execve("/usr/sbin/syslog-ng", ["/usr/sbin/syslog-ng"], [/* 31 vars */]) = 0 brk(0) = 0x8059524 open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=20848, ...}) = 0 old_mmap(NULL, 20848, PROT_READ, MAP_PRIVATE, 3, 0) = 0x40014000 close(3) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0755, st_size=75500, ...}) = 0 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2709\0\0004\0\0\0\334\"\1\0\0\0\0 \0004\0 \0\5\0(\0\32\0\31\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0\240\0\0\0\240\0\0\0\5\0\0\0 \4\0\0\0\3\0\0\0\360\n\1\0\360\n\1\0\360\n\1\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0 \0\0\0\0\0\0\0\0\0\0\0\3\v\1\0\3\v\1\0\5\0\0\0\0\20\0\0\1\0\0\0 \v\1\0 \33\1\0 \33\1\0$\t\ 0\0\210-\0\0\6\0\0\0\0\20\0\0\2\0\0\0\224\23\1\0\224#\1\0\224#\1\0\260\0\0\0\260\0\0\0\6\0 \0\0\4\0\0\0\305\0\0\0\361\0\0\0\213\0\0\0\257\0\0\0\0\0\0\0\0"..., 4096) = 4096 old_mmap(NULL, 84136, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x4001a000 mprotect(0x4002b000, 14504, PROT_NONE) = 0 old_mmap(0x4002b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10000) = 0x40 02b000 old_mmap(0x4002d000, 6312, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x4002d000 close(3) = 0 open("/lib/libc.so.6", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0755, st_size=1013224, ...}) = 0 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\250\206\1\0004\0\0\0`l\17\0\0\0\0 \0004\0 \0\5\0(\0=\0<\0\6\0\0\0004\0\0\0004\0\0\0004\0\0\0\240\0\0\0\240\0\0\0\5\0\0\0\4\0 \0\0\3\0\0\0^\21\16\0^\21\16\0^\21\16\0\23\0\0\0\23\0\0\0\4\0\0\0\1\0\0\0\1\0\0\0\0\0\0\0\ 0\0\0\0\0\0\0\0q\21\16\0q\21\16\0\5\0\0\0\0\20\0\0\1\0\0\0\200\21\16\0\200!\16\0\200!\16\0 \3243\0\0\374n\0\0\6\0\0\0\0\20\0\0\2\0\0\0\234D\16\0\234T\16\0\234T\16\0\270\0\0\0\270\0\ 0\0\6\0\0\0\4\0\0\0\7\4\0\0\352\6\0\0\22\5\0\0\365\1\0\0\261\5"..., 4096) = 4096 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4002f000 old_mmap(NULL, 954492, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x40030000 mprotect(0x40112000, 28796, PROT_NONE) = 0 old_mmap(0x40112000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0xe1000) = 0x4 0112000 old_mmap(0x40116000, 12412, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40116000 close(3) = 0 mprotect(0x40030000, 925696, PROT_READ|PROT_WRITE) = 0 mprotect(0x40030000, 925696, PROT_READ|PROT_EXEC) = 0 munmap(0x40014000, 20848) = 0 personality(PER_LINUX) = 0 getpid() = 27135 brk(0) = 0x8059524 brk(0x8059574) = 0x8059574 brk(0x805a000) = 0x805a000 open("/etc/syslog-ng/syslog-ng.conf", O_RDONLY) = 3 brk(0x805f000) = 0x805f000 ioctl(3, TCGETS, 0xbffff724) = -1 ENOTTY (Inappropriate ioctl for device) read(3, "\noptions { dir_perm(0755); perm(0644); chain_hostnames(no);\n\tkeep_hostname(yes ); };\n\nsource s_sys { unix-stream(\"/dev/log\"); udp(ip(0.0.0.0) port(514)); internal(); };\n\ndestination d_cons { file(\"/dev/console\"); };\ndestination d_mesg { file(\"/var/l og/messa"..., 8192) = 1260 read(3, "", 6932) = 0 read(3, "", 8192) = 0 ioctl(3, TCGETS, 0xbffff1f8) = -1 ENOTTY (Inappropriate ioctl for device) close(3) = 0 fork() = 27136 [pid 27135] rt_sigaction(SIGTERM, {0x8049a0c, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 [pid 27135] pause( [pid 27136] open("/var/run/syslog-ng.pid", O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600) = 3 [pid 27136] getpid() = 27136 [pid 27136] write(3, "27136\n", 6) = 6 [pid 27136] close(3) = 0 [pid 27136] socket(PF_UNIX, SOCK_STREAM, 0) = 3 [pid 27136] fcntl(3, F_GETFL) = 0x2 (flags O_RDWR) [pid 27136] fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 27136] fcntl(3, F_SETFD, FD_CLOEXEC) = 0 [pid 27136] stat("/dev/log", {st_mode=S_IFSOCK|0666, st_size=0, ...