From owner-freebsd-bugs@FreeBSD.ORG Sat Oct 29 02:20:07 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 734EA1065670 for ; Sat, 29 Oct 2011 02:20:07 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 44E268FC15 for ; Sat, 29 Oct 2011 02:20:07 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p9T2K7gO076183 for ; Sat, 29 Oct 2011 02:20:07 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p9T2K74D076182; Sat, 29 Oct 2011 02:20:07 GMT (envelope-from gnats) Resent-Date: Sat, 29 Oct 2011 02:20:07 GMT Resent-Message-Id: <201110290220.p9T2K74D076182@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Larry Rosenman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A7D67106566B for ; Sat, 29 Oct 2011 02:18:29 +0000 (UTC) (envelope-from ler@lerctr.org) Received: from thebighonker.lerctr.org (lrosenman-1-pt.tunnel.tserv8.dal1.ipv6.he.net [IPv6:2001:470:1f0e:3ad::2]) by mx1.freebsd.org (Postfix) with ESMTP id 39B768FC14 for ; Sat, 29 Oct 2011 02:18:29 +0000 (UTC) Received: from cpe-72-182-3-73.austin.res.rr.com ([72.182.3.73]:60607 helo=borg.lerctr.org) by thebighonker.lerctr.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RJyV6-000MBA-9u for FreeBSD-gnats-submit@freebsd.org; Fri, 28 Oct 2011 21:18:28 -0500 Received: from ler by borg.lerctr.org with local (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RJyV5-000ICn-NK for FreeBSD-gnats-submit@freebsd.org; Fri, 28 Oct 2011 21:18:23 -0500 Message-Id: Date: Fri, 28 Oct 2011 21:18:23 -0500 From: Larry Rosenman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: bin/162135: remote syslog not logging X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Larry Rosenman List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Oct 2011 02:20:07 -0000 >Number: 162135 >Category: bin >Synopsis: remote syslog not logging >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Oct 29 02:20:06 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Larry Rosenman >Release: FreeBSD 10.0-CURRENT amd64 >Organization: LERCTR Consulting >Environment: System: FreeBSD borg.lerctr.org 10.0-CURRENT FreeBSD 10.0-CURRENT #5: Mon Oct 24 04:15:57 CDT 2011 root@borg.lerctr.org:/usr/obj/usr/src/sys/BORG-DTRACE amd64 >Description: Why doesn't syslogd log these messages? This is from my Cable Modem: # tcpdump -vv -s 1500 host 192.168.200.10 and port 514 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 1500 bytes 21:14:21.915542 IP (tos 0x0, ttl 64, id 36817, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.bbn-mmx > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:21.916790 IP (tos 0x0, ttl 64, id 36818, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.sbook > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:21.917914 IP (tos 0x0, ttl 64, id 36819, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.editbench > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.665629 IP (tos 0x0, ttl 64, id 36820, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.equationbuilder > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.666755 IP (tos 0x0, ttl 64, id 36821, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.lotusnote > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:22.667880 IP (tos 0x0, ttl 64, id 36822, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.relief > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:20 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3230 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.428957 IP (tos 0x0, ttl 64, id 36823, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.rightbrain > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.430206 IP (tos 0x0, ttl 64, id 36824, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.intuitive-edge > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 21:14:23.431580 IP (tos 0x0, ttl 64, id 36825, offset 0, flags [none], proto UDP (17), length 176) 192.168.200.10.cuillamartin > borg.syslog: [udp sum ok] SYSLOG, length: 148 Facility local0 (16), Severity alert (1) Msg: Oct 29 02:14:21 2011 SYSLOG[0]: [Host 192.168.200.10] UDP 192.168.200.108,137 --> 192.168.200.255,137 DENY: Inbound or outbound access request 0x0000: 3c31 3239 3e4f 6374 2032 3920 3032 3a31 0x0010: 343a 3231 2032 3031 3120 5359 534c 