Re: [syslog-ng] Strange behavior with the option "mark"

3 Aug 2010

      Thank you for your answer.

When I start the syslog-ng with the option "mark" sets to 0, no MARKS
messages are sent (as written in the OSE 3.1 Administrator Guide).
This problem appears only when the option "mark" is set from a value <>
0 to a value = 0 and when I reload the configuration with a HUP signal.

Regards,

Yann I.

On Tue, 2010-08-03 at 10:58 +0200, Ilas, Yann wrote:
...
Hello everybody,
I'm currently using the application syslog-ng version 3.1.1 and there
is
an odd behavior with the "mark" option.
Here is the configuration file used for the test :
@version: 3.0
options {
      mark(7);
  };
source s_local  { internal(); unix-stream( "/dev/log" ); };
destination d_f_msg_unknown {
      file ( /var/log/messages__unknown );
  };
log {
      source (s_local);
      destination (d_f_msg_unknown);
  };
...and I start the syslog-ng application like this :
  # cd /opt/syslog-ng/sbin/
  # ./syslog-ng -Fevd --foreground --no-caps
--cfgfile=/opt/syslog-ng/etc/syslog-ng.conf.MARK
--pidfile=/tmp/syslog-ng.conf.pid
The output of the log file :
  Aug  2 17:44:22 serveur01 -- MARK --
  Aug  2 17:44:29 serveur01 -- MARK --
  Aug  2 17:44:36 serveur01 -- MARK --
(...)
Then, I change the configuration file from "mark(7)" to "mark(0)" and
send a HUP signal between "17:44:36" and "17:44:43"
  # kill -HUP $(cat /tmp/syslog-ng.conf.pid)
Here is the output (tail -f /var/log/messages__unknown) :
  Aug  2 17:44:36 serveur01 -- MARK --
<HUP signal>
  Aug  2 17:44:43 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
  Aug  2 17:44:50 serveur01 -- MARK --
(...)
...then the server syslog-ng sends a lot of "MARK" messages. I have to
stop the process with a "kill" or "ctrl+c".
I have the same behaviour if I use "mark_freq" instead of "mark".
What's wrong with that option ? Did I miss something ?
well, we should recognize mark(0) the same as mark(-1) effectively
disabling the mark feature.

right now, mark(0) means that there's zero time between two mark
messages, effectively generating one mark message per poll iteration,
this is what you see.

Or, does this happen only if you do a SIGHUP? Or the same happens when
you start syslog-ng?

-- 
Bazsi