Hi,

I have the following part of syslog configuration:

destination d_localfile_kernel {
file("/var/log/kernel.log"
flags(syslog-protocol)
);
};
filter f_localfile_kernel_kern {
facility(kern) and level(info .. emerg);
};
filter f_localfile_kernel {
filter(f_localfile_kernel_kern); };
log {
source(s_src);
filter(f_localfile_kernel);
destination(d_localfile_kernel);
flags(flow-control);
};

And I see in my kernel.log file:

<46>1 2020-03-18T18:35:28+00:00 localhost - - - [meta sequenceId="1"] -- MARK --

<46>1 2020-03-18T18:55:28+00:00 localhost - - - [meta sequenceId="2"] -- MARK --

<46>1 2020-03-18T19:15:28+00:00 localhost - - - [meta sequenceId="3"] -- MARK --

<46>1 2020-03-18T19:35:28+00:00 localhost - - - [meta sequenceId="4"] -- MARK --

<46>1 2020-03-18T19:55:28+00:00 localhost - - - [meta sequenceId="5"] -- MARK --

<46>1 2020-03-18T20:15:28+00:00 localhost - - - [meta sequenceId="6"] -- MARK --

<46>1 2020-03-18T20:35:28+00:00 localhost - - - [meta sequenceId="7"] -- MARK --

<46>1 2020-03-18T20:55:28+00:00 localhost - - - [meta sequenceId="8"] -- MARK --

<46>1 2020-03-18T21:15:28+00:00 localhost - - - [meta sequenceId="9"] -- MARK --

I was not expecting to see syslog facility messages coming out, since I am filtering by kernel facility.

Is this expected behavior?

Thanks & regards,

Alex