7787 execve("/usr/local/sbin/syslog-ng", ["/usr/local/sbin/syslog-ng"], [/* 23 vars */]) = 0 7787 brk(0) = 0x9243000 7787 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f4000 7787 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) 7787 open("/etc/ld.so.cache", O_RDONLY) = 3 7787 fstat64(3, {st_mode=S_IFREG|0644, st_size=59563, ...}) = 0 7787 mmap2(NULL, 59563, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb77e5000 7787 close(3) = 0 7787 open("/lib/librt.so.1", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\270M\0004\0\0\0\324\255\0\0\0\0\0\0004\0 \0\t\0(\0(\0'\0\6\0\0\0004\0\0\0004\240M\0004\240M\0 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\350\\\0\0\350\374M\0\350\374M\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\240M\0\0\240M\0Hq\0\0Hq\0\0\5\0\0\0\0\20\0\0\1\0\0\0\310~\0\0\310.N\0\310.N\0\200\2\0\0d\3\0\0\6\0\0\0\0\20\0\0\2\0\0\0\350~\0\0\350.N\0\350.N\0\370\0\0\0\370\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0T\241M\0T\241M\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345td\374\\\0\0\374\374M\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=46100, ...}) = 0 7787 mmap2(0x4da000, 37420, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4da000 7787 mmap2(0x4e2000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0x4e2000 7787 close(3) = 0 7787 open("/lib/libnsl.so.1", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3600\272\0054\0\0\0\24\276\1\0\0\0\0\0004\0 \0\t\0(\0$\0#\0\6\0\0\0004\0\0\0004\0\272\0054\0\272\5 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\300:\1\0\300:\273\5\300:\273\5\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\272\5\0\0\272\5\214l\1\0\214l\1\0\5\0\0\0\0\20\0\0\1\0\0\0\310n\1\0\310~\273\5\310~\273\5\324\2\0\0\340(\0\0\6\0\0\0\0\20\0\0\2\0\0\0\340n\1\0\340~\273\5\340~\273\5\340\0\0\0\340\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0T\1\272\5T\1\272\5D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345td\324:\1\0\324:\273\5"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=115636, ...}) = 0 7787 mmap2(0x5ba0000, 108456, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x5ba0000 7787 mmap2(0x5bb7000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0x5bb7000 7787 mmap2(0x5bb9000, 6056, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x5bb9000 7787 close(3) = 0 7787 open("/lib/libglib-2.0.so.0", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\262W\0004\0\0\0\244\335\20\0\0\0\0\0004\0 \0\6\0(\0\36\0\35\0\1\0\0\0\0\0\0\0\0\220V\0\0\220V\0\370\311\20\0\370\311\20\0\5\0\0\0\0\20\0\0\1\0\0\0\0\320\20\0\0`g\0\0`g\0 \7\0\0P\f\0\0\6\0\0\0\0\20\0\0\2\0\0\0\0\321\20\0\0ag\0\0ag\0\310\0\0\0\310\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\364\0\0\0\364\220V\0\364\220V\0$\0\0\0$\0\0\0\4\0\0\0\4\0\0\0P\345td\254\21\17\0\254\241e\0\254\241e\0\\:\0\0\\:\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=1106516, ...}) = 0 7787 mmap2(0x569000, 1104976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x569000 7787 mmap2(0x676000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10d) = 0x676000 7787 close(3) = 0 7787 open("/lib/libevtlog.so.0", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\20\0\0004\0\0\00006\0\0\0\0\0\0004\0 \0\6\0(\0\32\0\31\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0(3\0\0(3\0\0\5\0\0\0\0\20\0\0\1\0\0\0(3\0\0(C\0\0(C\0\0\4\2\0\0(\2\0\0\6\0\0\0\0\20\0\0\2\0\0\0t3\0\0tC\0\0tC\0\0\310\0\0\0\310\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\364\0\0\0\364\0\0\0\364\0\0\0$\0\0\0$\0\0\0\4\0\0\0\4\0\0\0P\345tdh+\0\0h+\0\0h+\0\0<\1\0\0<\1\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=14912, ...}) = 0 7787 mmap2(NULL, 17744, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xc6b000 7787 mmap2(0xc6f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0xc6f000 7787 close(3) = 0 7787 open("/lib/libwrap.so.0", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20/_\0054\0\0\0(\214\0\0\0\0\0\0004\0 \0\6\0(\0\36\0\35\0\1\0\0\0\0\0\0\0\0\20_\5\0\20_\5xt\0\0xt\0\0\5\0\0\0\0\20\0\0\1\0\0\0\0\200\0\0\0\220_\5\0\220_\5\214\5\0\0\334\r\0\0\6\0\0\0\0\20\0\0\2\0\0\0\30\200\0\0\30\220_\5\30\220_\5\320\0\0\0\320\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\364\0\0\0\364\20_\5\364\20_\5$\0\0\0$\0\0\0\4\0\0\0\4\0\0\0P\345td@g\0\0@w_\5@w_\5\354\1\0\0\354\1\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=37080, ...