On Mon, 2007-03-19 at 10:35 -0400, Valdis.Kletnieks@vt.edu wrote:
On Mon, 19 Mar 2007 10:37:06 BST, Balazs Scheidler said:
I don't know what the 'mark' facility is for, in fact I've never seen it referenced.
It's a pseudo-facility in the old syslog code, for routing the output of the '-m' flag:
-m interval The syslogd logs a mark timestamp regularly. The default inter- val between two -- MARK -- lines is 20 minutes. This can be changed with this option. Setting the interval to zero turns it off entirely.
So if you coded 'mark.debug /var/log/messages' and '-m 5', every 5 minutes you'd get a --MARK-- line in /var/log/messages. Pretty handy for low-activity systems, so you can tell the difference between "system idle and not generating log activy for 6 1/2 hours" and "system too wedged to syslog anything for 6 1/2 hours".
I see, then the mark facility filter should be converted to a match() filter that looks for MARK in the message payload. -- Bazsi