From owner-freebsd-stable@FreeBSD.ORG Fri Jul 23 10:48:22 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65553106564A for ; Fri, 23 Jul 2010 10:48:22 +0000 (UTC) (envelope-from jon@witchspace.com) Received: from mtaout01-winn.ispmail.ntl.com (mtaout01-winn.ispmail.ntl.com [81.103.221.47]) by mx1.freebsd.org (Postfix) with ESMTP id CA0FA8FC08 for ; Fri, 23 Jul 2010 10:48:21 +0000 (UTC) Received: from aamtaout04-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout01-winn.ispmail.ntl.com (InterMail vM.7.08.04.00 201-2186-134-20080326) with ESMTP id <20100723104820.FARH3266.mtaout01-winn.ispmail.ntl.com@aamtaout04-winn.ispmail.ntl.com> for ; Fri, 23 Jul 2010 11:48:20 +0100 Received: from witchspace.com ([86.28.98.4]) by aamtaout04-winn.ispmail.ntl.com (InterMail vG.2.02.00.01 201-2161-120-102-20060912) with SMTP id <20100723104820.QXHA1593.aamtaout04-winn.ispmail.ntl.com@witchspace.com> for ; Fri, 23 Jul 2010 11:48:20 +0100 Received: (qmail 13724 invoked from network); 23 Jul 2010 09:51:56 -0000 Received: from unknown (HELO ?127.0.0.1?) (192.168.0.1) by 192.168.0.100 with SMTP; 23 Jul 2010 09:51:56 -0000 Message-ID: <4C497370.3010803@witchspace.com> Date: Fri, 23 Jul 2010 11:48:16 +0100 From: Jonathan Belson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.7) Gecko/20100713 Lightning/1.0b2 Thunderbird/3.1.1 MIME-Version: 1.0 To: FreeBSD Stable Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Cloudmark-Analysis: v=1.1 cv=DhNl2YeytwJssBBGe49HJX82LNDFEEVkpVB34RXKaPo= c=1 sm=0 a=XCep0buvX5cA:10 a=VphdPIyG4kEA:10 a=8nJEP1OIZ-IA:10 a=PkMCkVwOlbyyANZ8FucA:9 a=6nvFbDqL2N0n299N6QAA:7 a=eu0ZdkvqExswZ5rzEhiQOIckyUUA:4 a=wPNLvfGTeEIA:10 a=HpAAvcLHHh0Zw7uRqdWCyQ==:117 Subject: 900.tcpwrap and stale log messages X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jul 2010 10:48:22 -0000 Hiya Early this morning I read through the daily status e-mails from a server I administer. I was unpleasantly surprised to see a refused ssh connection from an external IP address, which shouldn't be possible since the machine is only accessible via a VPN :-O It wasn't until after I'd spoken to the network admin I realised what the problem was - /var/log/messages contained log messages that spanned back into 2009 (the machine is only used for SVN access so isn't very busy), and 900.tcpwrap had taken entries from both July 22 2010 (yesterday) and July 22nd 2009, when the machine was on a different network... :-( How. Embarrassing. It isn't really 900.tcpwrap's fault as the log messages only record the month, date and time, but is there any reason why the year isn't recorded in the log too? I realise this issue isn't likely to come up often, but it should be fairly easy to prevent. Cheers, --Jon