}) = 0 7787 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e4000 7787 mmap2(0x55f1000, 36316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x55f1000 7787 mmap2(0x55f9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x55f9000 7787 close(3) = 0 7787 open("/lib/libpcre.so.0", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\200\240V\0004\0\0\0\350\211\3\0\0\0\0\0004\0 \0\6\0(\0\36\0\35\0\1\0\0\0\0\0\0\0\0\220V\0\0\220V\0\24\201\3\0\24\201\3\0\5\0\0\0\0\20\0\0\1\0\0\0\24\201\3\0\24!Z\0\24!Z\0X\2\0\0d\2\0\0\6\0\0\0\0\20\0\0\2\0\0\0\314\201\3\0\314!Z\0\314!Z\0\310\0\0\0\310\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\364\0\0\0\364\220V\0\364\220V\0$\0\0\0$\0\0\0\4\0\0\0\4\0\0\0P\345td t\3\0 \4Z\0 \4Z\0\274\1\0\0\274\1\0\0\4\0\0\0\4\0\0\0Q\345td\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0\24\0\0\0\3\0\0\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=233112, ...}) = 0 7787 mmap2(0x569000, 234360, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x110000 7787 mmap2(0x149000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x38) = 0x149000 7787 close(3) = 0 7787 open("/lib/libc.so.6", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p_3\0004\0\0\0\300\331\34\0\0\0\0\0004\0 \0\n\0(\0O\0N\0\6\0\0\0004\0\0\0004\3601\0004\3601\0@\1\0\0@\1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\310\220\25\0\310\200G\0\310\200G\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\3601\0\0\3601\0H\303\30\0H\303\30\0\5\0\0\0\0\20\0\0\1\0\0\0\274\321\30\0\274\321J\0\274\321J\0\340'\0\0lX\0\0\6\0\0\0\0\20\0\0\2\0\0\0|\355\30\0|\355J\0|\355J\0\370\0\0\0\370\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0t\1\0\0t\3611\0t\3611\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0\7\0\0\0\274\321\30\0\274\321J\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=1893912, ...}) = 0 7787 mmap2(0x31f000, 1653288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x31f000 7787 mprotect(0x4ac000, 4096, PROT_NONE) = 0 7787 mmap2(0x4ad000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x18d) = 0x4ad000 7787 mmap2(0x4b0000, 10792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4b0000 7787 close(3) = 0 7787 open("/lib/libpthread.so.0", O_RDONLY) = 3 7787 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\234K\0004\0\0\0\270\24\2\0\0\0\0\0004\0 \0\t\0(\0*\0)\0\6\0\0\0004\0\0\0004PK\0004PK\0 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\240 \1\0\240pL\0\240pL\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0PK\0\0PK\0\324v\1\0\324v\1\0\5\0\0\0\0\20\0\0\1\0\0\0\264}\1\0\264\335L\0\264\335L\0\224\3\0\0H$\0\0\6\0\0\0\0\20\0\0\2\0\0\0\324~\1\0\324\336L\0\324\336L\0\370\0\0\0\370\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0TQK\0TQK\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345td\264 \1\0\264pL\0"..., 512) = 512 7787 fstat64(3, {st_mode=S_IFREG|0755, st_size=138056, ...}) = 0 7787 mmap2(0x4b5000, 111100, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4b5000 7787 mmap2(0x4cd000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17) = 0x4cd000 7787 mmap2(0x4cf000, 4604, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4cf000 7787 close(3) = 0 7787 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e3000 7787 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77e2000 7787 set_thread_area({entry_number:-1 -> 6, base_addr:0xb77e26c0, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0 7787 mprotect(0x4cd000, 4096, PROT_READ) = 0 7787 mprotect(0x4ad000, 8192, PROT_READ) = 0 7787 mprotect(0x5bb7000, 4096, PROT_READ) = 0 7787 mprotect(0x4e2000, 4096, PROT_READ) = 0 7787 mprotect(0x31b000, 4096, PROT_READ) = 0 7787 munmap(0xb77e5000, 59563) = 0 7787 set_tid_address(0xb77e2728) = 7787 7787 set_robust_list(0xb77e2730, 0xc) = 0 7787 rt_sigaction(SIGRTMIN, {0x4b9720, [], SA_SIGINFO}, NULL, 8) = 0 7787 rt_sigaction(SIGRT_1, {0x4b97a0, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0 7787 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 7787 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 7787 uname({sys="Linux", node="bridge", ...