Request trial
Request Trial

NXLog using 35-45% CPU on vCenter server

Tags: cpu
#1 cperrone

We installed version 2.10.2150 and are using the standard out of box config file to sent syslogs to clone. Anything we can do to reduce CPU consumption? Here is our config file but I have removed IP for our clone server:

Panic Soft #NoFreeOnExit TRUE

define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE%

Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data

<Extension _syslog> Module xm_syslog </Extension>

Windows Event Log

<Input eventlog> Module im_msvistalog </Input>

<Output tcp> Module om_tcp Host xx.xx.xx.xx Port 514 Exec to_syslog_snare(); </Output>

<Route eventlog_to_tcp> Path eventlog => tcp </Route>

<Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension>

<Extension _exec> Module xm_exec </Extension>

<Extension _fileop> Module xm_fileop

# Check the size of our log file hourly, rotate if larger than 5MB
&lt;Schedule&gt;
    Every   1 hour
    Exec    if (file_exists('%LOGFILE%') and \
               (file_size('%LOGFILE%') &gt;= 5M)) \
                file_cycle('%LOGFILE%', 8);
&lt;/Schedule&gt;

# Rotate our log file every week on Sunday at midnight
&lt;Schedule&gt;
    When    @weekly
    Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
&lt;/Schedule&gt;

</Extension>

Permalink
#2 Zhengshi Nxlog ✓
#1 cperrone
We installed version 2.10.2150 and are using the standard out of box config file to sent syslogs to clone. Anything we can do to reduce CPU consumption? Here is our config file but I have removed IP for our clone server: Panic Soft #NoFreeOnExit TRUE define ROOT C:\Program Files (x86)\nxlog define CERTDIR %ROOT%\cert define CONFDIR %ROOT%\conf define LOGDIR %ROOT%\data define LOGFILE %LOGDIR%\nxlog.log LogFile %LOGFILE% Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data <Extension _syslog> Module xm_syslog </Extension> Windows Event Log <Input eventlog> Module im_msvistalog </Input> <Output tcp> Module om_tcp Host xx.xx.xx.xx Port 514 Exec to_syslog_snare(); </Output> <Route eventlog_to_tcp> Path eventlog => tcp </Route> <Extension _charconv> Module xm_charconv AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32 </Extension> <Extension _exec> Module xm_exec </Extension> <Extension _fileop> Module xm_fileop # Check the size of our log file hourly, rotate if larger than 5MB &lt;Schedule&gt; Every 1 hour Exec if (file_exists('%LOGFILE%') and \ (file_size('%LOGFILE%') &gt;= 5M)) \ file_cycle('%LOGFILE%', 8); &lt;/Schedule&gt; # Rotate our log file every week on Sunday at midnight &lt;Schedule&gt; When @weekly Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8); &lt;/Schedule&gt; </Extension>

I was not able to reproduce this. I tried on a VirtualBox vm running Windows 2016 Std with same config, though I swapped om_tcp for om_null.
I am seeing 1.3%-1.8% on my test box.

I would trim the config to see where you are seeing this issue, i.e. which module. Feel free to use im_null and om_null.

Your im_msvistalog is unfiltered, there may be a lot of events rolling through as well.
Login to see more

Subscribe to our newsletter to get the latest updates, news, and products releases.

© Copyright 2024 NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS