On Thu, 3 Mar 2011 15:48:03 +0000 (GMT) MJ Ray mjr@phonecoop.coop allegedly wrote:
mick wrote:
[...]
The only process I can see which may be responsible is a kernel process called events/1 which is chewing silly amounts of cpu - see top display below.
<snip>
If I were you, I'd be checking all logs, trying to turn up kernel logging verbosity and maybe reading the fine source to see what appears in ps as events/1.
Good luck and please let ALUG know the answer to your riddle when you find it!
OK, some more info. But I'm still stuck.
The problem seems to be caused by logging my iptables drops. My iptables file contains the following two lines (which I use on all my VPSs without problem)
# now log and (policy) drop start of all other incoming TCP packets -A INPUT -p tcp -m state --state NEW -j LOG --log-level emerg --log-prefix "firewall "
# and log (policy) drop of all UDP packets -A INPUT -p udp -m state --state NEW -j LOG --log-level emerg --log-prefix "firewall " #
and my /etc/rsyslog.d/50-default.conf (the equivalent of the old syslog.conf file) contains the following:
-------- # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log # *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.!=emerg -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log ----------
(note the exception for emerg)
and ---------- # # Emergencies are sent to everybody logged in. # # *.emerg * ----------- (commenting this out should stop emerg messages going to ttys and the console)
and
----------- # log iptables connections to separate file # kern.=emerg -/var/log/firewall # # end ------------
(so my iptables logs should, and do, go to /var/log/firewall)
But, the (very noisy) logging also goes to the console, when it shouldn't.
I'm not sure why this should cause so much difficulty, but it is clearly the cause of the high cpu usage by the kenel "events" process because if I stop logging the drops the problem goes away. And I don't understand why the logging is being echoed to the console when this doesn't happen on any of my other VPSs (this config is common to all).
I'm still investigating, but if anyone has any bright ideas I'd be grateful to hear 'em.
Mick
---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------