}) = 0 7787 brk(0) = 0x9243000 7787 brk(0x9264000) = 0x9264000 7787 brk(0) = 0x9264000 7787 gettimeofday({1291122863, 587257}, NULL) = 0 7787 ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 7787 ioctl(0, TIOCNOTTY) = 0 7787 setsid() = 7787 7787 setrlimit(RLIMIT_NOFILE, {rlim_cur=4*1024, rlim_max=4*1024}) = 0 7787 pipe([3, 4]) = 0 7787 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb77e2728) = 7788 7787 close(4) = 0 7787 read(3, 7788 close(3) = 0 7788 pipe([3, 5]) = 0 7788 clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0xb77e2728) = 7789 7788 close(5) = 0 7788 read(3, 7789 close(3) = 0 7789 setsid() = 7789 7789 chdir("/usr/local/var") = 0 7789 gettimeofday({1291122863, 590041}, NULL) = 0 7789 open("/etc/eventlog.conf", O_RDONLY) = -1 ENOENT (No such file or directory) 7789 rt_sigaction(SIGALRM, {0x8060560, [], 0}, NULL, 8) = 0 7789 open("/etc/localtime", O_RDONLY) = 3 7789 fstat64(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 7789 fstat64(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0\0\0\353\0\0\0\4\0\0\0\20\236\246\36p\237\272\353`\240\206\0p\241\232\315`\242e\342p\243\203\351\340\244j\256p\2455\247`\246S\312\360\247\25\211`\2503\254\360\250\376\245\340\252\23\216\360\252\336\207\340\253\363p\360\254\276i\340\255\323R\360\256\236K\340\257\2634\360\260~-\340\261\234Qp\262gJ`\263|3p\264G,`\265\\\25p\266'\16`\267;\367p\270\6\360`\271\33\331p\271\346\322`\273\4\365\360\273\306\264`\274\344\327\360\275\257\320\340\276\304\271\360\277\217\262\340\300\244\233\360\301o\224\340\302\204}\360\303Ov\340\304d_\360\305/X\340\306M|p\307\17:\340\310-^p\310\370W`\312\r@p\312\3309`\313\210\360p\322#\364p\322`\373\340\323u\344\360\324@\335\340"..., 4096) = 3519 7789 _llseek(3, -24, [3495], SEEK_CUR) = 0 7789 read(3, "\nEST5EDT,M3.2.0,M11.1.0\n", 4096) = 24 7789 close(3) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 rt_sigaction(SIGPIPE, {SIG_IGN, [], 0}, NULL, 8) = 0 7789 rt_sigaction(SIGHUP, {0x804c800, [], 0}, NULL, 8) = 0 7789 rt_sigaction(SIGTERM, {0x804c810, [], 0}, NULL, 8) = 0 7789 rt_sigaction(SIGINT, {0x804c810, [], 0}, NULL, 8) = 0 7789 rt_sigaction(SIGCHLD, {0x804c820, [], 0}, NULL, 8) = 0 7789 open("/usr/local/etc/syslog-ng.conf", O_RDONLY|O_LARGEFILE) = 3 7789 fstat64(3, {st_mode=S_IFREG|0644, st_size=4607, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 _llseek(3, 0, [0], SEEK_CUR) = 0 7789 read(3, "@version: 3.0\n# syslog-ng configuration file.\n#\n# This should behave pretty much like the original syslog on RedHat. But\n# it could be configured a lot smarter.\n#\n# See syslog-ng(8) and syslog-ng.conf(5) for more information.\n#\n# 20000925 gb@sysfive.com\n#\n"..., 4096) = 4096 7789 _llseek(3, 4096, [4096], SEEK_SET) = 0 7789 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfa0d5b8) = -1 ENOTTY (Inappropriate ioctl for device) 7789 read(3, ";\n# log { source(s_sys); filter(f_fwall); destination(d_fwall); destination(d_tcp); };\n# log { source(s_sys); filter(f_dhcp); destination(d_dhcp); destination(d_tcp); };\nlog { source(s_sys); filter(f_fwall); destination(d_fwall); };\nlog { source(s_sys); f"..., 4096) = 511 7789 read(3, "", 4096) = 0 7789 socket(PF_NETLINK, SOCK_RAW, 0) = 6 7789 bind(6, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 7789 getsockname(6, {sa_family=AF_NETLINK, pid=7789, groups=00000000}, [12]) = 0 7789 time(NULL) = 1291122863 7789 sendto(6, "\24\0\0\0\26\0\1\3\257\370\364L\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 7789 recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108 7789 recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\257\370\364Lm\36\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 7789 close(6) = 0 7789 socket(PF_NETLINK, SOCK_RAW, 0) = 6 7789 bind(6, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 7789 getsockname(6, {sa_family=AF_NETLINK, pid=7789, groups=00000000}, [12]) = 0 7789 time(NULL) = 1291122863 7789 sendto(6, "\24\0\0\0\26\0\1\3\257\370\364L\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 7789 recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108 7789 recvmsg(6, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\257\370\364Lm\36\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 7789 close(6) = 0 7789 read(3, "", 8192) = 0 7789 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbfa0cce8) = -1 ENOTTY (Inappropriate ioctl for device) 7789 close(3) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 open("/usr/local/var/syslog-ng.persist", O_RDONLY|O_LARGEFILE) = 3 7789 fstat64(3, {st_mode=S_IFREG|0644, st_size=76, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(3, "SLP3\0\0\0\34affile_sd_curpos(/proc/kmsg)\0\0\0 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\360\0\0\271\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", 4096) = 76 7789 close(3) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 stat64("/proc/kmsg", {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 7789 open("/proc/kmsg", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_LARGEFILE) = 3 7789 fcntl64(3, F_GETFD) = 0 7789 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 7789 fstat64(3, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 7789 fstat64(3, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 7789 fstat64(3, {st_mode=S_IFREG|0400, st_size=0, ...}) = 0 7789 _llseek(3, 0, [0], SEEK_SET) = 0 7789 socket(PF_FILE, SOCK_STREAM, 0) = 6 7789 fcntl64(6, F_GETFL) = 0x2 (flags O_RDWR) 7789 fcntl64(6, F_SETFL, O_RDWR|O_NONBLOCK) = 0 7789 fcntl64(6, F_GETFD) = 0 7789 fcntl64(6, F_SETFD, FD_CLOEXEC) = 0 7789 stat64("/dev/log", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0 7789 unlink("/dev/log") = 0 7789 bind(6, {sa_family=AF_FILE, path="/dev/log"}, 11) = 0 7789 listen(6, 255) = 0 7789 setsockopt(6, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0 7789 chmod("/dev/log", 0666) = 0 7789 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 7 7789 fcntl64(7, F_GETFL) = 0x2 (flags O_RDWR) 7789 fcntl64(7, F_SETFL, O_RDWR|O_NONBLOCK) = 0 7789 fcntl64(7, F_GETFD) = 0 7789 fcntl64(7, F_SETFD, FD_CLOEXEC) = 0 7789 setsockopt(7, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 7789 bind(7, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 7789 socket(PF_NETLINK, SOCK_RAW, 0) = 8 7789 bind(8, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 0 7789 getsockname(8, {sa_family=AF_NETLINK, pid=7789, groups=00000000}, [12]) = 0 7789 time(NULL) = 1291122863 7789 sendto(8, "\24\0\0\0\26\0\1\3\257\370\364L\0\0\0\0\0\0\0\0", 20, 0, {sa_family=AF_NETLINK, pid=0, groups=00000000}, 12) = 20 7789 recvmsg(8, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"0\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\10\200\376\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 108 7789 recvmsg(8, {msg_name(12)={sa_family=AF_NETLINK, pid=0, groups=00000000}, msg_iov(1)=[{"\24\0\0\0\3\0\2\0\257\370\364Lm\36\0\0\0\0\0\0\1\0\0\0\10\0\1\0\177\0\0\1\10\0\2\0\177\0\0\1\7\0\3\0lo\0\0<\0\0\0\24\0\2\0\257\370\364Lm\36\0\0\2\30\200\0\2\0\0\0\10\0\1\0\300\250%\3\10\0\2\0\300\250%\3\10\0\4\0\300\250%\377\t\0\3\0eth0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096}], msg_controllen=0, msg_flags=0}, 0) = 20 7789 close(8) = 0 7789 open("/etc/resolv.conf", O_RDONLY) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=71, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(8, "search wxwatcher.com\nnameserver 71.245.172.46\nnameserver 71.245.172.45\n", 4096) = 71 7789 read(8, "", 4096) = 0 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 8 7789 connect(8, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) 7789 close(8) = 0 7789 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 8 7789 connect(8, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) 7789 close(8) = 0 7789 open("/etc/nsswitch.conf", O_RDONLY) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=1688, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(8, "#\n# /etc/nsswitch.conf\n#\n# An example Name Service Switch config file. This file should be\n# sorted with the most-used services at the beginning.\n#\n# The entry '[NOTFOUND=return]' means that the search for an\n# entry should stop if the search in the previo"..., 4096) = 1688 7789 read(8, "", 4096) = 0 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 open("/etc/ld.so.cache", O_RDONLY) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=59563, ...}) = 0 7789 mmap2(NULL, 59563, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb77e5000 7789 close(8) = 0 7789 open("/lib/libnss_files.so.2", O_RDONLY) = 8 7789 read(8, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\31\0\0004\0\0\0\220\317\0\0\0\0\0\0004\0 \0\t\0(\0!\0 \0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0]\214\0\0]\214\0\0]\214\0\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0x\243\0\0x\243\0\0\5\0\0\0\0\20\0\0\1\0\0\0\344\256\0\0\344\276\0\0\344\276\0\0\304\1\0\0\330\3\0\0\6\0\0\0\0\20\0\0\2\0\0\0\374\256\0\0\374\276\0\0\374\276\0\0\340\0\0\0\340\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0T\1\0\0T\1\0\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345tdp\214\0\0p\214\0\0"..., 512) = 512 7789 fstat64(8, {st_mode=S_IFREG|0755, st_size=54456, ...