I think it is (also) something that can be turned on on a SYSLOG client (sending host) with an extra option to the syslog daemon, and in it's local syslog.conf. The fact that you don't have mark in your conf, explains perhaps why it is not filtered out;-) Regards, Frans Some info from our internal KB: Add mark.debug to the syslog.conf # Selector Action Comment mark.debug;*.debug @centrallog # 10.20.30.40 Mark Messages ------------- Make use of mark messages (time stamps). Mark messages can be turned on to make it easier to analyze the timeline of messages and to identify possible gaps within the log archives. Mark messages are generated by syslogd after a predefined time period. Other periods can be specified during the syslogd startup. To activate mark messages, the script file that starts syslogd needs to be to edited. The file "/etc/init.d/syslog" (solaris) must be edited within the "start" section. In the following example, syslogd is called to set a mark interval of 10 minutes, as follows: /usr/sbin/syslog -m 10 1>/dev/console 2>&1 If only -m is stated, the default interval is 20 minutes.
-----Original Message----- From: Edward Brookhouse [mailto:ebroo@healthydirections.com] Sent: dinsdag 2 augustus 2005 13:33 To: 'Syslog-ng users' and developers' mailing list' Subject: [syslog-ng] Mark problems
Hi all,
I am using Syslog-NG 1.9.4 on Fedora Core4 - and I am seeing -- MARK - in my logs when I should not be.
To my understanding (via google and man pages) If you put the option * mark(n) in the options section you will get a -- MARK -- every N times.
I have no mark option...
Any thoughts on how to trouble shoot?
My conf file has this for options
options { # use_fqdn(yes); # use_dns(yes); # dns_cache(yes); keep_hostname(yes); long_hostnames(off); sync(1); log_fifo_size(1024); };
A search for mark in the conf returns nada ...
TIA
Edward Ebrooathealthydirectionsdotcomlame
_______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng Frequently asked questions at http://www.campin.net/syslog-ng/faq.html