My Macbook Pro was periodically hammered by syslogd using 100% of one CPU core. To find out what syslogd was doing with all my CPU cycles, I used a cool front-end to dtrace called dtruss :
Identify PID of syslogd :
ps auxwww | grep -i syslogd | grep -v grep
Now wait for syslogd going crazy, and then look at it using dtruss :
sudo dtruss -p PID
I found it was looping over these system calls :
10 read_nocancel(0x6, "\002\0", 0x1000) = 1840 0
5 lseek(0x6, 0x550, 0x0) = 1360 0
11 write_nocancel(0x6, "\002\0", 0x50) = 80 0
5 lseek(0x6, 0x5A0, 0x0) = 1440 0
I then found out /var/log/system.log was huge. I moved it away and restarted syslogd :
sudo launchctl stop com.apple.syslogd
sudo mv /var/log/system.log /var/log/system.log.old
sudo launchctl start com.apple.syslogd
sudo gzip /var/log/system.log.old
Now everything is back to normal on my CPU front.
Comments 1
My syslogd was lseek’ing too, due to a 44GB system.log file. Followed these steps, and MBP is back to normal. Thanks
Posted 03 Feb 2009 at 0:04 ¶Post a Comment