From owner-freebsd-questions@FreeBSD.ORG  Tue Oct 28 16:32:40 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2910D106566C
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Oct 2008 16:32:40 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from QMTA01.westchester.pa.mail.comcast.net
	(qmta01.westchester.pa.mail.comcast.net [76.96.62.16])
	by mx1.freebsd.org (Postfix) with ESMTP id BADE28FC1A
	for <freebsd-questions@freebsd.org>;
	Tue, 28 Oct 2008 16:32:39 +0000 (UTC)
	(envelope-from jdc@koitsu.dyndns.org)
Received: from OMTA13.westchester.pa.mail.comcast.net ([76.96.62.52])
	by QMTA01.westchester.pa.mail.comcast.net with comcast
	id YC3b1a00317dt5G51GYdVb; Tue, 28 Oct 2008 16:32:37 +0000
Received: from koitsu.dyndns.org ([69.181.141.110])
	by OMTA13.westchester.pa.mail.comcast.net with comcast
	id YGYc1a0052P6wsM3ZGYco5; Tue, 28 Oct 2008 16:32:37 +0000
X-Authority-Analysis: v=1.0 c=1 a=6I5d2MoRAAAA:8 a=QycZ5dHgAAAA:8
	a=RvyIYoC7ZdwpyBnaRFkA:9 a=J7L9tdi0kVpTA0NoytwA:7
	a=t1r4GbV4NkdmZXW38ezGoCaiVQkA:4 a=EoioJ0NPDVgA:10 a=LY0hPdMaydYA:10
Received: by icarus.home.lan (Postfix, from userid 1000)
	id 13781C9419; Tue, 28 Oct 2008 09:32:36 -0700 (PDT)
Date: Tue, 28 Oct 2008 09:32:36 -0700
From: Jeremy Chadwick <koitsu@FreeBSD.org>
To: Jos Chrispijn <kernel@webrz.net>
Message-ID: <20081028163236.GC53758@icarus.home.lan>
References: <49073D1B.2090701@webrz.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <49073D1B.2090701@webrz.net>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Security | Kernel message
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Oct 2008 16:32:40 -0000

On Tue, Oct 28, 2008 at 05:26:03PM +0100, Jos Chrispijn wrote:
> A prt of my daily security run:
>
> triton.xxx.xxx.xxx kernel log messages:
> +++ /tmp/security.VnqB8ZT6	2008-10-27 23:53:32.000000000 +0100
> +em0: link state changed to DOWN
> +em0: link state changed to UP
> +em0: link state changed to DOWN
> +em0: link state changed to UP
> +em0: link state changed to DOWN
> +em0: link state changed to UP
>
> Is there a way of adding the time on every DOWN and UP line?

No, because the messages are in the kernel log.  The kernel itself does
not print timestamps, because that's silly.

Try doing this:

1) Edit /etc/syslog.conf and enable /var/log/all.log,
2) touch /var/log/all.log
3) chown root:wheel /var/log/all.log
4) chmod 600 /var/log/all.log
5) killall -HUP syslogd

Then wait until the next event, and examine /var/log/all.log, which will
contain timestamps.

Also, are you seeing any "watchdog timeout" events on em0 as well?  If
so, please read the "Network devices" section of my Wiki regarding what
this problem could be (specific to certain models of Intel 82573 NIC):

http://wiki.freebsd.org/JeremyChadwick/Commonly_reported_issues

-- 
| Jeremy Chadwick                                jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |