On Fri, 2010-07-09 at 10:52 -0400, Lee, Steve wrote:
Good day,
We are evaluating syslog-ng Premium using the Windows Agent sending syslogs back to a client on Linux. Everything was working fine for about a week. Now anytime a message is sent from the agent, it shows up on the receiving end as “[kern] [emerg] Jul 9 10:32:38 <IP Address> <server name> --- MARK ---“, where MARK is actually in the message field. The messages should be coming in as local6/notice instead of kern/emerg. Everything seems to be setup correctly on the Windows agent. We have tried restarting the agent to no avail. The windows server shows nothing in the event log for the time that the MARK message comes across.
If anyone has any insight into this problem, please let me know.
hmm.. this may or may not be a bug in the Agent. The agent is capable of generating MARK messages, just like it is usualy done by syslogd/syslog-ng, it does so every 10 minutes. But if I understand you correctly, MARK is automatically appended to each and every message the agent sends? -- Bazsi