}) = 0 7789 mmap2(NULL, 49852, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x6a8000 7789 mmap2(0x6b3000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0xa) = 0x6b3000 7789 close(8) = 0 7789 mprotect(0x6b3000, 4096, PROT_READ) = 0 7789 munmap(0xb77e5000, 59563) = 0 7789 open("/etc/host.conf", O_RDONLY) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=26, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(8, "multi on\norder hosts,bind\n", 4096) = 26 7789 read(8, "", 4096) = 0 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 futex(0x4b1bc4, FUTEX_WAKE_PRIVATE, 2147483647) = 0 7789 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=194, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(8, "# Do not remove the following line, or various programs\n# that require network functionality will fail.\n127.0.0.1\t\tlocalhost.localdomain localhost bridge\n::1\t\tlocalhost6.localdomain6 localhost6\n", 4096) = 194 7789 read(8, "", 4096) = 0 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 open("/etc/ld.so.cache", O_RDONLY) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=59563, ...}) = 0 7789 mmap2(NULL, 59563, PROT_READ, MAP_PRIVATE, 8, 0) = 0xb77e5000 7789 close(8) = 0 7789 open("/lib/libnss_dns.so.2", O_RDONLY) = 8 7789 read(8, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\f\0\0004\0\0\0\240\177\0\0\0\0\0\0004\0 \0\t\0(\0!\0 \0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\212X\0\0\212X\0\0\212X\0\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0$_\0\0$_\0\0\5\0\0\0\0\20\0\0\1\0\0\0\340n\0\0\340n\0\0\340n\0\0\230\1\0\0\240\1\0\0\6\0\0\0\0\20\0\0\2\0\0\0\370n\0\0\370n\0\0\370n\0\0\350\0\0\0\350\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0T\1\0\0T\1\0\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345td\240X\0\0\240X\0\0"..., 512) = 512 7789 fstat64(8, {st_mode=S_IFREG|0755, st_size=33992, ...}) = 0 7789 mmap2(NULL, 28800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x14a000 7789 mmap2(0x150000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x6) = 0x150000 7789 close(8) = 0 7789 open("/lib/libresolv.so.2", O_RDONLY) = 8 7789 read(8, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\266g\0004\0\0\0<\226\1\0\0\0\0\0004\0 \0\t\0(\0%\0$\0\6\0\0\0004\0\0\0004\220g\0004\220g\0 \1\0\0 \1\0\0\5\0\0\0\4\0\0\0\3\0\0\0\3203\1\0\320\303h\0\320\303h\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\0\220g\0\0\220g\0\330U\1\0\330U\1\0\5\0\0\0\0\20\0\0\1\0\0\0\24Z\1\0\24\372h\0\24\372h\0,\7\0\0000.\0\0\6\0\0\0\0\20\0\0\2\0\0\0\344^\1\0\344\376h\0\344\376h\0\340\0\0\0\340\0\0\0\6\0\0\0\4\0\0\0\4\0\0\0T\1\0\0T\221g\0T\221g\0D\0\0\0D\0\0\0\4\0\0\0\4\0\0\0P\345td\3443\1\0\344\303h\0"..., 512) = 512 7789 fstat64(8, {st_mode=S_IFREG|0755, st_size=105476, ...}) = 0 7789 mmap2(0x679000, 104516, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 8, 0) = 0x679000 7789 mmap2(0x68f000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 8, 0x15) = 0x68f000 7789 mmap2(0x691000, 6212, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x691000 7789 close(8) = 0 7789 mprotect(0x68f000, 4096, PROT_READ) = 0 7789 mprotect(0x150000, 4096, PROT_READ) = 0 7789 munmap(0xb77e5000, 59563) = 0 7789 socket(PF_INET, SOCK_DGRAM|SOCK_NONBLOCK, IPPROTO_IP) = 8 7789 connect(8, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("71.245.172.46")}, 16) = 0 7789 gettimeofday({1291122863, 612723}, NULL) = 0 7789 poll([{fd=8, events=POLLOUT}], 1, 0) = 1 ([{fd=8, revents=POLLOUT}]) 7789 send(8, "\357\233\1\0\0\1\0\0\0\0\0\0\6fios-3\twxwatcher\3com\0\0\1\0\1", 38, MSG_NOSIGNAL) = 38 7789 poll([{fd=8, events=POLLIN}], 1, 5000) = 1 ([{fd=8, revents=POLLIN}]) 7789 ioctl(8, FIONREAD, [116]) = 0 7789 recvfrom(8, "\357\233\205\200\0\1\0\1\0\2\0\1\6fios-3\twxwatcher\3com\0\0\1\0\1\300\f\0\1\0\1\0\3\364\200\0\4G\365\254-\300\23\0\2\0\1\0\3\364\200\0\24\6fios-4\7loralee\3net\0\300\23\0\2\0\1\0\3\364\200\0\2\300\f\300B\0\1\0\1\0\3\364\200\0\4G\365\254.", 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("71.245.172.46")}, [16]) = 116 7789 close(8) = 0 7789 setsockopt(7, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0 7789 connect(7, {sa_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("71.245.172.45")}, 16) = -1 EINPROGRESS (Operation now in progress) 7789 open("/usr/local/var/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 write(8, "7789\n", 5) = 5 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 write(5, "0\n", 2) = 2 7789 close(5) = 0 7789 open("/dev/null", O_RDONLY|O_LARGEFILE) = 5 7789 dup2(5, 0) = 0 7789 close(5) = 0 7789 open("/dev/null", O_WRONLY|O_LARGEFILE) = 5 7789 dup2(5, 1) = 1 7789 dup2(5, 2) = 2 7789 close(5) = 0 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 gettimeofday({1291122863, 617957}, NULL) = 0 7789 socket(PF_FILE, SOCK_STREAM, 0) = 5 7789 stat64("/usr/local/var/syslog-ng.ctl", {st_mode=S_IFSOCK|0755, st_size=0, ...