[syslog-ng] MARK messages and filtering
Alexandre Santos
alexandre.rosas.santos at gmail.com
Thu Mar 19 20:42:13 UTC 2020
Hi,
I have the following part of syslog configuration:
destination d_localfile_kernel {
file("/var/log/kernel.log"
flags(syslog-protocol)
);
};
filter f_localfile_kernel_kern {
facility(kern) and level(info .. emerg);
};
filter f_localfile_kernel {
filter(f_localfile_kernel_kern); };
log {
source(s_src);
filter(f_localfile_kernel);
destination(d_localfile_kernel);
flags(flow-control);
};
And I see in my kernel.log file:
<46>1 2020-03-18T18:35:28+00:00 localhost - - - [meta sequenceId="1"] --
MARK --
<46>1 2020-03-18T18:55:28+00:00 localhost - - - [meta sequenceId="2"] --
MARK --
<46>1 2020-03-18T19:15:28+00:00 localhost - - - [meta sequenceId="3"] --
MARK --
<46>1 2020-03-18T19:35:28+00:00 localhost - - - [meta sequenceId="4"] --
MARK --
<46>1 2020-03-18T19:55:28+00:00 localhost - - - [meta sequenceId="5"] --
MARK --
<46>1 2020-03-18T20:15:28+00:00 localhost - - - [meta sequenceId="6"] --
MARK --
<46>1 2020-03-18T20:35:28+00:00 localhost - - - [meta sequenceId="7"] --
MARK --
<46>1 2020-03-18T20:55:28+00:00 localhost - - - [meta sequenceId="8"] --
MARK --
<46>1 2020-03-18T21:15:28+00:00 localhost - - - [meta sequenceId="9"] --
MARK --
I was not expecting to see syslog facility messages coming out, since I am
filtering by kernel facility.
Is this expected behavior?
Thanks & regards,
Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20200319/42a3b942/attachment.html>
More information about the syslog-ng
mailing list