classicalguitar.net
  
Home
Blog
Software
Original Tales
Resume
My Car
Links
Mail
Public Key
More Syslogd
FAQ
Supported Apps
Developer Info
History
Why does Syslogd require so much memory relative to the amount of disk space it uses?
Can I decrease Syslogd's memory size?
How does Syslogd impact my system responsiveness (speed)?
How are messages formatted?
Why can't I edit the log files?
What's the point of having a daemon?
Where are the log files?
Does Syslogd support syslog messages from network devices?
Why does Syslogd stop listening for network messages after my machine has woken from sleep?
What does "daemon" mean?
Q:Why does Syslogd require so much memory relative to the amount of disk space it uses?
A:Actually it doesn't. The actual application code takes between 300-400 KB of RAM (including data). There are two reasons why the recommended size is 800K:
1. Syslogd uses the Thread Manager, and for technical reasons, any app that uses the Thread Manager has to have a minimum size of 384KB.
2. The memory not used by code and data is used for the multiple dynamic queues that Syslogd uses to process messages from applications, the network and ASIP.

Q:Can I decrease Syslogd's memory size?
Yes, you can decrease the memory size down to the minimum required of 700K (using ResEdit). Any lower than that, and you may experience weird crashes (see previous Q&A). Note, if you are using the network or ASIP or both features, it is HIGHLY recommended that you do not lower the memory size. If memory allocation fails you will see the following message in your log(s)
Low Mem msg: "Memory allocation failed! Releasing nK of reserved memory. If allocation fails again, Syslogd will terminate." Where n is the amount of memory that was reserved at startup. (Usually 32KB.)

The default recommended size of 850K should be enough for almost all situations.

Q:How does Syslogd impact my system responsiveness (speed)?
A:Syslogd is written to impact system response time as little as possible, while still maintaining the integrity of the log files it manages. Since the log files can be very important when a system crash occurs, Syslogd makes sure that the information it has written to the logs won't be lost in the event of a system crash. As such, it sacrifices some response time for safety.

Here's how it works:
A message is received from an application, the network, or ASIP. As long as there is no error, the message is placed in the global dynamic FIFO queue. (Dynamic means that the number of queue elements is only limited by available memory.) The message processing thread pops as many messages off of the queue as can fit into the write buffer. If the priority of a message requires a write to a different file, then no more messages are retrieved. The messages in the write buffer are then formatted and written out to disk. Writes are done asynchronously, and while the thread is waiting for the request to complete it blocks, giving time to other threads and apps. After the write is done, the thread does some cleanup, and then yields time to other threads and apps. Every 100 messages, the volume is flushed asynchronously to insure that the messages are committed to disk.

When consecutive null events are received (and there are no pending messages), Syslogd increases it's sleep time by 1 tick for every null event, up to a maximum of 30 ticks (1/2 second). When a message event is received, the sleep time is reset to the default of 2 ticks.

Q:How are messages formatted?
A:The messages are formatted exactly the same as on UNIX machines. An example:

M    D TIME     HOST   APP     PID    MSG
Apr  6 12:29:14 Wizard Syslogd[8216]: Syslogd started.

Q:Why can't I edit the log files?
A:Syslogd needs exclusive write access to it's log files, that is why the logs are of type 'ttro' (Teach Text Read Only). Most text editors respect that file type, and will not write to it. But if you ever see the message, "Could not obtain write access. File 'file name' already open." in any of the log files, then you are using a text editor which does not respect the 'ttro' type.

If you really need to edit the file, then quit Syslogd, make your changes, and then restart Syslogd.

Q:What's the point of having a daemon? Why not just provide a library that apps can call that simply appends the syslog info to the syslog log? I suppose one reason is that the daemon can run on another machine. So one machine can log several. What else?
A:Actually, that was one of the last reasons on my list. The main reasons are:

  1. A library would require each app to open it's file and then write to it. What happens if two apps try to open the same file at once? The daemon in this case is the file arbitrator, it is the only program allowed write access to the files.
  2. The library would have to be a lot bigger if it was to support the features of the daemon (different log files for different priorities, threaded support for system responsiveness, etc).
  3. Queuing is impossible, how do you maintain a global library queue between static libraries? (With shared libs this would be possible, but possibly dangerous with multiple applications sharing the same data.)
  4. With shared libs, version management becomes an issue. What happens if I want to add significant new features? Most apps that use an older version of the lib would break. With the message/daemon model, I can add all the features I want to the program without worrying about this, because the message constructs are simple and very unlikely to change significantly no matter what I add/change in the daemon.
There are also other reasons that I can't think of right now, but you get the idea.

Q:"and writes them out to system wide log files."
Where is this log file??? You don't explain how to actually use this software, only how to install it.
A:Sorry. Syslogd makes a folder in the System folder called "Logs" (no quotes), the log files are stored in that folder.

Q:Does Syslogd support syslog messages from network devices?
A:Yes. Syslogd 2.x supports sending and receiving messages over an IP network.

Q:Why does Syslogd stop listening for network messages after my machine has woken from sleep?
A:The problem with the connection being lost on sleep is known, only it is not really a problem. When the machine is put to sleep, all processes are suspended and the machine is put into low power mode, also, all network connections are severed. For instance if I forget to stop Remote Access on my PowerBook, and shut the lid, the next time I wake the computer, the RA link is gone.

This is not the fault of Syslogd, the System Software controls this.

The best thing to do is set your machine to not go to sleep. I would recommend turning off sleep for the machine and the disk, but you can still have a sleep setting for your monitor.

Q:What does "daemon" mean?
A:Daemon is a Greek word meaning "secondary deity ". My extrapolation of the UNIX meaning then, is that the kernel is the main "deity", providing the most important application services (mem and process mgmt, file access, network access, etc). And the system daemons are the secondary "deities" providing nonessential, but very useful application services.

Link to Apple.com
This site is made with a Macintosh.
This page was last updated on Friday, 17-Dec-1999 09:33:49 EST

Copyright © Brian Bergstrand 1998-2006