[syslog-ng] Rapid filling of /var/log/syslog-ng.log with "--MARK--" messages?
mike at lague.org
mike at lague.org
Mon Jul 25 23:13:12 CEST 2011
On a system running syslog-ng 3.0.5, we observed the following:
*
*
*
Jul 21 11:53:37.724586 sys89 -- MARK --
Jul 21 11:53:37.724623 sys89 -- MARK --
Jul 21 11:53:37.724660 sys89 -- MARK --
Jul 21 11:53:37.724696 sys89 -- MARK --
Jul 21 11:53:37.724733 sys89 -- MARK --
Jul 21 11:53:37.724770 sys89 -- MARK --
Jul 21 11:53:37.724807 sys89 -- MARK --
Jul 21 11:53:37.724843 sys89 -- MARK --
Jul 21 11:53:37.724880 sys89 -- MARK ?
The log was written to at this frequency, with these "MARK" messages, until the partition filled up.
It appears that the first of these messages was logged very close in time to when the system date was set back by a couple of minutes. However, I was unable to reproduce this result on a different system (by setting the date back in time.)
However, is it possible that this problem is the same as:
SYSLOG-NG] [BUG 110] NEW: ADVANCING THE SYSTEM DATE AND TIME BEYOND 2038 CAUSES FLOOD OF MESSAGES
(i.e., https://lists.balabit.hu/pipermail/syslog-ng/2011-January/015754.html)
It appears that this is fixed in 3.2.3; it is fixed in other versions?
In versions where this is not fixed, is it possible to avoid this problem by turning off the "mark" feature, i.e., by putting
mark_freq(0);
in the options clause of the configuration?
Thank you,
--Mike Lague
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20110725/5aa08348/attachment-0001.htm
More information about the syslog-ng
mailing list