SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002695: logsurfer produces high cpu load - MantisBT
MantisBT - Endian Firewall
View Issue Details
0002695Endian FirewallProxy HTTPpublic2010-02-18 08:462010-02-18 10:47
aender 
 
normalmajoralways
closedduplicate 
2.3 
 
0002695: logsurfer produces high cpu load
We have a 1,83ghz core 2 duo cpu and 2gb ram

If we enable http logging with transparent http proxy total http traffic will slow down and logsurfer produces a high cpu load with a average of 30 to 50 percent. If we enable "log user agents" and "query terms" the load increases to nearly 60 percent.

If we disable http logging it looks like http traffic is two times faster and maximum cpu load is at 10 percent.

This happens with only one client which generate http traffic. With more clients ( 5 or more) the cpu load goes to 70 percent..

Ist that normal for logsurfer ?
No tags attached.
duplicate of 0002567closed peter-endian High Resource usage CPU 
Issue History
2010-02-18 08:46aenderNew Issue
2010-02-18 10:45peter-endianRelationship addedduplicate of 0002567
2010-02-18 10:47peter-endianNote Added: 0003815
2010-02-18 10:47peter-endianStatusnew => closed
2010-02-18 10:47peter-endianResolutionopen => duplicate

Notes
(0003815)
peter-endian   
2010-02-18 10:47   
yes, unfortunately this is normal behaviour of logsurfer, since has to apply a bunch of cpu intensive regular expression on *each* log message.

we fixed this, by pre-filtering on syslog-ng and passing only relevant log messages to logsurfer. will be included in 2.3.1

in the meantime there is no quick workaround for this than disabling logsurfer by setting
EVENTLOG=off
in /var/efw/logging/settings
followed with a restartsyslog.py; restartlogsurfer.py