}) = 0 [pid 27136] unlink("/dev/log") = 0 [pid 27136] bind(3, {sin_family=AF_UNIX, path=" /dev/log"}, 110) = 0 [pid 27136] chown("/dev/log", 0, 0) = 0 [pid 27136] chmod("/dev/log", 0666) = 0 [pid 27136] listen(3, 256) = 0 [pid 27136] socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP) = 4 [pid 27136] fcntl(4, F_GETFL) = 0x2 (flags O_RDWR) [pid 27136] fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 27136] fcntl(4, F_SETFD, FD_CLOEXEC) = 0 [pid 27136] setsockopt(4, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 [pid 27136] bind(4, {sin_family=AF_INET, sin_port=htons(514), sin_addr=inet_addr("0.0.0.0" )}}, 16) = 0 [pid 27136] fcntl(4, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK) [pid 27136] fcntl(4, F_SETFL, O_RDWR|O_NONBLOCK) = 0 [pid 27136] fcntl(4, F_SETFD, FD_CLOEXEC) = 0 [pid 27136] brk(0x8060000) = 0x8060000 [pid 27136] close(0) = 0 [pid 27136] close(1) = 0 [pid 27136] close(2) = 0 [pid 27136] setsid() = 27136 [pid 27136] getppid() = 27135 [pid 27136] kill(27135, SIGTERM) = 0 [pid 27135] <... pause resumed> ) = ? ERESTARTNOHAND (To be restarted) [pid 27135] --- SIGTERM (Terminated) --- [pid 27135] rt_sigaction(SIGTERM, {0x8049a0c, [], SA_RESTART|0x4000000}, {0x8049a0c, [], S A_RESTART|0x4000000}, 8) = 0 [pid 27135] sigreturn() = ? (mask now []) [pid 27135] _exit(0) = ? getpid() = 27136 time(NULL) = 989274375 uname({sys="Linux", node="bone", ...}) = 0 rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGHUP, {0x80499f0, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGTERM, {0x8049a0c, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 rt_sigaction(SIGCHLD, {0x8049a28, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 time(NULL) = 989274375 poll([{fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 2, 100) = 0 poll( [{fd=4, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}], 2, 60000) = 1 accept(3, {sin_family=AF_UNIX, path=@ 00001573}, [11]) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 time(NULL) = 989274385 poll([{fd=0, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=4, events=POLLIN}, {fd=3, events= POLLIN, revents=POLLIN}], 3, 100) = 2 read(0, "<29>May 7 17:26:25 netacl[27137]: permit host=sexy.bone.ath.cx/192.168.1.100 ser vice=tn-gw execute=/usr/local/fwtk/tn-gw\0", 1024) = 122 time(NULL) = 989274385 open("/etc/localtime", O_RDONLY) = 1 read(1, "TZif\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0\0\0\0\352\0\0\0\4\0\ 0\0\20", 44) = 44 read(1, "\236\246,\200\237\272\371p\240\206\16\200\241\232\333p\242\313t\0\243\203\367\360 \244E\322\200\245c\331\360\246S\331\0\247\25\227p\2503\273\0\250\376\263\360\252\23\235\0\ 252\336\225\360\253\363\177\0\254\276w\360\255\323a\0\256\236Y\360\257\263C\0\260~;\360\26 1\234_\200\262gXp\263|A\200\264G:p\265\\#\200\266\'\34p\267<\5\200\270\6\376p\271\33\347\2 