Tips for geting the most out of syslog
Recently I have been doing some work with syslog – attempting to manage and comprehend my logs. This is a compilation of the nuggets of information I have discovered that may help you with your syslog configuration.
What is MARK in /var/log/message
MARK is syslogd’s heartbeat – it tells you that the logger is
still alive and well.
-m interval
The syslogd logs a mark timestamp regularly. The
default interval between two — MARK — lines is 20
minutes. This can be changed with this option.
Adding the following line to your syslog.conf will put the MARK messages in a separate file called syslog.heartbeat.log
mark.*/var/log/syslog.heartbeat.log
To eliminate — MARK — lines in /var/log/syslog, change the following
line:
*.*;auth,authpriv,mark.none -/var/log/syslog