Date: Sun, 21 Jan 2001 14:33:24 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: David Goddard <goddard@acm.org> Cc: stable@FreeBSD.ORG Subject: Re: dmesg/security check output wierdness Message-ID: <20010121143324.U10761@rfx-216-196-73-168.users.reflex> In-Reply-To: <3A6B09E2.EA269488@acm.org>; from goddard@acm.org on Sun, Jan 21, 2001 at 04:10:10PM %2B0000 References: <3A6B09E2.EA269488@acm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 21, 2001 at 04:10:10PM +0000, David Goddard wrote: > I've recently noticed some odd entries in my security check output mail > from a couple of 4.2-STABLE machines, so I did some digging. The > following is one example: > > [Date: Sun, 21 Jan 2001 03:18:15 +0000] > cassium.mydomain.com kernel log messages: > > 06 cleared. [snip] > Any ideas? The dmesg(8) is stored in a finite buffer. Once full, as more stuff gets shoved in, other stuff falls out (really it gets overwritten, it's a circular buffer, but same thing). The stuff that falls out, does not do so all that gracefully. That is, it does not get dropped whole lines at a time. For example, $ dmesg | head -5 0.1.35:427 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:427 224.0.1.35:427 in via de0 Notice the first line. Now, I do something to make a little noise in the dmesg buffer and check again, $ dmesg | head -5 .255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:137 AAA.BBB.153.255:137 in via de0 ipfw: 11500 Deny UDP AAA.BBB.153.173:427 224.0.1.35:427 in via de0 ipfw: 11500 Deny ICMP:10.0 AAA.BBB.153.173 224.0.0.2 in via de0 Now, as for the '10>' or similar constructions you sometimes see popping up on the first line. Have a look at, $ sysctl machdep.msgbuf dmesg(8) strips the leading <number> off of the lines when printing it for you. But if one of these is cut in the middle... You get the picture. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010121143324.U10761>