[syslog-ng] Mark problems

Edward Brookhouse ebroo at healthydirections.com
Tue Aug 2 15:45:51 CEST 2005


Thanks Frans, unf this is coming from the syslog server running
syslog-ng ...

-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Frans
Stekelenburg
Sent: Tuesday, August 02, 2005 9:18 AM
To: Syslog-ng users' and developers' mailing list
Subject: RE: [syslog-ng] Mark problems 


I think it is (also) something that can be turned on on a SYSLOG client
(sending host) with an extra option to the syslog daemon, and in it's
local syslog.conf.
The fact that you don't have mark in your conf, explains perhaps why it
is not filtered out;-)


Regards,
Frans


Some info from our internal KB:


Add mark.debug to the syslog.conf

# Selector			Action		Comment

mark.debug;*.debug	@centrallog 	# 10.20.30.40



Mark Messages 
-------------
Make use of mark messages (time stamps). 

Mark messages can be turned on to make it easier to analyze the timeline
of messages and to identify possible gaps within the log archives. 

Mark messages are generated by syslogd after a predefined time period.
Other periods can be specified during the syslogd startup. 

To activate mark messages, the script file that starts syslogd needs to
be to edited. The file "/etc/init.d/syslog" (solaris) must be edited
within the "start" section. In the following example, syslogd is called
to set a mark interval of 10 minutes, as follows: 

/usr/sbin/syslog -m 10 1>/dev/console  2>&1
If only -m is stated, the default interval is 20 minutes. 





> -----Original Message-----
> From: Edward Brookhouse [mailto:ebroo at healthydirections.com] 
> Sent: dinsdag 2 augustus 2005 13:33
> To: 'Syslog-ng users' and developers' mailing list'
> Subject: [syslog-ng] Mark problems 
> 
> Hi all,
> 
> 	I am using Syslog-NG 1.9.4 on Fedora Core4 - and I am seeing --
> MARK - in my logs when I should not be.
> 
> To my understanding (via google and man pages) If you put the option *
> mark(n) in the options section you will get a -- MARK -- 
> every N times.
> 
> I have no mark option...
> 
> Any thoughts on how to trouble shoot?
> 
> 
> My conf file has this for options
> 
> options {
> #       use_fqdn(yes);
> #       use_dns(yes);
> #       dns_cache(yes);
>         keep_hostname(yes);
>         long_hostnames(off);
>         sync(1);
>         log_fifo_size(1024);
> };
> 
> 
> A search for mark in the conf returns nada ...
> 
> 
> TIA
> 
> Edward
> Ebrooathealthydirectionsdotcomlame
> 
> 
> 
> _______________________________________________
> syslog-ng maillist  -  syslog-ng at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng
> Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
> 
> 
_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html







More information about the syslog-ng mailing list