[syslog-ng] Syslog messages being received as kern/emerg MARK
Balazs Scheidler
bazsi at balabit.hu
Tue Jul 13 12:49:23 CEST 2010
On Fri, 2010-07-09 at 10:52 -0400, Lee, Steve wrote:
> Good day,
>
>
>
> We are evaluating syslog-ng Premium using the Windows Agent sending
> syslogs back to a client on Linux. Everything was working fine for
> about a week. Now anytime a message is sent from the agent, it shows
> up on the receiving end as “[kern] [emerg] Jul 9 10:32:38 <IP
> Address> <server name> --- MARK ---“, where MARK is actually in the
> message field. The messages should be coming in as local6/notice
> instead of kern/emerg. Everything seems to be setup correctly on the
> Windows agent. We have tried restarting the agent to no avail. The
> windows server shows nothing in the event log for the time that the
> MARK message comes across.
>
>
>
> If anyone has any insight into this problem, please let me know.
>
hmm.. this may or may not be a bug in the Agent.
The agent is capable of generating MARK messages, just like it is usualy
done by syslogd/syslog-ng, it does so every 10 minutes.
But if I understand you correctly, MARK is automatically appended to
each and every message the agent sends?
--
Bazsi
More information about the syslog-ng
mailing list