Hi,
We are using nxlog-ce-2.5.1089 on Debian squeeze and we have found a memory
leak with the add_to_route fonction. The memory grows inexplicably.
For information, we receive about 350.000 msg/hour.
Otherwise It seems that the null output take more CPU usage that the
om_tcp...
Some lines in the configuration files below are commented for debugging.
Best Regards,
François
-----------------------------------------nxlog.conf-----------------------------------
#-------------------Global
directives-----------------------------------------------------
User xxxx
Group xxxx
LogFile /var/log/nxlog/nxlog.log
LogLevel INFO
#-------------------Modules-----------------------------------------------------
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension exec>
Module xm_exec
</Extension>
<Extension fileop>
Module xm_fileop
</Extension>
#-------------------Inputs-----------------------------------------------------
<Input UDP514>
Module im_udp
Host 0.0.0.0
Port 514
Exec parse_syslog_bsd();
</Input>
#Fake input for rerouting
<Input NULL_UDP515>
Module im_udp
Host 0.0.0.0
Port 515
Exec parse_syslog_bsd();
</Input>
#-------------------Processor-----------------------------------------------------
<Processor BUFFER_FW_TRAFFIC_NS>
Module pm_buffer
MaxSize 4096
WarnLimit 2048
Type Mem
<Schedule>
Every 5 sec
Exec if buffer_size() > 0 log_info("BUFFER_FW_TRAFFIC_NS_Size: " +
buffer_size() + " ");
</Schedule>
Execif buffer_size() >= 4000000 drop();
</Processor>
<Processor BUFFER_FW_TRAFFIC_JUNOS>
Module pm_buffer
MaxSize 4096
WarnLimit 2048
Type Mem
<Schedule>
Every 5 sec
Exec if buffer_size() > 0 log_info("BUFFER_FW_TRAFFIC_JUNOS_Size: " +
buffer_size() + " ");
</Schedule>
Exec if buffer_size() >= 4000000 drop();
</Processor>
<Processor PATTERN_FW_TRAFFIC_ALL>
Module pm_pattern
PatternFile /etc/nxlog/PATTERN_FW_TRAFFIC.xml
</Processor>
#-------------------Outputs-----------------------------------------------------
<Output NS_MSG_TO_LOGSTASH>
Module om_tcp
Host localhost
Port 5140
</Output>
<Output JUNOS_MSG_TO_LOGSTASH>
Module om_tcp
Host localhost
Port 5141
</Output>
<Output NULL>
Module om_null
</Output>
#-------------------Routes-----------------------------------------------------
<Route BASE_ROUTE>
Path UDP514 => PATTERN_FW_TRAFFIC_ALL => NULL
</Route>
<Route netscreen>
#Path NULL_UDP515 => BUFFER_FW_TRAFFIC_NS => NS_MSG_TO_LOGSTASH
Path NULL_UDP515 => BUFFER_FW_TRAFFIC_NS => NULL
</Route>
<Route junos>
#Path NULL_UDP515 => BUFFER_FW_TRAFFIC_JUNOS => JUNOS_MSG_TO_LOGSTASH
Path NULL_UDP515 => BUFFER_FW_TRAFFIC_JUNOS => NULL
</Route>
<Route NULL_ROUTE>
Path NULL_UDP515 => NULL
</Route>
-----------------------------------------PATTERN_FW_TRAFFIC.xml-----------------------------------
<?xml version='1.0' encoding='UTF-8'?>
<patterndb>
<created>2013-01-01 01:02:03</created>
<version>696</version>
<!--
-->
<group>
<name>Test_log_re-routing</name>
<id>10</id>
<pattern>
<id>101</id>
<name>NS_TRAFFIC</name>
<matchfield>
<name>Message</name>
<type>regexp</type>
<value>.*system-notification-00257\(traffic\)*.</value>
</matchfield>
<exec>add_to_route("netscreen");</exec>
<!-- <exec>add_to_route("NULL_ROUTE");</exec>-->
<exec>drop();</exec>
</pattern>
<pattern>
<id>102</id>
<name>JUNOS_RT_FLOW</name>
<matchfield>
<name>Message</name>
<type>regexp</type>
<value>.*RT_FLOW_*.</value>
</matchfield>
<exec>add_to_route("junos");</exec>
<!-- <exec>add_to_route("NULL_ROUTE");</exec>-->
<exec>drop();</exec>
</pattern>
</group>
</patterndb>
------------------------------------------------------------------------------
Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
Discover the easy way to master current and previous Microsoft technologies
and advance your career. Get an incredible 1,500+ hours of step-by-step
tutorial videos with LearnDevNow. Subscribe today and save!
http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk
_______________________________________________
nxlog-ce-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nxlog-ce-users
