
<div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">Right now, there's no other means. Within the code theres a flag to indicate marks, but that does not cross the wire.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Jun 29, 2017 16:01, "Fabien Wernli" <<a href="mailto:wernli@in2p3.fr">wernli@in2p3.fr</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>

<br>

What would be the best way to identify a message originating from mark-mode?<br>

I don't see any obvious way to do so, apart from matching the message for '-- MARK --'.<br>

<br>

Here's an example on how it looks:<br>

<br>

{<br>

  "YEAR_DAY": "180",<br>

  "YEAR": "2017",<br>

  "WEEK_DAY_NAME": "Thursday",<br>

  "WEEK_DAY_ABBREV": "Thu",<br>

  "WEEK_DAY": "5",<br>

  "WEEKDAY": "Thu",<br>

  "WEEK": "26",<br>

  "USEC": "233311",<br>

  "UNIXTIME": "1498744609",<br>

  "TZOFFSET": "+02:00",<br>

  "TZ": "+02:00",<br>

  "TAGS": ".source.#anon-source0",<br>

  "TAG": "0d",<br>

  "S_YEAR_DAY": "180",<br>

  "S_YEAR": "2017",<br>

  "S_WEEK_DAY_NAME": "Thursday",<br>

  "S_WEEK_DAY_ABBREV": "Thu",<br>

  "S_WEEK_DAY": "5",<br>

  "S_WEEKDAY": "Thu",<br>

  "S_WEEK": "26",<br>

  "S_USEC": "233311",<br>

  "S_UNIXTIME": "1498744609",<br>

  "S_TZOFFSET": "+02:00",<br>

  "S_TZ": "+02:00",<br>

  "S_STAMP": "Jun 29 15:56:49",<br>

  "S_SEC": "49",<br>

  "S_MSEC": "233",<br>

  "S_MONTH_WEEK": "4",<br>

  "S_MONTH_NAME": "June",<br>

  "S_MONTH_ABBREV": "Jun",<br>

  "S_MONTH": "06",<br>

  "S_MIN": "56",<br>

  "S_ISODATE": "2017-06-29T15:56:49+02:00",<br>

  "S_HOUR12": "03",<br>

  "S_HOUR": "15",<br>

  "S_FULLDATE": "2017 Jun 29 15:56:49",<br>

  "S_DAY": "29",<br>

  "S_DATE": "Jun 29 15:56:49",<br>

  "S_AMPM": "PM",<br>

  "SYSUPTIME": "207",<br>

  "STAMP": "Jun 29 15:56:49",<br>

  "SOURCEIP": "127.0.0.1",<br>

  "SOURCE": "#anon-source0",<br>

  "SEC": "49",<br>

  "R_YEAR_DAY": "180",<br>

  "R_YEAR": "2017",<br>

  "R_WEEK_DAY_NAME": "Thursday",<br>

  "R_WEEK_DAY_ABBREV": "Thu",<br>

  "R_WEEK_DAY": "5",<br>

  "R_WEEKDAY": "Thu",<br>

  "R_WEEK": "26",<br>

  "R_USEC": "233311",<br>

  "R_UNIXTIME": "1498744609",<br>

  "R_TZOFFSET": "+02:00",<br>

  "R_TZ": "+02:00",<br>

  "R_STAMP": "Jun 29 15:56:49",<br>

  "R_SEC": "49",<br>

  "R_MSEC": "233",<br>

  "R_MONTH_WEEK": "4",<br>

  "R_MONTH_NAME": "June",<br>

  "R_MONTH_ABBREV": "Jun",<br>

  "R_MONTH": "06",<br>

  "R_MIN": "56",<br>

  "R_ISODATE": "2017-06-29T15:56:49+02:00",<br>

  "R_HOUR12": "03",<br>

  "R_HOUR": "15",<br>

  "R_FULLDATE": "2017 Jun 29 15:56:49",<br>

  "R_DAY": "29",<br>

  "R_DATE": "Jun 29 15:56:49",<br>

  "R_AMPM": "PM",<br>

  "RUNID": "1",<br>

  "PRIORITY": "notice",<br>

  "PRI": "13",<br>

  "MSG": "dl",<br>

  "MSEC": "233",<br>

  "MONTH_WEEK": "4",<br>

  "MONTH_NAME": "June",<br>

  "MONTH_ABBREV": "Jun",<br>

  "MONTH": "06",<br>

  "MIN": "56",<br>

  "MESSAGE": "dl",<br>

  "LOGHOST": "localhost.localdomain",<br>

  "LEVEL_NUM": "5",<br>

  "LEVEL": "notice",<br>

  "ISODATE": "2017-06-29T15:56:49+02:00",<br>

  "HOUR12": "03",<br>

  "HOUR": "15",<br>

  "HOST_FROM": "localhost",<br>

  "HOSTID": "abb0b0e5",<br>

  "HOST": "localhost",<br>

  "FULLDATE": "2017 Jun 29 15:56:49",<br>

  "FILE_NAME": "/dev/stdin",<br>

  "FACILITY_NUM": "1",<br>

  "FACILITY": "user",<br>

  "DAY": "29",<br>

  "DATE": "Jun 29 15:56:49",<br>

  "C_YEAR_DAY": "180",<br>

  "C_YEAR": "2017",<br>

  "C_WEEK_DAY_NAME": "Thursday",<br>

  "C_WEEK_DAY_ABBREV": "Thu",<br>

  "C_WEEK_DAY": "5",<br>

  "C_WEEKDAY": "Thu",<br>

  "C_WEEK": "26",<br>

  "C_UNIXTIME": "1498744609",<br>

  "C_TZOFFSET": "-00:00",<br>

  "C_TZ": "-00:00",<br>

  "C_STAMP": "Jun 29 13:56:48",<br>

  "C_SEC": "48",<br>

  "C_MONTH_WEEK": "4",<br>

  "C_MONTH_NAME": "June",<br>

  "C_MONTH_ABBREV": "Jun",<br>

  "C_MONTH": "06",<br>

  "C_MIN": "56",<br>

  "C_ISODATE": "2017-06-29T13:56:48-00:00",<br>

  "C_HOUR": "13",<br>

  "C_FULLDATE": "2017 Jun 29 13:56:48",<br>

  "C_DAY": "29",<br>

  "C_DATE": "Jun 29 13:56:48",<br>

  "BSDTAG": "5B",<br>

  "AMPM": "PM"<br>

}<br>

<br>

______________________________<wbr>______________________________<wbr>__________________<br>

Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/<wbr>mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/<wbr>support/documentation/?<wbr>product=syslog-ng</a><br>

FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/<wbr>syslog-ng-faq</a><br>

<br>

</blockquote></div><br></div>