Has anyone any ideas? The syslog-ng is the usually the first line
reported by top:
4097 root 20 0 3120 1060 708 R 48.3 0.1 677:46.38 syslog-ng
The files in /var/log seem to be growing at an expected slow pace and
aren't reporting anything unexpected. I followed a 'howto' and have
sshguard running. This (comments stripped) is what I have in
/etc/syslog-ng/syslog-ng.conf
options {
chain_hostnames(off);
sync(0);
stats(43200);
};
source src {
unix-stream("/dev/log" max-connections(256));
internal();
file("/proc/kmsg");
};
destination messages { file("/var/log/messages"); };
destination console_all { file("/dev/tty12"); };
log { source(src); destination(messages); };
log { source(src); destination(console_all); };
destination authlog { file("/var/log/auth.log"); };
destination authlog { file("/var/log/auth.log"); };
filter f_authpriv { facility(auth, authpriv); };
log { source(src); filter(f_authpriv); destination(authlog); };
filter sshlogs { facility(auth, authpriv) and match("sshd"); };
destination sshguardproc {
program("/usr/local/sbin/sshguard"
template("$DATE $FULLHOST $MESSAGE\n"));
};
log { source(src); filter(sshlogs); destination(sshguardproc); };