I’ve been plagued with some strangeness since upgrading to Leopard. Out of nowhere, CPU load spikes to 100%+. I’ve done some searching, and it is caused by syslogd, but there are no obvious clues to what is going on.
The first thing I tried was a sample of the syslogd process in Activity Monitor.
That pointed me to look in the /var/log directory for a large log file. Because something that was writing and reading that much had to be pretty big.
I poked around /var/log/asl.db, and I could’t figure out the format, so I ran strings on it. That gave me 424841 lines of input, so I decided to look elsewhere for a potential faster fix.
The first thing I turned off was Time Machine. The only reason was that I just happened to have it open. Next I while a while waited a while for syslogd to spike. After 10 minutes, I came to the conclusion that Time Machine may have had something to do with the load spike. I moved the asl.db file to my home directory and killed syslogd (sudo killall -9 syslogd). The good news is that the file was recreated. Time Machine is no longer causing a problem, and I believe this is due to fact that the log file is so small. I’ll watch this over the next week or so to see if the problem creeps up again.
My goal today is to find a way to read the asl.db. I see some system functions that can do it programmatically, but no tool as of yet. Maybe investigating this some more will shed some light.
I hope this helps someone.