On Mon, 17 Dec 2007 10:34:54 GMT, ROHIT SAXENA said:
--0-471570365-1197887694=:71825
Since last three days I m getting the logs as follows:
Dec 17 02:37:35 src@inoc-cabin3-17 -- MARK --
Can any one please let me know the reasons why this is happening?????
source src { #pipe("/proc/kmsg"); unix-stream("/dev/log"); internal(); udp();
This 'udp();' is probably your culprit. Most likely, the machine called 'inoc-cabin3-17' is chugging off a 'MARK' every 20 minutes because it hasn't logged any *other* syslog traffic in the interim (very handy so you can tell the difference between "machine crashed sometime between 11:34PM (last msg) and 8AM when we found it dead" and "machine was alive at 3:45 because it MARK'ed, and dead at 4AM because it didn't"...) Now, if you don't know who 'inoc-cabin3-17' is, that's a *different* problem ;)