}) = 0 7789 unlink("/usr/local/var/syslog-ng.ctl") = 0 7789 bind(5, {sa_family=AF_FILE, path="/usr/local/var/syslog-ng.ctl"}, 31) = 0 7789 listen(5, 255) = 0 7789 gettimeofday({1291122863, 618753}, NULL) = 0 7789 poll([{fd=7, events=POLLOUT}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}], 4, 0) = 1 ([{fd=3, revents=POLLIN}]) 7789 gettimeofday({1291122863, 618981}, NULL) = 0 7789 alarm(10) = 0 7789 read(3, "<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n<"..., 8192) = 510 7789 alarm(0) = 10 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 uname({sys="Linux", node="bridge", ...}) = 0 7789 open("/etc/hosts", O_RDONLY|O_CLOEXEC) = 8 7789 fstat64(8, {st_mode=S_IFREG|0644, st_size=194, ...}) = 0 7789 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb77f3000 7789 read(8, "# Do not remove the following line, or various programs\n# that require network functionality will fail.\n127.0.0.1\t\tlocalhost.localdomain localhost bridge\n::1\t\tlocalhost6.localdomain6 localhost6\n", 4096) = 194 7789 read(8, "", 4096) = 0 7789 close(8) = 0 7789 munmap(0xb77f3000, 4096) = 0 7789 time(NULL) = 1291122863 7789 stat64("/var/log/messages", {st_mode=S_IFREG|0600, st_size=1090001, ...}) = 0 7789 open("/var/log/messages", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE, 0600) = 8 7789 fcntl64(8, F_GETFD) = 0 7789 fcntl64(8, F_SETFD, FD_CLOEXEC) = 0 7789 fchown32(8, 0, -1) = 0 7789 fchown32(8, -1, 0) = 0 7789 fchmod(8, 0600) = 0 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 gettimeofday({1291122863, 622528}, NULL) = 0 7789 poll([{fd=7, events=POLLOUT}], 1, 0) = 0 (Timeout) 7789 gettimeofday({1291122863, 622708}, NULL) = 0 7789 _llseek(8, 0, [1090001], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1090190], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 _llseek(8, 0, [1090318], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1090507], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 _llseek(8, 0, [1090635], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost syslog-ng[7789]: syslog-ng starting up; version='3.1.3'\n", 82) = 82 7789 gettimeofday({1291122863, 624385}, NULL) = 0 7789 poll([{fd=7, events=POLLOUT}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}], 4, 1200000) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291122863, 624609}, NULL) = 0 7789 getsockopt(7, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 7789 time(NULL) = 1291122863 7789 time(NULL) = 1291122863 7789 gettimeofday({1291122863, 625034}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}], 4, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291122863, 625247}, NULL) = 0 7789 write(7, "<6>Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 write(7, "<6>Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:14:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 write(7, "<45>Nov 30 08:14:23 localhost syslog-ng[7789]: syslog-ng starting up; version='3.1.3'\n", 86) = 86 7789 gettimeofday({1291122863, 626360}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}], 4, 0) = 0 (Timeout) 7789 gettimeofday({1291122863, 626543}, NULL) = 0 7789 time(NULL) = 1291122863 7789 gettimeofday({1291122863, 626722}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291122863, 626894}, NULL) = 0 7789 _llseek(8, 0, [1090717], SEEK_END) = 0 7789 write(8, "Nov 30 08:14:23 localhost syslog-ng[7789]: Syslog connection established; fd='7', server='AF_INET(71.245.172.45:514)', local='AF_INET(0.0.0.0:0)'\n", 146) = 146 7789 write(7, "<45>Nov 30 08:14:23 localhost syslog-ng[7789]: Syslog connection established; fd='7', server='AF_INET(71.245.172.45:514)', local='AF_INET(0.0.0.0:0)'\n", 150) = 150 7789 gettimeofday({1291122863, 627434}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}], 4, 1200000 7788 <... read resumed> "0\n", 6) = 2 7788 close(3) = 0 7788 write(4, "0\n", 2) = 2 7788 close(4) = 0 7788 open("/dev/null", O_RDONLY|O_LARGEFILE) = 3 7788 dup2(3, 0) = 0 7788 close(3) = 0 7788 open("/dev/null", O_WRONLY|O_LARGEFILE) = 3 7788 dup2(3, 1) = 1 7788 dup2(3, 2) = 2 7788 close(3) = 0 7788 waitpid(7789, 7787 <... read resumed> "0\n", 6) = 2 7787 close(3) = 0 7787 exit_group(0) = ? 