Today syslog-ng acted up as the most bitchy program of the day – which I won’t forget that soon. Due to a configuration issue the program ate 100% CPU power of one core. This was quite annoying as it happened without a trace in a logfile.
It all started at the syslog-ng.conf and the definition of the message sources, where you can catch the messages of the kernel and all that stuff. Normally (regarding RedHat example) things look that way:
source kernsrc { pipe(“/proc/kmsg”); };
And that’s exactly the problem as /proc/kmsg gets opened Read/Write that way, which is really nasty as already mentioned above. The correct way of doing that:
source kernsrc { file(“/proc/kmsg”); };
And once again: if it’s done correctly, it works…