[syslog-ng] map "mark.info" in syslog.conf to syslog-ng.conf
Lily Feng
Lily.Feng at rci.rogers.com
Mon Mar 19 15:48:58 CET 2007
The syslog-ng could not support ---MARK----, right?
I used "-----STATS-------" instead of "------MARK-------".
Lily
-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu
[mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs
Scheidler
Sent: Monday, March 19, 2007 10:45 AM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] map "mark.info" in syslog.conf to
syslog-ng.conf
On Mon, 2007-03-19 at 10:35 -0400, Valdis.Kletnieks at vt.edu wrote:
> On Mon, 19 Mar 2007 10:37:06 BST, Balazs Scheidler said:
>
> > I don't know what the 'mark' facility is for, in fact I've never
> > seen it referenced.
>
> It's a pseudo-facility in the old syslog code, for routing the output
> of the '-m' flag:
>
> -m interval
> The syslogd logs a mark timestamp regularly. The
default inter-
> val between two -- MARK -- lines is 20 minutes. This
can be
> changed with this option. Setting the interval to zero
turns it
> off entirely.
>
> So if you coded 'mark.debug /var/log/messages' and '-m 5', every 5
> minutes you'd get a --MARK-- line in /var/log/messages. Pretty handy
> for low-activity systems, so you can tell the difference between
> "system idle and not generating log activy for 6 1/2 hours" and
> "system too wedged to syslog anything for 6 1/2 hours".
I see, then the mark facility filter should be converted to a match()
filter that looks for MARK in the message payload.
--
Bazsi
_______________________________________________
syslog-ng maillist - syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html
More information about the syslog-ng
mailing list