7789 <... poll resumed> ) = 1 ([{fd=3, revents=POLLIN}]) 7789 gettimeofday({1291122912, 277105}, NULL) = 0 7789 gettimeofday({1291122912, 277198}, NULL) = 0 7789 alarm(10) = 0 7789 read(3, "<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n<"..., 8192) = 510 7789 alarm(0) = 10 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 time(NULL) = 1291122912 7789 gettimeofday({1291122912, 278816}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291122912, 279007}, NULL) = 0 7789 _llseek(8, 0, [1090863], SEEK_END) = 0 7789 write(8, "Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1091052], SEEK_END) = 0 7789 write(8, "Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 _llseek(8, 0, [1091180], SEEK_END) = 0 7789 write(8, "Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1091369], SEEK_END) = 0 7789 write(8, "Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 write(7, "<6>Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 write(7, "<6>Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:15:12 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 gettimeofday({1291122912, 281156}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=6, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}], 4, 1200000) = 1 ([{fd=6, revents=POLLIN}]) 7789 gettimeofday({1291122920, 38421}, NULL) = 0 7789 gettimeofday({1291122920, 38517}, NULL) = 0 7789 accept(6, {sa_family=AF_FILE, NULL}, [2]) = 9 7789 setsockopt(9, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0 7789 fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR) 7789 fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0 7789 fcntl64(9, F_GETFD) = 0 7789 fcntl64(9, F_SETFD, FD_CLOEXEC) = 0 7789 accept(6, 0xbfa0cf7c, [1024]) = -1 EAGAIN (Resource temporarily unavailable) 7789 gettimeofday({1291122920, 39362}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=9, events=POLLIN}, {fd=6, events=POLLIN}], 5, 1192000) = 1 ([{fd=9, revents=POLLIN|POLLHUP}]) 7789 gettimeofday({1291122920, 149500}, NULL) = 0 7789 gettimeofday({1291122920, 149595}, NULL) = 0 7789 read(9, "", 8192) = 0 7789 close(9) = 0 7789 gettimeofday({1291122920, 149934}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN}], 4, 1192000) = 1 ([{fd=6, revents=POLLIN}]) 7789 gettimeofday({1291122920, 150553}, NULL) = 0 7789 gettimeofday({1291122920, 150668}, NULL) = 0 7789 accept(6, {sa_family=AF_FILE, NULL}, [2]) = 9 7789 setsockopt(9, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0 7789 fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR) 7789 fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0 7789 fcntl64(9, F_GETFD) = 0 7789 fcntl64(9, F_SETFD, FD_CLOEXEC) = 0 7789 accept(6, 0xbfa0cf7c, [1024]) = -1 EAGAIN (Resource temporarily unavailable) 7789 gettimeofday({1291122920, 151483}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=9, events=POLLIN}, {fd=6, events=POLLIN}], 5, 1192000) = 1 ([{fd=9, revents=POLLIN}]) 7789 gettimeofday({1291122920, 151780}, NULL) = 0 7789 gettimeofday({1291122920, 151859}, NULL) = 0 7789 read(9, "<86>Nov 30 08:15:20 sshd[7790]: Accepted publickey for lee from 71.245.172.43 port 35891 ssh2\0", 8192) = 94 7789 time(NULL) = 1291122920 7789 time(NULL) = 1291122920 7789 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 7789 time(NULL) = 1291122920 7789 stat64("/var/log/secure", {st_mode=S_IFREG|0600, st_size=2652, ...}) = 0 7789 open("/var/log/secure", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE, 0600) = 10 7789 fcntl64(10, F_GETFD) = 0 7789 fcntl64(10, F_SETFD, FD_CLOEXEC) = 0 7789 fchown32(10, 0, -1) = 0 7789 fchown32(10, -1, 0) = 0 7789 fchmod(10, 0600) = 0 7789 time(NULL) = 1291122920 7789 read(9, 0x9257c78, 8192) = -1 EAGAIN (Resource temporarily unavailable) 7789 gettimeofday({1291122920, 153407}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291122920, 153586}, NULL) = 0 7789 write(7, "<86>Nov 30 08:15:20 localhost sshd[7790]: Accepted publickey for lee from 71.245.172.43 port 35891 ssh2\n", 104) = 104 7789 _llseek(10, 0, [2652], SEEK_END) = 0 7789 write(10, "Nov 30 08:15:20 localhost sshd[7790]: Accepted publickey for lee from 71.245.172.43 port 35891 ssh2\n", 100) = 100 7789 gettimeofday({1291122920, 154206}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN}, {fd=9, events=POLLIN}], 5, 1200000) = 1 ([{fd=9, revents=POLLIN|POLLHUP}]) 7789 gettimeofday({1291122920, 155735}, NULL) = 0 7789 gettimeofday({1291122920, 155825}, NULL) = 0 7789 read(9, "", 8192) = 0 7789 close(9) = 0 7789 gettimeofday({1291122920, 156107}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN}], 4, 1200000) = 1 ([{fd=3, revents=POLLIN}]) 7789 gettimeofday({1291123037, 