syslog-ng trap

Today syslog-ng acted up as the most bitchy program of the day – which I won’t forget that soon. Due to a configuration issue the program ate 100% CPU power of one core. This was quite annoying as it happened without a trace in a logfile.

It all started at the syslog-ng.conf and the definition of the message sources, where you can catch the messages of the kernel and all that stuff. Normally (regarding RedHat example) things look that way:

source kernsrc { pipe(“/proc/kmsg”); };

And that’s exactly the problem as /proc/kmsg gets opened Read/Write that way, which is really nasty as already mentioned above. The correct way of doing that:

source kernsrc { file(“/proc/kmsg”); };

And once again: if it’s done correctly, it works…


Leave a Reply

Your email address will not be published. Required fields are marked *