001.txt

More information about the syslog-ng mailing list