00\271\346\340p\273\5\4\0\273\306\302p\274\344\346\0\275\257\336\360\276\304\310\0\277\217 \300\360\300Z\326\0\301\260May 7 17:26:25 tn-gw[27137]: permit host=sexy.bone.ath.cx/192.168.1.100 use of gateway\0", 1024) = 92 time(NULL) = 989274385 time(NULL) = 989274385 read(0, "", 1024) = 0 time(NULL) = 989274385 poll([{fd=1, events=POLLIN}, {fd=0, events=POLLIN, revents=POLLHUP}, {fd=4, events=POLLIN} , {fd=3, events=POLLIN}], 4, 100) = 1 time(NULL) = 989274385 close(0) = 0 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 3, 100) = 0 poll([{fd=1, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}] , 3, 60000) = 1 read(1, "<29>May 7 17:26:32 tn-gw[27137]: permit host=sexy.bone.ath.cx/192.168.1.100 dest ination=127.0.0.1\0", 1024) = 99 time(NULL) = 989274392 time(NULL) = 989274392 time(NULL) = 989274392 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 3, 100) = 0 poll([{fd=1, events=POLLIN, revents=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}] , 3, 60000) = 1 read(1, "<29>May 7 17:26:36 tn-gw[27137]: connected host=sexy.bone.ath.cx/192.168.1.100 d estination=fate\0", 1024) = 97 time(NULL) = 989274396 time(NULL) = 989274396 time(NULL) = 989274396 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}] , 3, 100) = 1 accept(3, {sin_family=AF_UNIX, path=@ 0000157500001573}, [11]) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 time(NULL) = 989274396 poll([{fd=0, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=1, events=POLLIN}, {fd=4, events= POLLIN}, {fd=3, events=POLLIN}], 4, 100) = 1 read(0, "<29>May 7 17:26:36 netacl[27138]: permit host=localhost/127.0.0.1 service=tn-gw execute=/usr/sbin/in.telnetd\0", 1024) = 110 time(NULL) = 989274396 time(NULL) = 989274396 time(NULL) = 989274396 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN} , {fd=3, events=POLLIN}], 4, 100) = 1 read(0, "", 1024) = 0 time(NULL) = 989274396 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN} , {fd=3, events=POLLIN}], 4, 100) = 1 time(NULL) = 989274396 close(0) = 0 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 3, 100) = 0 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}] , 3, 60000) = 1 accept(3, {sin_family=AF_UNIX, path=@ 0000157600001573}, [11]) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 time(NULL) = 989274399 poll([{fd=0, events=POLLIN, revents=POLLIN}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 4, 100) = 1 read(0, "<37>May 7 17:26:39 login[27139]: ROOT LOGIN on `pts/1\' from `localhost\'\n\0", 1024) = 74 time(NULL) = 989274399 time(NULL) = 989274399 time(NULL) = 989274399 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN} , {fd=3, events=POLLIN}], 4, 100) = 1 read(0, "", 1024) = 0 time(NULL) = 989274399 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN} , {fd=3, events=POLLIN}], 4, 100) = 1 time(NULL) = 989274399 close(0) = 0 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 3, 100) = 0 poll([{fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN, revents=POLLIN}] , 3, 60000) = 1 accept(3, {sin_family=AF_UNIX, path=@ 0000157700001573}, [11]) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 brk(0x8062000) = 0x8062000 time(NULL) = 989274413 poll([{fd=0, events=POLLIN, revents=POLLIN}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 