syslog consuming 100% cpu - SOLVED!

Finally figured out. Can't explain how it happened, but I know what happened.

A couple of months ago, I dropped my MacBook and the hard drive froze. I was able to replace it with no issue. I went to install Leopard, but the DVD couldn't be read. So, I reinstalled Tiger and opened a support case...bottom line, when I dropped the laptop, the DVD can't read double density DVDs anymore.

Why is this significant? It's not, but part of the story.

When I took my laptop in because I couldn't get Leopard installed, the store installed via an external drive. The result from this upgrade was that the /etc/periodic/daily/500.daily was renamed /etc/periodic/daily/500.daily.applesaved and the original file was replaced with a new version.

When the periodic daily job was run, both files ran. The problem is that the 500.daily.applesaved file is for some reason not compatible. The line in the backed up file that was causing the problem was:

syslog -p -k Time lt -7d -o -k Time lt -3d -k Level ge 4 -o -k Time lt -1d -k Level ge 6

Don't know why it caused the problem, but it did. The full content of the file that was backed up follows. Once I removed the .applesaved file, it worked like a champ.

#!/bin/sh -
#
# @(#)daily 8.2 (Berkeley) 1/25/94
#
PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin
host=`hostname -s`
bak=/var/backups

echo "step 1"
echo "Removing scratch and junk files:"

if [ -d /var/rwho ] ; then
cd /var/rwho && {
find . ! -name . -mtime +7 -exec rm -f -- {} \; ; }
fi

# Clean up junk files.
#find / \( ! -fstype local -o -fstype rdonly \) -a -prune -o \
# \( -name '[#,]*' -o -name '.#*' -o -name a.out -o -name '*.core' \
# -o -name '*.CKP' -o -name '.emacs_[0-9]*' \) \
# -a -atime +3 -exec rm -f -- {} \;

# Clean up NFS turds. May be useful on NFS servers.
#if [ "${host}" != "localhost" ]; then
# find / -name .nfs\* -mtime +7 -exec rm -f -- {} \; -o -fstype nfs -prune
#fi

if [ -d /tmp ]; then
cd /tmp && {
find . -fstype local -type f -atime +3 -ctime +3 -exec rm -f -- {} \;
find -d . -fstype local ! -name . -type d -mtime +1 -exec rmdir -- {} \; \
>/dev/null 2>&1; }
fi

if [ -d /var/spool/fax ]; then
echo "step 2"
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi


# remove system messages older than 21 days
msgs -c

if [ -f /var/account/acct ] ; then
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
echo "step 3"
echo "Gathering accounting statistics:"
cd /var/account
if [ -f "acct.2${gzext}" ] ; then mv -f "acct.2${gzext}" "acct.3${gzext}" ; fi
if [ -f "acct.1${gzext}" ] ; then mv -f "acct.1${gzext}" "acct.2${gzext}" ; fi
if [ -f "acct.0${gzext}" ] ; then mv -f "acct.0${gzext}" "acct.1${gzext}" ; fi
cp -pf acct acct.0
if [ -x /usr/bin/gzip ]; then gzip -9 acct.0; fi
sa -s > /dev/null
fi

#if [ -d /var/db/netinfo ]; then
# echo ""
# echo "Backing up NetInfo data"
# cd /var/db/netinfo
# for domain in *.nidb; do
# domain=$(basename $domain .nidb)
# server=`nicl -t localhost/$domain -statistics | grep tag | awk '{print $3}'`
# if [ $server = master ] ; then nidump -r / -t localhost/$domain > $bak/$domain.nidump; fi
# done
#fi

echo "step 4"
echo "Checking subsystem status:"

echo ""
echo "disks:"
df -k -l
echo ""
dump W

if [ -d /var/spool/mqueue ]; then
echo "step 5"
echo "mail:"
mailq
fi

echo "step 6"
echo "network:"
netstat -i

echo "step 7"
if [ -d /var/rwho ] ; then
ruptime
fi

echo "step 8"
printf %s "Rotating log files:"
cd /var/log
for i in system.log; do
if [ -f "${i}" ]; then
printf %s " ${i}"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.6${gzext}" ]; then mv -f "${i}.6${gzext}" "${i}.7${gzext}"; fi
if [ -f "${i}.5${gzext}" ]; then mv -f "${i}.5${gzext}" "${i}.6${gzext}"; fi
if [ -f "${i}.4${gzext}" ]; then mv -f "${i}.4${gzext}" "${i}.5${gzext}"; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then
touch "${i}.$$" && chmod 640 "${i}.$$" && chown root:admin "${i}.$$"
mv -f "${i}" "${i}.0" && mv "${i}.$$" "${i}" && if [ -x /usr/bin/gzip ]; then
gzip -9 "${i}.0"; fi
fi
fi
done
if [ -f /var/run/syslog.pid ]; then kill -HUP $(cat /var/run/syslog.pid | head -1); fi
echo "done rotating"

