Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 30 Jan 2014 13:04:20 +0100
From:      Thomas Scholten <thomas.scholten@unbescholten.de>
To:        freebsd-questions@freebsd.org
Subject:   Help: ipfw log is scrambled in syslog messages
Message-ID:  <52EA3FC4.4050801@unbescholten.de>
next in thread | raw e-mail | index | archive | help 
Hello,

i hope you guys can give a hand debugging ipfw logging issues on my 
firewall machine.
Currently i get scrambled syslog messages generated by ipfw log and ran 
out of clues fixing it.
According 
http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-September/003160.html 
this has
been an issue with 6.2 and was fixed with a mutex patch vor kernel 
logging device.
Currently i run 7.4p10 (i know it's EOL) and the problem seems to rearise.

System is:
FreeBSD tom 7.4-RELEASE-p10 FreeBSD 7.4-RELEASE-p10 #0: Wed Oct 31 
07:22:00 UTC 2012
root@build64-7.XXX.XXXX.net:/usr/obj/usr/src/sys/DL380DNS  amd64

syslogd is used to write the ipfw log messages to /var/log/kern and 
/var/log/security showing
the follwing behavior:

syslogd is running with opts: -s -vv

/var/log/kern:

Jan 30 11:24:21 <kern.crit> tom kernel: 98
Jan 30 11:24:21 <kern.crit> tom kernel: 4
Jan 30 11:24:21 <kern.crit> tom kernel: v
Jan 30 11:24:22 <kern.crit> tom kernel: v
Jan 30 11:24:23 <kern.crit> tom kernel: c
Jan 30 11:24:24 <kern.crit> tom kernel: .
Jan 30 11:24:24 <kern.crit> tom kernel: 0
Jan 30 11:24:25 <kern.crit> tom kernel: 5
Jan 30 11:24:25 <kern.crit> tom kernel: f
Jan 30 11:24:26 <kern.crit> tom kernel: 1
Jan 30 11:24:27 <kern.crit> tom kernel: f
Jan 30 11:24:27 <kern.crit> tom kernel: 7
Jan 30 11:24:28 <kern.crit> tom kernel: 4
Jan 30 11:24:28 <kern.crit> tom kernel: 5
Jan 30 11:24:29 <kern.crit> tom kernel: e
Jan 30 11:24:30 <kern.crit> tom kernel: :
Jan 30 11:24:30 <kern.crit> tom kernel: D

/var/log/security ( X is used to anonymize the info a bit):

Jan 30 11:24:21 <security.info> tom kernel: Accept UDP XX.XX.XX.XX:58904 
XX.XX.XX.XX:694 out via vl349
Jan 30 11:24:21 <security.info> tom kernel: ipfw: 7998 Accept UiDpPf 
w1:0 .06.9497.87 4Ac:6c0e08p7t 1 0.U0D.P47 .1750:6.904. 4o7u.t 19v4i:a5 
b8c90e0
Jan 30 11:24:21 <security.info> tom kernel: XX.XX.XX.XX:694 out via vl349
Jan 30 11:24:21 <security.info> tom kernel: ipfwip:f w:7 969989 8A 
cAccecepptt  UUDDPP  1100..00..4477..7159:55:15620781 81 
01.00..04.74.77.41:9649:46 9i4n  ivina  vbciea0
Jan 30 11:24:21 <security.info> tom kernel: l349

Hope someone had this before and can give me hint.

Regards,

Thomas

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52EA3FC4.4050801>