[syslog-ng] Getting "--MARK--" in the generated logs----Please REPLY soon
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Dec 17 22:18:04 CET 2007
On Mon, 17 Dec 2007 10:34:54 GMT, ROHIT SAXENA said:
> --0-471570365-1197887694=:71825
> Since last three days I m getting the logs as follows:
>
>
> Dec 17 02:37:35 src at inoc-cabin3-17 -- MARK --
> Can any one please let me know the reasons why this is happening?????
> source src {
> #pipe("/proc/kmsg");
> unix-stream("/dev/log");
> internal();
> udp();
This 'udp();' is probably your culprit. Most likely, the machine called
'inoc-cabin3-17' is chugging off a 'MARK' every 20 minutes because it hasn't
logged any *other* syslog traffic in the interim (very handy so you can tell
the difference between "machine crashed sometime between 11:34PM (last msg)
and 8AM when we found it dead" and "machine was alive at 3:45 because it
MARK'ed, and dead at 4AM because it didn't"...)
Now, if you don't know who 'inoc-cabin3-17' is, that's a *different* problem ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.balabit.hu/pipermail/syslog-ng/attachments/20071217/60151535/attachment.pgp
More information about the syslog-ng
mailing list