# Prune the main syslog output file (/var/log/asl.log)
# Delete all messages after 7 days (-k Time lt -7d)
# Delete Warning (Level 4) and above after 3 days (-k Time lt -3d -k Level ge 4)
# Delete Info (Level 6) and above after 1 day (-k Time lt -1d -k Level ge 6)
echo "step 9"

syslog -p -k Time lt -7d -o -k Time lt -3d -k Level ge 4 -o -k Time lt -1d -k Level ge 6

echo "step 10"
if [ -f /etc/daily.local ]; then
echo "step 11"
echo "Running daily.local:"
sh /etc/daily.local
fi

if [ -f /etc/security ]; then
echo "step 12"
echo "Running security:"
sh /etc/security 2>&1 | sendmail root
fi

ok...just kidding...no idea what's up with the syslog process

Just an update, I have no idea what's causing the syslog process to hog all the cpu. It appears to be related to the periodic daily task, but not sure which one..

syslog consuming 100% cpu part deux

So, from the previous post, I thought I may have been on to something with 100GB daily.out file. As it turns out, I wasn't. But, I kept digging today. And I found something interesting in system.log file

Mar 26 03:30:41 Legolas [0x0-0x219219].com.apple.dock[4729]: 2009-03-26 03:30:41.448 DashboardClient[5247:10b] (com.iSlayer.iStatpro4.widget) file:///Users/kevin/Library/Widgets/iStat%20pro.wdgt/scripts/core.js: TypeError: Result of expression 'this.isSectionEnabled' [undefined] is not a function. (line: 528)

Could it be this simple, the iStat widget was throwing an exception which caused the churn in the syslog process? It looked like this exception was being thrown every 3 minutes, non stop. Every three minutes doesn't seem like enough activity to cause the problem...but, I uninstalled it and going on 12+ hours without cpu saturation

It started with syslog consuming all my cpu

A rather strange phenomenon has been occurring on my Mac over the last several weeks. Don't know what started nor do I know if it's over, but I want to tell you the tale of the 110GB daily.out file and the syslog process that kept (maybe keeps) consuming all my CPU.

At least once a day, the syslog process starts consuming 100% of the CPU on my Mac Book and does not stop without force quitting. Searching through Google, I learned that many others have the same problem, but no consistent explanation. So, I resigned to force quitting the process whenever it would misbehave...until tonight.

I start up Openoffice.org to create a spreadsheet to for a household budget when I receive a nice message saying that my root disk is almost full. Opening the disk utility showed that I only had 600MB of free space left. I did the natural thing, I emptied my trash bin. That only gave me back 10MB, so I'm at 610MB.

I did some googling on how to run the disk utility or look at other 3rd party utilities that could help determine any unwanted, and large files were lurking on my drive. I went back into the disk utility again when all of a sudden it was reporting 0 bytes of space left!

Yikes!

I went and looked in the /var/log directory, as this is where many (if not all) log files are written. I did your friendly "ls -help" command and to my astonishment, the daily.out file was 110GB in size!

Stunned silence.

After the shock wore off, the awe kicked in and I went to see what in the heck was going on. As it turned out, on 2 days, Jan 24 and Feb 6, I started receiving an inordinate number of "kernel[0] " messages in the log. No other description provided. Google didn't help much either other than providing that the only similar errors actually related to disk i/o errors and the kernel.

Now I tried googling "how do i control the size of the daily.out log file mac os x" which lead me to maxosxhints.com. Here, I found a script that will rotate out the daily (and weekly and monthly) log files once they become larger than 50kb. Chalking up the kernel errors to some anomaly that has since gone away (at least I hope so), I went ahead and set up the script listed in the comments section of the post on the page and then executed, thus purging the 110GB daily.out file.

I now have 120GB freespace according to disk utility. The math doesn't seem quite right, but at least I took care of the drive space issue.

Now, if the cpu hogging syslog process has/had anything to do with the large file (or vice versa), I don't know. Only time will tell and I don't have an answer for any of you out there that google "syslog consuming 100% cpu" and end up on this page, but this was a journey that I had to share.

Praise to Time Capsule

Last week, I dropped my MacBook in our living room. The net result? A failed hard drive. After a quick trip to Best Buy, I picked up a new drive and later that night had it plugged in.

I suspect why you would find that so amazing...well, it's not. The amazing part is my Super Drive worked with the original Tiger install disks but not Leopard. What the? Dropped in a The Matrix, and it worked. Now I'm really perplexed. I've heard so many good things about Apple support, so I give them a call. After a few troubleshooting steps, still could not resolve the issue and they created an appointment for me at my local Apple store, for the same day none-the-less!

I promptly arrive for my 5:45pm appointment and after some additional troubleshooting, the customer service rep declared something was wrong with my Super Drive. He gave me 2 options for getting it fixed, and needless to say both were the 1/4 the original price of the laptop. A third option he offered was to not fix it and pick up an external drive (this is what I'll do, seeing how that will only set me back about $125). The tech then offered to install Leopard for me from an external drive, which I did.

