[syslog-ng][PATCH] please test: syslog-ng message mangling fix
Balazs Scheidler
bazsi@balabit.hu
Thu, 8 Aug 2002 19:48:12 +0200
On Thu, Aug 08, 2002 at 12:31:20PM -0500, Caylan Van Larson wrote:
>
> Aug 8 12:29:23 smack IPTABLES UDP-IN:etOUT= MAC44:00:05:01:fb:e3:fc:08:00 SRC=6EN=141 TOS=0x00 PREC=0x00 UDP SP3014 LEN=121
> Aug 8 12:29:28 smack IPTABLES UDP-INOUT= MAC=00:03:47:4e:3:05:01:fb::00 SRC=64.12.51.129 DST=134.129 LEN=141 TOSPROTO=UDP SPT=53 DPTIN: IN=eth1 OUT= MAC=00:03:47:4eRC=64.12.51.129 D0x00 PREC=0x00 L=45 ID=47526 PROTO=UDP SPT=53 D<6>
> IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:005:fbSR SP<6>
> IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3fc:08 SRC=1329.9DS89 <6>
> IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00 SRC=134.129.217.172 DST=134.129.212.30 LEN=244 TOS=0x00 PREC=0x00 TTL=127 ID=60809 PROTO=UDP SPT=138 DPT=138 LEN=224
> Aug 8 12:29:29 smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00 SRC=134.129.214.120 DST=134.129.212.30 LEN=78 TOS=0x00 PREC=0x00 TTL=2 I404LEN=
> Aug 8 12:29:29 smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00 SRC=134.129.214.120 DST=134.129.12.C=0x0TL=12ID6 PRO Aug 8 12:29:30
> smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:00 SRC=134.129.214.120 DST=134.129.212.30 LEN=78 TOS=0x00 PREC=0x00 TT=127 44047 PROTO=UDP SP37 DPT=137 LEN=58
> Aug 8 12:29:33 smack IPTABLES UDP-IN: IN=eth1 OUT= MAC=00:03:47:4e:32:44:00:05:01:fb:e3:fc:08:
>
> I have no clue :(
ok, let me try to narrow the problem. Are these messages coming from
/proc/kmsg directly, or they are forwarded over an UDP channel from another
box?
how long are these lines when they are not mangled?
I had reports that there are some kind of line mangling, but all of them
indicated 'rare' mangling. The log line you quoted above indicate that all
of your log lines are mangled.
Are these mangled also if you are using klogd and not using syslog-ng to
fetch kernel messages?
--
Bazsi
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1