By default, the syslog daemon will place –MARK– messages in your /var/log/messages log file every twenty minutes. This can get annoying and eventually lead to a waste of space. Heres a quick tip on how to stop syslog from putting –MARK– in the messages log.
- Edit the syslogd file. (In Ubuntu, this file is located in /etc/default/syslogd – on some other distributions, you’ll want to edit whatever file starts up the syslog daemon.)
- Locate the following line that starts with:
- Modify this line to read:
- Restart syslog:
One very important aspect of computer security and hack prevention is the collection and assessment of system log files. In the mind of a hacker, when gaining unlawful entry to a system their first instinct is to cover all traceable tracks. This means deleting log files and possibly even setting up backdoors to enter again at will sometime later in the future. It is important, as a system administrator, to ensure that even if your system has been broken into or tampered with, that you have traceable evidence to figure out exactly what went wrong, and where it went wrong. Hackers tend to tamper with system logs making this sometimes impossible to figure out. Setting up a remote syslog server for all of your servers to send their logs to is how we can ensure that your logs will be completely accurate and un tampered with.
The syslog server configured in this example is an old 486 with an 8GB hard drive, running Slackware Linux 10.2. However, the configuration and commands will work for just about any Linux distribution.