Chat now with support
Chat with Support

syslog-ng Store Box 7.3.0 - Administration Guide

Preface Introduction The concepts of SSB The Welcome Wizard and the first login Basic settings User management and access control Managing SSB Configuring message sources Storing messages on SSB Forwarding messages from SSB Log paths: routing and processing messages Configuring syslog-ng options Searching log messages Searching the internal messages of SSB Classifying messages with pattern databases The SSB RPC API Monitoring SSB Troubleshooting SSB Security checklist for configuring SSB Glossary

Monitoring SSB's CPU

This section describes monitoring syslog-ng Store Box(SSB)'s CPU.

NOTE: This document uses the concept of 'logical CPU' used by the Linux kernel. In this section, 'logical CPU' will be abbreviated as 'CPU'. To determine the number of CPUs in your SSB machine, enter the lscpu command in your console, or send an SNMP request.

Monitoring CPU load

SNMP object: HOST-RESOURCES-MIB::hrProcessorLoad

Community (v2c) /

Context (v3)

Data and system

CPU load shows the availability of a CPU. Its value is a rational number ranging from 0.0 or 0% to 1.0 or 100%. If the CPU load is 0.0 or 0%, then the measured CPU is idle. If the value is 1.0 or 100%, then the CPU is fully loaded.

If the load of one CPU is above 90% and other threads are significantly less loaded for a longer time period, fine-tune your configuration or purchase more syslog-ng Store Box(SSB) appliances. For assistance, contact our Support Team.

Monitoring CPU load averages

SNMP object: UCD-SNMP-MIB::laLoad

Community (v2c) /

Context (v3)

Data and system

CPU load averages (or system load averages) is the average load of syslog-ng Store Box(SSB)'s CPUs and the size of the task queue, during the past 1, 5, and 15 minutes, respectively.

If the load is constantly equal to or higher than the number of CPUs in your appliance, fine-tune your configuration or purchase more SSB appliances. For assistance, contact our Support Team.

If you query UCD-SNMP-MIB::laTable, the table of returned values will contain the returned values you would get when querying UCD-SNMP-MIB::laLoad, but in a more structured, easy-to-read format.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Related issues and issue indicators Load too high (see Monitoring SSB's CPU).

Solution:

  • Decrease load.
  • Purchase a new SSB appliance.

Monitoring CPU usage

User CPU time:
SNMP object: UCD-SNMP-MIB::ssCpuUser

Community (v2c) /

Context (v3)

Data and system

If processor is not in idle (for example, there is live log traffic or report generation), it is quite normal that the majority of the CPU time is spent on running user space processes.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Related issues and issue indicators If the returned value is too high, it indicates a highly loaded CPU on user space.

Solution:

  • Decrease load.

  • Purchase a new syslog-ng Store Box(SSB) appliance

  • Reconsider your configuration settings.
System CPU time:
SNMP object: UCD-SNMP-MIB::ssCpuSystem

Community (v2c) /

Context (v3)

Data and system

The amount of time spent in the kernel should be as low as possible. Ideally, around 0.5% of the time given to the different processes is spent in the kernel. This number can peak much higher, especially when there are a lot of I/O activities.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Related issues and issue indicators If the returned value is too high, it indicates high kernel-intensive operations running on the CPU.

Solution:

  • Decrease load.

  • Purchase a new SSB appliance

  • Reconsider your configuration settings.
Idle CPU time:
SNMP object: UCD-SNMP-MIB::ssCpuIdle

Community (v2c) /

Context (v3)

Data and system

The total of the user CPU time percentage and the idle CPU percentage should be close to 100%. If the CPU spends a lot more time in other states, it is worth investigating the root cause, because it can indicate issues.

For which systems and configurations is it applicable? Applicable for all configurations and systems.
Value change frequency Its value is continuously changing.
Monitoring the details of your CPU usage:

To fine-tune monitoring your CPU usage, you can use the following values. It is also possible to generate a chart from these values.

Raw CPU user time UCD-SNMP-MIB::ssCpuRawUser
Raw CPU nice time UCD-SNMP-MIB::ssCpuRawNice
Raw CPU system time UCD-SNMP-MIB::ssCpuRawSystem
Raw CPU idle time UCD-SNMP-MIB::ssCpuRawIdle
Raw CPU wait time UCD-SNMP-MIB::ssCpuRawWait
Raw CPU kernel time UCD-SNMP-MIB::ssCpuRawKernel
Raw CPU interrupt time UCD-SNMP-MIB::ssCpuRawInterrupt
Raw CPU Soft IRQ time UCD-SNMP-MIB::ssCpuRawSoftIRQ
Raw CPU steal time UCD-SNMP-MIB::ssCpuRawSteal
Raw CPU guest time UCD-SNMP-MIB::ssCpuRawGuest
Raw CPU guest nice time UCD-SNMP-MIB::ssCpuRawGuestNice

Community (v2c) /

Context (v3)

Data and system for all of the above
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating