Bug 119287 - /etc/log.d/scripts/services/kernel uses excessive memory
/etc/log.d/scripts/services/kernel uses excessive memory
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-03-28 21:22 EST by Russell Coker
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-29 09:05:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Russell Coker 2004-03-28 21:22:00 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.2; Linux) (KHTML, like Gecko)

Description of problem:
When the /var/log/messages file is significantly larger than RAM (EG 400M log file and 256M of RAM) the /etc/log.d/scripts/services/kernel script takes enough memory to make the machine thrash (in this case 500M of RAM).  At 12:00 I noticed that the /etc/log.d/scripts/services/kernel script had been running since ~4AM and was showing no signs of completion.

Presumably if the messages file was 800M in size on a machine with 256M of RAM then the day's logs would take more than a day to process...

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
Have iptables rules that block all outbound connections, then have someone login to your machine and run a portscanner for 8 hours that attempts connections as fast as possible.

Then wait for the cron job to run and use all memory in the machine and a lot of swap.

Expected Results:  I expect that the cron job won't try and read a 400M log file into memory.

Additional info:
Comment 1 Ivana Varekova 2005-06-28 09:22:27 EDT
Hello, I try to reproduce your bug but I was not succesfull. My logwatch works
right. I test the last logwatch version (logwatch-6.1.2-1). 
Could you please test this logwatch version.

Ivana Varekova
Comment 2 Russell Coker 2005-06-28 11:01:58 EDT
# /etc/cron.daily/00-logwatch 
system /bin/cat /var/log/messages  2>/dev/null 
>/tmp/logwatch.9RJkbpug/sonicwall failed: 256 at /etc/cron.daily/00-logwatch 
line 707. 
# 
 
Above is an error I received while testing this with a data set that is larger 
than the file system for /tmp. 
Comment 3 Russell Coker 2005-06-28 13:00:44 EDT
I haven't been able to reproduce the original problem, it may have been fixed 
so I'll open a new bugzilla if I can reproduce it. 
 
For the moment please consider comment #2 as the only remaining on this 
bugzilla. 
Comment 4 Ivana Varekova 2005-06-29 09:05:55 EDT
I can't reproduce your problem in comment 2. So I close this bug.

Note You need to log in before you can comment on or make changes to this bug.