From owner-freebsd-current Fri Apr 12 14:21:34 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id OAA28704 for current-outgoing; Fri, 12 Apr 1996 14:21:34 -0700 (PDT) Received: from irz301.inf.tu-dresden.de (irz301.inf.tu-dresden.de [141.76.1.11]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id OAA28630 for ; Fri, 12 Apr 1996 14:21:21 -0700 (PDT) Received: from sax.sax.de by irz301.inf.tu-dresden.de (8.6.12/8.6.12-s1) with ESMTP id XAA09316 for ; Fri, 12 Apr 1996 23:20:44 +0200 Received: by sax.sax.de (8.6.11/8.6.12-s1) with UUCP id XAA05346 for freebsd-current@FreeBSD.org; Fri, 12 Apr 1996 23:20:44 +0200 Received: (from j@localhost) by uriah.heep.sax.de (8.7.5/8.6.9) id WAA11307 for freebsd-current@FreeBSD.org; Fri, 12 Apr 1996 22:45:45 +0200 (MET DST) From: J Wunsch Message-Id: <199604122045.WAA11307@uriah.heep.sax.de> Subject: Re: log_in_vain stuff To: freebsd-current@FreeBSD.org (FreeBSD-current users) Date: Fri, 12 Apr 1996 22:45:44 +0200 (MET DST) Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) In-Reply-To: <9391.829083934@critter.tfs.com> from "Poul-Henning Kamp" at Apr 9, 96 09:05:34 pm X-Phone: +49-351-2012 669 X-Mailer: ELM [version 2.4 PL24 ME8a] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk As Poul-Henning Kamp wrote: > > You need to figure out a way to rate-limit these messages, otherwise you > > can trivially knock a box into the ground with a packet generator. > syslogd should rate-limit, not the kernel. It does, but you're sometimes overflowing the kernel message buffer (as it seems to me), before syslog can fetch them all: Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah last message repeated 61 times Apr 11 23:39:33 uriah /kernel: n attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:33 uriah /kernel: Connection attempt to UDP 127.0.0.1:32123 from 127.0.0.1:2079 Apr 11 23:39:35 uriah last message repeated 557 times This has been caused by a simple perl script that shot 1000 ``sendto''s to port 32123. You notice the crippled messages above, as well as the fact that only 750 attempts out of 1000 have been logged at all. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)