4f47 0x0020: 5b30 5d3a 205b 486f 7374 2031 3932 2e31 0x0030: 3638 2e32 3030 2e31 305d 2055 4450 2031 0x0040: 3932 2e31 3638 2e32 3030 2e31 3038 2c31 0x0050: 3337 202d 2d3e 2031 3932 2e31 3638 2e32 0x0060: 3030 2e32 3535 2c31 3337 2044 454e 593a 0x0070: 2049 6e62 6f75 6e64 206f 7220 6f75 7462 0x0080: 6f75 6e64 2061 6363 6573 7320 7265 7175 0x0090: 6573 7420 ^C 9 packets captured 72 packets received by filter 0 packets dropped by kernel The syslog flags: syslogd_flags="-n -a 192.168.200.10 -a 192.168.200.0/24" And /etc/syslog.conf: # $FreeBSD: src/etc/syslog.conf,v 1.30 2009/06/11 15:07:02 avg Exp $ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.warning;auth.notice;mail.crit;local0.alert /dev/console *.info;authpriv.none;kern.debug;lpr.info;mail.crit;news.err;local0.* /var/log/messages security.* /var/log/security auth.info;authpriv.info /var/log/auth.log mail.info /var/log/maillog lpr.info /var/log/lpd-errs ftp.info /var/log/xferlog cron.* /var/log/cron *.=debug /var/log/debug.log *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log # touch /var/log/all.log and chmod it to mode 600 before it will work *.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !ppp *.* /var/log/ppp.log !* Tail of /var/log/messages: Oct 28 16:01:41 borg sshd[67672]: Accepted publickey for ler from 32.97.110.60 port 25947 ssh2 Oct 28 16:02:03 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/tail /var/log/all.log Oct 28 16:02:10 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/all.log Oct 28 16:02:24 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/usr/bin/grep 192.168.200 /var/log/all.log Oct 28 16:05:00 borg /usr/sbin/cron[67703]: (root) CMD (/usr/libexec/atrun) Oct 28 16:10:00 borg /usr/sbin/cron[67730]: (root) CMD (/usr/libexec/atrun) Oct 28 16:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 65 to 64 Oct 28 16:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 35 to 36 Oct 28 16:11:00 borg /usr/sbin/cron[67738]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:15:00 borg /usr/sbin/cron[67770]: (root) CMD (/usr/libexec/atrun) Oct 28 16:16:37 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 Oct 28 16:20:00 borg /usr/sbin/cron[67797]: (root) CMD (/usr/libexec/atrun) Oct 28 16:22:00 borg /usr/sbin/cron[67809]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:25:00 borg /usr/sbin/cron[67836]: (root) CMD (/usr/libexec/atrun) Oct 28 16:30:00 borg /usr/sbin/cron[67863]: (root) CMD (/usr/libexec/atrun) Oct 28 16:33:00 borg /usr/sbin/cron[67880]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:35:00 borg /usr/sbin/cron[67902]: (root) CMD (/usr/libexec/atrun) Oct 28 16:40:00 borg /usr/sbin/cron[67929]: (root) CMD (/usr/libexec/atrun) Oct 28 16:44:00 borg /usr/sbin/cron[67952]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:45:00 borg /usr/sbin/cron[67969]: (root) CMD (/usr/libexec/atrun) Oct 28 16:50:00 borg /usr/sbin/cron[67996]: (root) CMD (/usr/libexec/atrun) Oct 28 16:55:00 borg /usr/sbin/cron[68025]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 16:55:00 borg /usr/sbin/cron[68024]: (root) CMD (/usr/libexec/atrun) Oct 28 17:00:00 borg /usr/sbin/cron[68064]: (root) CMD (newsyslog) Oct 28 17:00:00 borg /usr/sbin/cron[68065]: (root) CMD (/usr/libexec/atrun) Oct 28 17:00:00 borg /usr/sbin/cron[68066]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:05:00 borg /usr/sbin/cron[68103]: (root) CMD (/usr/libexec/atrun) Oct 28 17:08:41 borg ntpd[1296]: synchronized to 63.211.239.58, stratum 2 Oct 28 17:10:00 borg /usr/sbin/cron[68130]: (root) CMD (/usr/libexec/atrun) Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 62 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 38 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 63 Oct 28 17:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 37 Oct 28 17:11:00 borg /usr/sbin/cron[68138]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:15:00 borg /usr/sbin/cron[68170]: (root) CMD (/usr/libexec/atrun) Oct 28 17:20:00 borg /usr/sbin/cron[68197]: (root) CMD (/usr/libexec/atrun) Oct 28 17:22:00 borg /usr/sbin/cron[68209]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:25:00 borg /usr/sbin/cron[68236]: (root) CMD (/usr/libexec/atrun) Oct 28 17:30:00 borg /usr/sbin/cron[68263]: (root) CMD (/usr/libexec/atrun) Oct 28 17:33:00 borg /usr/sbin/cron[68280]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:35:00 borg /usr/sbin/cron[68302]: (root) CMD (/usr/libexec/atrun) Oct 28 17:40:00 borg /usr/sbin/cron[68329]: (root) CMD (/usr/libexec/atrun) Oct 28 17:40:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 62 to 63 Oct 28 17:40:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 38 to 37 Oct 28 17:44:00 borg /usr/sbin/cron[68352]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:45:00 borg /usr/sbin/cron[68369]: (root) CMD (/usr/libexec/atrun) Oct 28 17:50:00 borg /usr/sbin/cron[68396]: (root) CMD (/usr/libexec/atrun) Oct 28 17:55:00 borg /usr/sbin/cron[68424]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 17:55:00 borg /usr/sbin/cron[68425]: (root) CMD (/usr/libexec/atrun) Oct 28 18:00:00 borg /usr/sbin/cron[68464]: (root) CMD (newsyslog) Oct 28 18:00:00 borg /usr/sbin/cron[68465]: (root) CMD (/usr/libexec/atrun) Oct 28 18:00:00 borg /usr/sbin/cron[68466]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:05:00 borg /usr/sbin/cron[68503]: (root) CMD (/usr/libexec/atrun) Oct 28 18:10:00 borg /usr/sbin/cron[68530]: (root) CMD (/usr/libexec/atrun) Oct 28 18:11:00 borg /usr/sbin/cron[68538]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:15:00 borg /usr/sbin/cron[68570]: (root) CMD (/usr/libexec/atrun) Oct 28 18:20:00 borg /usr/sbin/cron[68597]: (root) CMD (/usr/libexec/atrun) Oct 28 18:22:00 borg /usr/sbin/cron[68609]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:25:00 borg /usr/sbin/cron[68636]: (root) CMD (/usr/libexec/atrun) Oct 28 18:30:00 borg /usr/sbin/cron[68663]: (root) CMD (/usr/libexec/atrun) Oct 28 18:33:00 borg /usr/sbin/cron[68680]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:35:00 borg /usr/sbin/cron[68702]: (root) CMD (/usr/libexec/atrun) Oct 28 18:40:00 borg /usr/sbin/cron[68729]: (root) CMD (/usr/libexec/atrun) Oct 28 18:40:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 64 Oct 28 18:40:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 36 Oct 28 18:42:02 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 Oct 28 18:44:00 borg /usr/sbin/cron[68752]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:45:00 borg /usr/sbin/cron[68769]: (root) CMD (/usr/libexec/atrun) Oct 28 18:45:49 borg sshd[68774]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:51 borg sshd[68776]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:52 borg sshd[68778]: Invalid user shit from 121.207.230.69 Oct 28 18:45:52 borg sshd[68778]: input_userauth_request: invalid user shit [preauth] Oct 28 18:45:53 borg sshd[68778]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:55 borg sshd[68780]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:57 borg sshd[68783]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:45:59 borg sshd[68785]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:01 borg sshd[68787]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:03 borg sshd[68789]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:05 borg sshd[68791]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:07 borg sshd[68793]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:09 borg sshd[68795]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:11 borg sshd[68797]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:12 borg sshd[68799]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:14 borg sshd[68802]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:16 borg sshd[68805]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:18 borg sshd[68807]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:20 borg sshd[68809]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:22 borg sshd[68811]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:24 borg sshd[68813]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:26 borg sshd[68815]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:28 borg sshd[68817]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:30 borg sshd[68819]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:32 borg sshd[68821]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:34 borg sshd[68823]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:36 borg