Thirty minutes later, I walked out with Leopard installed. But, what's so cool, while it was installing, we were chatting and came up with the hypothesis that the issue with my Super Drive was that it could no longer read dual layer DVDs. After all, I was able to install Tiger (single layer DVD) and not Leopard (dual layer DVD). Either way, I was very satisfied.

Now for the cool part. Thanks to my Time Capsule and Time Machine, I only lost 3 days of work, which I really didn't loose as I hadn't done any work in the three days.

So, kudos to Time Capsule + Time Machine, there is another satisfied Apple customer in me.

Safari 3: “cannot decode raw data” (NSURLErrorDomain:-1015)

Out of the blue, when I launched Safari 3 on my MacBook, I started receiving the error: The error was: “cannot decode raw data” (NSURLErrorDomain:-1015) when trying to access My Yahoo!

To fix, I went to Safari -> Reset Safari and all is happy now

iTunes + iPhone + Leopard Upgrade = broken :(

This weekend, I received Leopard as a gift for being the best man in a wedding. I installed it tonight without a hitch, or at least that's what I thought.

I must say, the upgrade was easy and much to my chagrin only required 5GB of drive space...ha, put that in your pipe and smoke it Vista. Anyway, I went to plug in my iPhone after upgrading and to my disapointment, iTunes did not launch and I couldn't sync my calendar, contacts, or iTunes library.

As I was in to my 3rd try at a fix, finally came across the answer...it was to reinstall iTunes. While as painless as the upgrade was, the fact that I had to reinstall iTunes was too reminescent of Windows. Bleh, I need to go wash my mouth out with some Listorine to get rid of this aweful taste.

Network Printing and Canon PIXMA MX310

Purchased the Canon PIXMA MX310 all-in-one office printer tonight and the heat was on to get it to work for the MacBook over a wireless network. I have the DLINK DPR-1260 wireless router/booster/print server which does not have any support for Mac OS X. Therefore, turned to the CUPS drivers in the Gutenprint project. As it turns out, Gutenprint does not have the exact driver for the PIXMA MX310, but you can use the MP-150 driver.

To get everything working, I did the following:

1. Downloaded and installed the drivers
2. Went to Print & Fax setup and added a new printer
   
3. Selected HP Jet Direct - Socket for the Protocol
4. Entered the address: 192.168.x.xx:9100 (9100 is the port assigned by the DLINK print server)
5. Entered the queue name assigned by the DLINK print server
6. Selected Canon PIXMA MP150 - CUPS+Gutenprint v5.0.2 in the Print Using box
   

Viola, I'm printing like a champ over the network from both our MacBook and PC system. Copying works great, faxing works great, but still have to figure out to get the scanner to work.

Experimental site navigation added to blog

Recently, I have become enamored with the concept of a "command line" interface. While, I wish I could take credit for the concept, I was quick to realize that before the OS UI, there were punch cards...the punch cards were good...but, quickly replaced by a terminal with a command line for telling computers what to do.

Anyway, I digress. With Mac OS X, the Spotlight application is my most favorite as it provides a command line interface for launching any application or searching for any document on my Mac. Furthermore, I found Enso from Humanized that provides similar functionality to my PC.

So, thinking about it some, what bothers me the most about web sites is the fact that you have to use a mouse to navigate them effectively. So, I figured bring the command line to the web site. The "kui navigation" is a beta navigation tool for websites (v. 0.000001...you get the point, it's very new and not tested at all) leveraging the DOM and Yahoo! AutoComplete GUI library. The result, is a command line that allows you to start typing the text of a hyperlink on the page and it will shortlist the matches based on the DOM which you can select to jump to the next page.

Get it? Give it a try, it's in the right navigation pane. Remember, no comments from the peanut gallery unless they are positive. I made no attempt to test outside of Firefox nor did I worry about duplicate links.

Unable to Connect to Windows XP Network Share from Mac OS X

Over the Christmas Holiday, I finally decided to take on the challenge on why I could not connect to a share on my Windows XP computer from my MacBook.

When I would try to go to Network -> Gandalf (my Windows XP machine name) and connect, I would receive an invalid alias error and ask if I wanted to fix or delete it. Trying to fix it lead to a dialog box to select a file...not knowing what to select, I canceled out of it. When I tried to delete the alias, I would receive an insufficient permissions alert to delete the alias.

To make sure I could access my Windows machine, I tried telnet and had no problem connecting. Therefore, I validated the credentials I was using were correct. After several hours of searching the web, I finally found the solution. The problem was with the Windows share. By default, Windows Professional uses a "simple mode" for granting permissions to the share. Don't confuse the share permissions with the directory permissions. Despite granting users ability change files in the share, I still couldn't access it.

The solution was to open Windows Explorer and go to Tools -> Folder Options -> View -> Advance Settings -> Uncheck "Use Simple file sharing (Recommended)". Then, after this, go back to your share and right click and select Sharing and Security -> Sharing -> Permissions and make sure the user account you are trying to access the share with is included in the Share Permissions List.

As it turns out, with Simple File Share Mode, Windows XP only grants the Guest user account access to the share which I disabled. By granting my specific user credentials to the share, viola, problem solved.