[syslog-ng] map "mark.info" in syslog.conf to syslog-ng.conf
Balazs Scheidler
bazsi at balabit.hu
Mon Mar 19 15:44:54 CET 2007
On Mon, 2007-03-19 at 10:35 -0400, Valdis.Kletnieks at vt.edu wrote:
> On Mon, 19 Mar 2007 10:37:06 BST, Balazs Scheidler said:
>
> > I don't know what the 'mark' facility is for, in fact I've never seen it
> > referenced.
>
> It's a pseudo-facility in the old syslog code, for routing the output of
> the '-m' flag:
>
> -m interval
> The syslogd logs a mark timestamp regularly. The default inter-
> val between two -- MARK -- lines is 20 minutes. This can be
> changed with this option. Setting the interval to zero turns it
> off entirely.
>
> So if you coded 'mark.debug /var/log/messages' and '-m 5', every 5 minutes
> you'd get a --MARK-- line in /var/log/messages. Pretty handy for low-activity
> systems, so you can tell the difference between "system idle and not generating
> log activy for 6 1/2 hours" and "system too wedged to syslog anything for 6 1/2
> hours".
I see, then the mark facility filter should be converted to a match()
filter that looks for MARK in the message payload.
--
Bazsi
More information about the syslog-ng
mailing list