I'm curious to see Mike's response, but in the meantime...
I think it's expected that alertd and syslog-ng will eat up CPU cycles when you're trying to log a lot of events. In general, I disable all but essential logging when putting a rule in production. You can either use a debug flag to only log when you need it, or, more efficiently, comment out the log statements.
How many requests per second are being passed through the VIP with this rule? If you do want to log the request details, you could make the rule slightly more efficient by eliminating the intermediate variables:
[code]
when HTTP_REQUEST {
set http_request_time [clock clicks -milliseconds]
log local0. "Client connected, IP: [IP::client_addr], HTTP request: [HTTP::request]"
}
when HTTP_RESPONSE {
log local0. "Pool Info: [LB::server] - HTTP Status: [HTTP::status] (request/response delta: [expr [clock clicks -milliseconds] - $http_request_time]ms)"
}
[/code]
You could also remove the calculation of the delta and calculate that after the fact from the logs. Also, the HTTP::request could be very large. If you don't really need the full request logged, you could remove it.
Aaron