Hello, I'm currently implementing a new central log server with 5.4.0 on Debian Linux for our company and am running into severe stability problems. I hope this list is the right place to report and discuss these, if not, please point me to the right direction.
Our logserver receives logs via udp and tcp on several ports and handles them with different rulesets (this is why we upgraded to 5.4.0): %- /etc/rsyslog.conf $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 $IncludeConfig /etc/rsyslog.d/*.conf auth,authpriv.* /var/log/auth.log [... more file rules omitted] %- %- /etc/rsyslog.d/remote.conf $RuleSet udp514 local0.* -/var/log/cisco/local0.log [... more file rules omitted] $RuleSet tcp514 $RuleSet tcp10514 auth,authpriv.* /var/log/server/auth.log [... more file rules omitted] $RuleSet tcp20514 $ModLoad imudp $InputUDPServerBindRuleset udp514 $UDPServerRun 514 $ModLoad imtcp $InputTCPServerBindRuleset tcp514 $InputTCPServerRun 514 $InputTCPServerBindRuleset tcp10514 $INPUTTCPServerRun 10514 $InputTCPServerBindRuleset tcp20514 $INPUTTCPServerRun 20514 $RuleSet RSYSLOG_DefaultRuleset %- rsyslog is started with "/usr/sbin/rsyslogd -c5". The Problem: After several hours, one rsyslogd process starts running at 100% cpu and uses more and more memory, also it completely stops writing to the logfiles (hence no rsyslog error messages too). If I run strace -p <PID of 100% CPU rsyslogd> i get a constant stream of write(3, "Oct 8 09:40:42 loghost1-01 kerne"..., 266) = -1 EAGAIN (Resource temporarily unavailable) system calls. Can you give me any hints how to debug this further? Yours Karsten _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
