From owner-freebsd-questions@FreeBSD.ORG Thu Jan 30 12:33:34 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CE139E99 for ; Thu, 30 Jan 2014 12:33:34 +0000 (UTC) Received: from www32.your-server.de (www32.your-server.de [213.133.104.32]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8969816D0 for ; Thu, 30 Jan 2014 12:33:34 +0000 (UTC) Received: from [145.253.194.41] (helo=[0.0.0.0]) by www32.your-server.de with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.74) (envelope-from ) id 1W8qM3-0007UM-7o for freebsd-questions@freebsd.org; Thu, 30 Jan 2014 13:04:23 +0100 Message-ID: <52EA3FC4.4050801@unbescholten.de> Date: Thu, 30 Jan 2014 13:04:20 +0100 From: Thomas Scholten Organization: unbescholten.de IT Beratung User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Help: ipfw log is scrambled in syslog messages X-Authenticated-Sender: thomas.scholten@unbescholten.de X-Virus-Scanned: Clear (ClamAV 0.97.8/18415/Thu Jan 30 08:45:49 2014) Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Jan 2014 12:33:35 -0000 Hello, i hope you guys can give a hand debugging ipfw logging issues on my firewall machine. Currently i get scrambled syslog messages generated by ipfw log and ran out of clues fixing it. According http://lists.freebsd.org/pipermail/freebsd-ipfw/2007-September/003160.html this has been an issue with 6.2 and was fixed with a mutex patch vor kernel logging device. Currently i run 7.4p10 (i know it's EOL) and the problem seems to rearise. System is: FreeBSD tom 7.4-RELEASE-p10 FreeBSD 7.4-RELEASE-p10 #0: Wed Oct 31 07:22:00 UTC 2012 root@build64-7.XXX.XXXX.net:/usr/obj/usr/src/sys/DL380DNS amd64 syslogd is used to write the ipfw log messages to /var/log/kern and /var/log/security showing the follwing behavior: syslogd is running with opts: -s -vv /var/log/kern: Jan 30 11:24:21 tom kernel: 98 Jan 30 11:24:21 tom kernel: 4 Jan 30 11:24:21 tom kernel: v Jan 30 11:24:22 tom kernel: v Jan 30 11:24:23 tom kernel: c Jan 30 11:24:24 tom kernel: . Jan 30 11:24:24 tom kernel: 0 Jan 30 11:24:25 tom kernel: 5 Jan 30 11:24:25 tom kernel: f Jan 30 11:24:26 tom kernel: 1 Jan 30 11:24:27 tom kernel: f Jan 30 11:24:27 tom kernel: 7 Jan 30 11:24:28 tom kernel: 4 Jan 30 11:24:28 tom kernel: 5 Jan 30 11:24:29 tom kernel: e Jan 30 11:24:30 tom kernel: : Jan 30 11:24:30 tom kernel: D /var/log/security ( X is used to anonymize the info a bit): Jan 30 11:24:21 tom kernel: Accept UDP XX.XX.XX.XX:58904 XX.XX.XX.XX:694 out via vl349 Jan 30 11:24:21 tom kernel: ipfw: 7998 Accept UiDpPf w1:0 .06.9497.87 4Ac:6c0e08p7t 1 0.U0D.P47 .1750:6.904. 4o7u.t 19v4i:a5 b8c90e0 Jan 30 11:24:21 tom kernel: XX.XX.XX.XX:694 out via vl349 Jan 30 11:24:21 tom kernel: ipfwip:f w:7 969989 8A cAccecepptt UUDDPP 1100..00..4477..7159:55:15620781 81 01.00..04.74.77.41:9649:46 9i4n ivina vbciea0 Jan 30 11:24:21 tom kernel: l349 Hope someone had this before and can give me hint. Regards, Thomas