4, 100) = 1 read(0, "<38>May 7 17:26:53 su[27154]: + pts/1 root-bone\n\0", 1024) = 50 time(NULL) = 989274413 time(NULL) = 989274413 open("/var/log/messages", O_WRONLY|O_NONBLOCK|O_APPEND|O_CREAT|O_NOCTTY, 0644) = 2 chown("/var/log/messages", 0, 0) = 0 fcntl(2, F_GETFL) = 0xc01 (flags O_WRONLY|O_NONBLOCK|O_APPEND) fcntl(2, F_SETFL, O_WRONLY|O_NONBLOCK|O_APPEND) = 0 fcntl(2, F_SETFD, FD_CLOEXEC) = 0 time(NULL) = 989274413 poll([{fd=2, events=POLLOUT, revents=POLLOUT}, {fd=0, events=POLLIN}, {fd=1, events=POLLIN }, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 100) = 1 write(2, "May 7 17:26:53 bone su[27154]: + pts/1 root-bone\n", 50) = 50 time(NULL) = 989274413 poll([{fd=2, events=0}, {fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd =4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 100) = 1 read(0, "", 1024) = 0 time(NULL) = 989274413 poll([{fd=2, events=0}, {fd=0, events=POLLIN, revents=POLLHUP}, {fd=1, events=POLLIN}, {fd =4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 100) = 1 time(NULL) = 989274413 close(0) = 0 poll([{fd=2, events=0}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN }], 4, 100) = 0 poll([{fd=2, events=0}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN , revents=POLLIN}], 4, 60000) = 1 accept(3, {sin_family=AF_UNIX, path=@ 0000157}, [11]) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) fcntl(0, F_SETFL, O_RDWR|O_NONBLOCK) = 0 fcntl(0, F_SETFD, FD_CLOEXEC) = 0 time(NULL) = 989274424 poll([{fd=0, events=POLLIN, revents=POLLIN}, {fd=2, events=0}, {fd=1, events=POLLIN}, {fd= 4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 100) = 1 read(0, "<31>May 7 17:27:04 identd[27157]: started\0", 1024) = 43 time(NULL) = 989274424 time(NULL) = 989274424 time(NULL) = 989274424 poll([{fd=0, events=POLLIN}, {fd=2, events=0}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN }, {fd=3, events=POLLIN}], 5, 100) = 0 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=2, events=0}, {fd=1, events=POLLIN}, {fd =4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 60000) = 1 read(0, "", 1024) = 0 time(NULL) = 989274424 poll([{fd=0, events=POLLIN, revents=POLLHUP}, {fd=2, events=0}, {fd=1, events=POLLIN}, {fd =4, events=POLLIN}, {fd=3, events=POLLIN}], 5, 100) = 1 time(NULL) = 989274424 close(0) = 0 poll([{fd=2, events=0}, {fd=1, events=POLLIN}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN }], 4, 100) = 0 poll([{fd=2, events=0}, {fd=1, events=POLLIN, revents=POLLIN|POLLHUP}, {fd=4, events=POLLI N}, {fd=3, events=POLLIN}], 4, 60000) = 1 read(1, "<29>May 7 17:27:19 tn-gw[27137]: exit host=sexy.bone.ath.cx/192.168.1.100 dest=f ate in=40577 out=239 user=unauth duration=54\0", 1024) = 126 time(NULL) = 989274439 time(NULL) = 989274439 time(NULL) = 989274439 poll([{fd=2, events=0}, {fd=1, events=POLLIN, revents=POLLHUP}, {fd=4, events=POLLIN}, {fd =3, events=POLLIN}], 4, 100) = 1 read(1, "", 1024) = 0 time(NULL) = 989274439 poll([{fd=2, events=0}, {fd=1, events=POLLIN, revents=POLLHUP}, {fd=4, events=POLLIN}, {fd =3, events=POLLIN}], 4, 100) = 1 time(NULL) = 989274439 close(1) = 0 poll([{fd=2, events=0}, {fd=4, events=POLLIN}, {fd=3, events=POLLIN}], 3, 100) = 0 poll(� I wound up breaking it right here with crtl+c.