Sabayon: syslog-ng 3.6.1 causes high CPU load

This article is from 2014 and has been archived. It's old and probably outdated.

After the last weekly update of my Sabayon Notebook I encountered a high CPU load of one core caused by syslog-ng. The process was literally flooding /var/log/messages and within a couple of minutes tens of Megabyte accumulated. logrotate did not help. The messages were months old, it appeared as syslog-ng would be processing old logs from somewhere else.

I knew that journald was active too, complementing syslog-ng I thought. Some ddg searches later I stumbled over a Gentoo bug report confirming my issue.

Instead of masking syslog-ng-3.6.1 I headed to #sabayon and asked around. Someone explicitly mentioned that syslog-ng is likely pulling logs from journald.

I ended up editing /etc/syslog-ng/syslog-ng.conf and replacing the default source src:

source src { system(); internal(); };

with:

source src { unix-dgram("/run/systemd/journal/syslog"); internal(); };

So the issue was somehow caused by system() which was even mentioned as a possible solution in the bug report.

Afterwards I ran sudo systemctl restart syslog-ng and the CPU load is since back to normal.

Jan Beilicke

About the author

Jan Beilicke is a long-time IT professional and full-time nerd. Open source enthusiast, advocating security and privacy. Sees the cloud as other people's computers. Find him on Mastodon.