Syslog

Tips for geting the most out of syslog

Recently I have been doing some work with syslog – attempting to manage and comprehend my logs. This is a compilation of the nuggets of information I have discovered that may help you with your syslog configuration.

What is MARK in /var/log/message
MARK is syslogd’s heartbeat – it tells you that the logger is
still alive and well.

-m interval

The syslogd logs a mark timestamp regularly. The
default interval between two — MARK — lines is 20
minutes. This can be changed with this option.

Adding the following line to your syslog.conf will put the MARK messages in a separate file called syslog.heartbeat.log

mark.*/var/log/syslog.heartbeat.log

To eliminate — MARK — lines in /var/log/syslog, change the following
line:

*.*;auth,authpriv,mark.none -/var/log/syslog

Leave a Reply

Your email address will not be published. Required fields are marked *