A bit of an operations question, but one I've never found an answer to .. what is the purpose of ---MARK---? I know it just fills up my logs, but I never really understood why I'd want that ... Suggestions? What do other people use it for? Todd. -----Original Message----- From: Balazs Scheidler [mailto:bazsi@balabit.hu] Sent: Tuesday, December 18, 2001 12:04 PM To: syslog-ng@lists.balabit.hu Subject: Re: [syslog-ng]mark() option? On Tue, Dec 04, 2001 at 08:46:00PM -0600, Bradley Hartin wrote:
I was testing out a configuration as follows:
options { long_hostnames(off); sync(0); mark(10); }; source src { unix-stream("/dev/log"); internal(); };
destination all { file("/var/log/messages"); }; log { source(src); destination(all); };
While it appears to log everything properly, I have yet (after hours) to see a single --- MARK --- message in the logs. Is the mark option not operational, or is there something I'm missing?
sorry, mark is not implemented... -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 _______________________________________________ syslog-ng maillist - syslog-ng@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/syslog-ng
On Wed, 19 Dec 2001, Todd Snyder wrote:
A bit of an operations question, but one I've never found an answer to ..
what is the purpose of ---MARK---? I know it just fills up my logs, but I never really understood why I'd want that ...
Suggestions? What do other people use it for?
It's useful for catching a hung system, or at least diagnosing when a problem such as that occured. In my case, I'll have over 130 systems going centrally, most of which will generate very little log activity outside normal business hours. This will help me gauge the quality of our communication lines and system dependability. -- Bradley Hartin - bhartin@straus-frank.com Communications and Network Administrator Straus-Frank Company
Todd Snyder on Wed, Dec 19, 2001 at 07:44:49AM -0500: Hi,
what is the purpose of ---MARK---? I know it just fills up my logs, but I never really understood why I'd want that ...
Suggestions? What do other people use it for?
you can use it to test if your logging daemon is operational, even if nothing gets logged. Other than that, it can come in quite handy when manually parsing through logs, because you can easily skip a bunch of lines (same can be done by searching for date/time, but that's more ty- ping) ... Regards, -- ____ ____ / _/| - > Gregor Binder <gb@(rootnexus.net|sysfive.com)> | / || _\ \ \__ Id: 0xE2F31C4B Fp: 8B8A 5CE3 B79B FBF1 5518 8871 0EFB AFA3 E2F3 1C4B
what is the purpose of ---MARK---? I know it just fills up my logs, but I never really understood why I'd want that ...
Suggestions? What do other people use it for?
you can use it to test if your logging daemon is operational, even if nothing gets logged. Other than that, it can come in quite handy when manually parsing through logs, because you can easily skip a bunch of lines (same can be done by searching for date/time, but that's more ty- ping) ...
Out of paranoia, I used to run a daemon that would check the logs for the mark. This way, I knew logging was still functional. It paid off once when syslog(not ng) mysteriously died.
participants (4)
-
Bradley Hartin
-
Gregor Binder
-
Jay Guerette
-
Todd Snyder