716989}, NULL) = 0 7789 gettimeofday({1291123037, 717084}, NULL) = 0 7789 alarm(10) = 0 7789 read(3, "<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n<"..., 8192) = 510 7789 alarm(0) = 10 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 time(NULL) = 1291123037 7789 gettimeofday({1291123037, 718653}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291123037, 718842}, NULL) = 0 7789 _llseek(8, 0, [1091497], SEEK_END) = 0 7789 write(8, "Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1091686], SEEK_END) = 0 7789 write(8, "Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 _llseek(8, 0, [1091814], SEEK_END) = 0 7789 write(8, "Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1092003], SEEK_END) = 0 7789 write(8, "Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 write(7, "<6>Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 write(7, "<6>Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:17:17 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 gettimeofday({1291123037, 721061}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=3, events=POLLIN}], 4, 1200000) = 1 ([{fd=6, revents=POLLIN}]) 7789 gettimeofday({1291123161, 428436}, NULL) = 0 7789 gettimeofday({1291123161, 428529}, NULL) = 0 7789 accept(6, {sa_family=AF_FILE, NULL}, [2]) = 9 7789 setsockopt(9, SOL_SOCKET, SO_KEEPALIVE, [0], 4) = 0 7789 fcntl64(9, F_GETFL) = 0x2 (flags O_RDWR) 7789 fcntl64(9, F_SETFL, O_RDWR|O_NONBLOCK) = 0 7789 fcntl64(9, F_GETFD) = 0 7789 fcntl64(9, F_SETFD, FD_CLOEXEC) = 0 7789 accept(6, 0xbfa0cf7c, [1024]) = -1 EAGAIN (Resource temporarily unavailable) 7789 gettimeofday({1291123161, 429333}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=9, events=POLLIN}, {fd=6, events=POLLIN}], 5, 1076000) = 1 ([{fd=9, revents=POLLIN}]) 7789 gettimeofday({1291123161, 429607}, NULL) = 0 7789 gettimeofday({1291123161, 429714}, NULL) = 0 7789 read(9, "<86>Nov 30 08:19:21 su: pam_unix(su-l:session): session opened for user root by lee(uid=500)\0", 8192) = 93 7789 time(NULL) = 1291123161 7789 time(NULL) = 1291123161 7789 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 7789 time(NULL) = 1291123161 7789 read(9, 0x9257c78, 8192) = -1 EAGAIN (Resource temporarily unavailable) 7789 gettimeofday({1291123161, 430484}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291123161, 430681}, NULL) = 0 7789 write(7, "<86>Nov 30 08:19:21 localhost su: pam_unix(su-l:session): session opened for user root by lee(uid=500)\n", 103) = 103 7789 _llseek(10, 0, [2752], SEEK_END) = 0 7789 write(10, "Nov 30 08:19:21 localhost su: pam_unix(su-l:session): session opened for user root by lee(uid=500)\n", 99) = 99 7789 gettimeofday({1291123161, 431289}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=3, events=POLLIN}, {fd=6, events=POLLIN}, {fd=9, events=POLLIN}], 5, 1200000) = 1 ([{fd=3, revents=POLLIN}]) 7789 gettimeofday({1291123163, 156934}, NULL) = 0 7789 gettimeofday({1291123163, 157028}, NULL) = 0 7789 alarm(10) = 0 7789 read(3, "<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n<6>EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n<"..., 8192) = 510 7789 alarm(0) = 10 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 time(NULL) = 1291123163 7789 gettimeofday({1291123163, 158657}, NULL) = 0 7789 poll([{fd=7, events=POLLIN|POLLOUT}], 1, 0) = 1 ([{fd=7, revents=POLLOUT}]) 7789 gettimeofday({1291123163, 158849}, NULL) = 0 7789 _llseek(8, 0, [1092131], SEEK_END) = 0 7789 write(8, "Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1092320], SEEK_END) = 0 7789 write(8, "Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 _llseek(8, 0, [1092448], SEEK_END) = 0 7789 write(8, "Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 189) = 189 7789 _llseek(8, 0, [1092637], SEEK_END) = 0 7789 write(8, "Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 128) = 128 7789 write(7, "<6>Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth2 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 write(7, "<6>Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 01:00:5e:00:00:01 proto = 0x0800 IP SRC=8.0.70.192 IP DST=0.32.0.0, IP tos=0x00, IP proto=133\n", 192) = 192 7789 write(7, "<6>Nov 30 08:19:23 localhost kernel: EBOUT IN= OUT=eth1 MAC source = 00:d0:b7:85:7d:60 MAC dest = 33:33:00:00:00:00 proto = 0x86dd\n", 131) = 131 7789 gettimeofday({1291123163, 160972}, NULL) = 0 7789 poll([{fd=7, events=POLLIN}, {fd=5, events=POLLIN}, {fd=6, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 5, 1200000