sshd[68826]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:38 borg sshd[68828]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:40 borg sshd[68830]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:42 borg sshd[68832]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:44 borg sshd[68835]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:44 borg sshd[68835]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:44 borg sshd[68835]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:46 borg sshd[68837]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:46 borg sshd[68837]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:46 borg sshd[68837]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:48 borg sshd[68839]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:48 borg sshd[68839]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:48 borg sshd[68839]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:50 borg sshd[68841]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:50 borg sshd[68841]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:50 borg sshd[68841]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:52 borg sshd[68843]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:52 borg sshd[68843]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:52 borg sshd[68843]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:54 borg sshd[68845]: Invalid user oracle from 121.207.230.69 Oct 28 18:46:54 borg sshd[68845]: input_userauth_request: invalid user oracle [preauth] Oct 28 18:46:54 borg sshd[68845]: Received disconnect from 121.207.230.69: 11: Bye Bye [preauth] Oct 28 18:46:54 borg sshd[68847]: refused connect from 121.207.230.69 (121.207.230.69) Oct 28 18:50:00 borg /usr/sbin/cron[68865]: (root) CMD (/usr/libexec/atrun) Oct 28 18:55:00 borg /usr/sbin/cron[68893]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 18:55:00 borg /usr/sbin/cron[68894]: (root) CMD (/usr/libexec/atrun) Oct 28 19:00:00 borg /usr/sbin/cron[68934]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:00:00 borg /usr/sbin/cron[68933]: (root) CMD (newsyslog) Oct 28 19:00:00 borg /usr/sbin/cron[68935]: (root) CMD (/usr/libexec/atrun) Oct 28 19:05:00 borg /usr/sbin/cron[68972]: (root) CMD (/usr/libexec/atrun) Oct 28 19:10:00 borg /usr/sbin/cron[68999]: (root) CMD (/usr/libexec/atrun) Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 65 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 35 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 64 to 63 Oct 28 19:10:29 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 36 to 37 Oct 28 19:11:00 borg /usr/sbin/cron[69007]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:15:00 borg /usr/sbin/cron[69039]: (root) CMD (/usr/libexec/atrun) Oct 28 19:20:00 borg /usr/sbin/cron[69066]: (root) CMD (/usr/libexec/atrun) Oct 28 19:22:00 borg /usr/sbin/cron[69078]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:25:00 borg /usr/sbin/cron[69105]: (root) CMD (/usr/libexec/atrun) Oct 28 19:30:00 borg /usr/sbin/cron[69132]: (root) CMD (/usr/libexec/atrun) Oct 28 19:33:00 borg /usr/sbin/cron[69149]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:35:00 borg /usr/sbin/cron[69171]: (root) CMD (/usr/libexec/atrun) Oct 28 19:40:00 borg /usr/sbin/cron[69198]: (root) CMD (/usr/libexec/atrun) Oct 28 19:40:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 65 to 64 Oct 28 19:40:29 borg smartd[1341]: Device: /dev/ada0, SMART Usage Attribute: 194 Temperature_Celsius changed from 35 to 36 Oct 28 19:44:00 borg /usr/sbin/cron[69221]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:45:00 borg /usr/sbin/cron[69238]: (root) CMD (/usr/libexec/atrun) Oct 28 19:50:00 borg /usr/sbin/cron[69271]: (root) CMD (/usr/libexec/atrun) Oct 28 19:55:00 borg /usr/sbin/cron[69302]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 19:55:00 borg /usr/sbin/cron[69303]: (root) CMD (/usr/libexec/atrun) Oct 28 20:00:00 borg /usr/sbin/cron[69343]: (root) CMD (newsyslog) Oct 28 20:00:00 borg /usr/sbin/cron[69342]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:00:00 borg /usr/sbin/cron[69344]: (root) CMD (/usr/libexec/atrun) Oct 28 20:05:00 borg /usr/sbin/cron[69381]: (root) CMD (/usr/libexec/atrun) Oct 28 20:08:37 borg kernel: