Upgraded to sysklogd-1.3.31-14.i386.rpm. After several days of running just fine syslogd will start putting -- MARK -- messages into the log at 30 minute intervals. After the next logrotate syslogd will put -- MARK -- messages into the log every 30 seconds and switch to report the mark messages in UTC instead of local time. This problem is occuring on 2 machines running RedHat Linux 6.1. Both machines run webservers, mailservers and name servers and are publicly available. Firewalling prevents access to port 'syslog 514/udp' on both system. I cannot reproduce the same problem on 2 other machines which are workstations and behind a IPmasq firewall. Could this be a security problem?
Normal behavior - use '-m 0' as args to syslogd to turn it off.
I confirmed that syslogd is running with the -m 0 switch. The problem occurs regardless. Manually restarting syslogd does not resolve the problem. Reinstalling the RPM with 'rpm -Uvh --force sysklogd-...' and subsequent rebooting the system will result in normal and expected syslogd operation for a few days.
What does rpm -V sysklogd say on a broken system?
closed, lack of input.