Remove -- MARK -- from the message log

Posted on 15.03.2009 by Kim N. Lesmer.
This small tutorial describes how you can get rid of the `-- MARK --` message on Debian GNU/Linux in the message log.

The syslogd logs a mark timestamp regularly. The default interval between two -- MARK -- lines is 20 minutes. This can be changed with the "m" (interval) option.

Setting the interval to zero turns it off entirely. Depending on other log messages generated these lines may not be written consecutively.

Important: You must understand that the -- MARK -- message is there for a reason. It is syslogs way of saying that it is alive, and the makrs are helpful for security auditing (validation of logs) as well.

If you are running a script against syslog you can use the mark to determine if syslog is active.

I do not recommend that you turn it off.

If however this is unimportant to you, you can turn it off.

Edit the initialization script /etc/init.d/syslogd file and owards the top of the file look for a line that says:

SYSLOGD="-u syslog"

Change it to:

SYSLOGD="-m 0 -u syslog"

Next restart syslogd using the command:

/etc/init.d/sysklogd restart

If you have any comments or corrections feel free to email them to me.