I’ve been plagued with some strangeness since upgrading to Leopard. Out of nowhere, CPU load spikes to 100%+. I’ve done some searching, and it is caused by syslogd, but there are no obvious clues to what is going on.
<p>The first thing I tried was a sample of the syslogd process in Activity Monitor.</p>
<p><img src="http://smartic.us/assets/2007/11/8/syslog_sample.jpg" alt="" /></p>
<p>That pointed me to look in the /var/log directory for a large log file. Because something that was writing and reading that much had to be pretty big.</p>
<p><img src="http://smartic.us/assets/2007/11/8/huge_asl_db.jpg" alt="" /></p>
<p>I poked around /var/log/asl.db, and I could’t figure out the format, so I ran strings on it. That gave me 424841 lines of input, so I decided to look elsewhere for a potential faster fix.</p>
<p>The first thing I turned off was Time Machine. The only reason was that I just happened to have it open. Next I while a while waited a while for syslogd to spike. After 10 minutes, I came to the conclusion that Time Machine may have had something to do with the load spike. I moved the asl.db file to my home directory and killed syslogd (sudo killall -9 syslogd). The good news is that the file was recreated. Time Machine is no longer causing a problem, and I believe this is due to fact that the log file is so small. I’ll watch this over the next week or so to see if the problem creeps up again.</p>
<p>My goal today is to find a way to read the asl.db. I see some system functions that can do it programmatically, but no tool as of yet. Maybe investigating this some more will shed some light.</p>
<p>I hope this helps someone.</p>
