Gentoo Archives: gentoo-user

From: Steve <gentoo_sjh@×××××××.uk>
To: gentoo-user@l.g.o
Subject: [gentoo-user] Syslog-ng using a spectacular amount of CPU time... (I'm using sshguard)
Date: Mon, 23 Mar 2009 15:38:26
Message-Id: 49C7ACEB.9050307@shic.co.uk
Has anyone any ideas?  The syslog-ng is the usually the first line 
reported by top:

 4097 root      20   0  3120 1060  708 R 48.3  0.1 677:46.38 syslog-ng

The files in /var/log seem to be growing at an expected slow pace and 
aren't reporting anything unexpected.  I followed a 'howto' and have 
sshguard running.  This (comments stripped) is what I have in 
/etc/syslog-ng/syslog-ng.conf
> options { > chain_hostnames(off); > sync(0); > stats(43200); > }; > > source src { > unix-stream("/dev/log" max-connections(256)); > internal(); > file("/proc/kmsg"); > }; > > destination messages { file("/var/log/messages"); }; > destination console_all { file("/dev/tty12"); }; > log { source(src); destination(messages); }; > log { source(src); destination(console_all); }; > destination authlog { file("/var/log/auth.log"); }; > destination authlog { file("/var/log/auth.log"); }; > filter f_authpriv { facility(auth, authpriv); }; > log { source(src); filter(f_authpriv); destination(authlog); }; > filter sshlogs { facility(auth, authpriv) and match("sshd"); }; > destination sshguardproc { > program("/usr/local/sbin/sshguard" > template("$DATE $FULLHOST $MESSAGE\n")); > }; > log { source(src); filter(sshlogs); destination(sshguardproc); };

Replies