arp: 192.168.200.10 moved from 2c:9e:5f:f8:d9:a3 to d8:b3:77:f1:b2:61 on em0 Oct 28 20:10:00 borg /usr/sbin/cron[69408]: (root) CMD (/usr/libexec/atrun) Oct 28 20:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 62 Oct 28 20:10:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 38 Oct 28 20:11:00 borg /usr/sbin/cron[69416]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:12:25 borg kernel: arp: 192.168.200.10 moved from d8:b3:77:f1:b2:61 to 2c:9e:5f:f8:d9:a3 on em0 Oct 28 20:15:00 borg /usr/sbin/cron[69451]: (root) CMD (/usr/libexec/atrun) Oct 28 20:20:00 borg /usr/sbin/cron[69478]: (root) CMD (/usr/libexec/atrun) Oct 28 20:22:00 borg /usr/sbin/cron[69490]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:25:00 borg /usr/sbin/cron[69517]: (root) CMD (/usr/libexec/atrun) Oct 28 20:30:00 borg /usr/sbin/cron[69544]: (root) CMD (/usr/libexec/atrun) Oct 28 20:33:00 borg /usr/sbin/cron[69561]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:33:29 borg ntpd[1296]: synchronized to 63.211.239.58, stratum 2 Oct 28 20:33:35 borg sshd[69574]: Accepted publickey for ler from 192.168.200.103 port 51503 ssh2 Oct 28 20:33:39 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 20:35:00 borg /usr/sbin/cron[69593]: (root) CMD (/usr/libexec/atrun) Oct 28 20:40:00 borg /usr/sbin/cron[81187]: (root) CMD (/usr/libexec/atrun) Oct 28 20:40:29 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 62 to 63 Oct 28 20:44:00 borg /usr/sbin/cron[97243]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:45:00 borg /usr/sbin/cron[98575]: (root) CMD (/usr/libexec/atrun) Oct 28 20:50:00 borg /usr/sbin/cron[98602]: (root) CMD (/usr/libexec/atrun) Oct 28 20:55:00 borg /usr/sbin/cron[98640]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 20:55:00 borg /usr/sbin/cron[98641]: (root) CMD (/usr/libexec/atrun) Oct 28 20:55:37 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:00:00 borg /usr/sbin/cron[22210]: (root) CMD (newsyslog) Oct 28 21:00:00 borg /usr/sbin/cron[22211]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 21:00:00 borg /usr/sbin/cron[22212]: (root) CMD (/usr/libexec/atrun) Oct 28 21:05:00 borg /usr/sbin/cron[49378]: (root) CMD (/usr/libexec/atrun) Oct 28 21:10:00 borg /usr/sbin/cron[66044]: (root) CMD (/usr/libexec/atrun) Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada2, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 63 to 64 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 62 to 63 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada3, SMART Usage Attribute: 194 Temperature_Celsius changed from 38 to 37 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 190 Airflow_Temperature_Cel changed from 63 to 64 Oct 28 21:10:30 borg smartd[1341]: Device: /dev/ada4, SMART Usage Attribute: 194 Temperature_Celsius changed from 37 to 36 Oct 28 21:11:00 borg /usr/sbin/cron[66745]: (operator) CMD (/usr/libexec/save-entropy) Oct 28 21:11:54 borg postgres[1374]: [2-1] LOG: received fast shutdown request Oct 28 21:11:54 borg postgres[1374]: [3-1] LOG: aborting any active transactions Oct 28 21:11:54 borg postgres[1380]: [2-1] LOG: autovacuum launcher shutting down Oct 28 21:11:54 borg postgres[1378]: [1-1] LOG: shutting down Oct 28 21:11:54 borg postgres[1378]: [2-1] LOG: database system is shut down Oct 28 21:11:55 borg postgres[69862]: [1-1] LOG: database system was shut down at 2011-10-28 21:11:54 CDT Oct 28 21:11:55 borg postgres[69861]: [1-1] LOG: database system is ready to accept connections Oct 28 21:11:55 borg postgres[69865]: [1-1] LOG: autovacuum launcher started Oct 28 21:12:34 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:13:28 borg sudo: ler : TTY=pts/0 ; PWD=/home/ler ; USER=root ; COMMAND=/bin/sh Oct 28 21:13:56 borg kernel: em0: promiscuous mode enabled Oct 28 21:13:56 borg kernel: em0: promiscuous mode disabled Oct 28 21:14:14 borg kernel: em0: promiscuous mode enabled Oct 28 21:14:26 borg kernel: em0: promiscuous mode disabled Oct 28 21:15:00 borg /usr/sbin/cron[69944]: (root) CMD (/usr/libexec/atrun) Oct 28 21:16:12 borg ntpd[1296]: synchronized to 199.4.29.166, stratum 2 >How-To-Repeat: Set up syslog as above, and enable remote logging, and note no logging >Fix: unknown >Release-Note: >Audit-Trail: >Unformatted: