Date: Tue, 18 Sep 2007 17:00:20 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: IPFW entries in /var/log/messages Message-ID: <200709181700.20668.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <000d01c7fa01$8aac2fc0$3202a8c0@glattwerk.local> References: <000d01c7fa01$8aac2fc0$3202a8c0@glattwerk.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 18 September 2007 16:38:13 M=E4chler Philippe wrote: > Hi Nikos > > Thanks for your reply. > > > On Tuesday 18 September 2007 16:05, M=E4chler Philippe wrote: > > > Since a few weeks/months we have the following entries in the > > > > > > /var/log/messages logfile. > > > > [] > > > > > [/var/log/messages] > > > Sep 18 10:23:03 ns2 kernel: .11:2438 out via bge0 > > > Sep 18 10:31:35 ns2 kernel: > > > Sep 18 10:58:05 ns2 kernel: 80 > > > Sep 18 10:58:14 ns2 kernel: <<110>ipfw: 7600 Accept UDP > > > 80.242.206.245:55041 80.242.192.81:53 in via bge0 Sep 18 > > > > 10:58:14 ns2 > > > > > kernel: 110>ipfw: 7700 Accept UDP 80.242.192.81:53 > > > > 80.242.204.85:65510 > > > > > out via bge0 > > > > I can think of two things. > > > > 1) Is anybody playing with logger(1)? > > e.g. > > logger -t kernel "Let's play with the administrator..." > > tail /var/log/messages > > I fear ist neither of the two things you mentioned > > [1] /var/log/auth.log does not show an external nor an abnormal > login. And I belive that my workmates wont fool me with stuff > like this :) > > > 2) Are these entries new? Are you sure that they refer > > to 2007-09? It can happen. Seeing a message from a year back. > > Especially on a low maintenance box. > > [2] These are actual entries. In the meantime i got a few new > ones... > Sep 18 16:08:18 ns2 kernel: <11<110>ipfw: 7600 Accept UDP > 80.242.205.104:50114 80.242.192.81:53 in via bge0 > Sep 18 16:08:18 ns2 kernel: 0>ipfw: 7700 Accept UDP > 80.242.192.81:53 80.242.205.104:50111 out via bge0 > Sep 18 16:09:42 ns2 kernel: b > Sep 18 16:13:42 ns2 kernel: > Sep 18 16:23:14 ns2 kernel: > Sep 18 16:23:24 ns2 kernel: 8 > > Sep 18 16:30:49 ns2 kernel: These looks like classic buffer corruptions, either that or you're logging= =20 part of the raw packet and bytes interpreted as non-printing chars like=20 return and backspace mangle the output. Can you narrow it down to the one=20 offending rule? Or is any logging by ipfw this mangled? =2D-=20 Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200709181700.20668.fbsd.questions>