[syslog-ng] Re: syslog-ng stops listen to UDP after "nmap -sU"?
Kent =?iso-8859-1?q?Engstr=F6m?=
kent@unit.liu.se
17 Feb 2000 19:28:30 +0100
kent@unit.liu.se (Kent Engström) writes:
> Everything worked fine until I decided to portscan the syslog server.
> When I did a UDP scan, syslog-ng stopped logging. This is what happens:
> *) I execute "nmap -p 514 -sU xxx.yyy.zzz.www" on a Linux box
Using options "-v" and "-d", I catch the following:
Read EOF on fd 3.
Marking fd 3 for closing.
Closing fd 3.
It appears that libol is the culprit here. It assumes that a returned
read length of 0 means end of file, as when reading from a file or
a TCP connection.
--
Kent Engström, Linköping University Incident Response Team
kent@unit.liu.se abuse@liu.se
+46 13 28 1744
UNIT, Linköping University; SE-581 83 LINKÖPING; SWEDEN