[syslog-ng] Syslog-ng and tcpd

Balazs Scheidler bazsi at balabit.hu
Wed Mar 25 11:30:41 CET 2009


On Tue, 2009-03-24 at 12:35 -0700, Liam Kirsher wrote:
> Hi --
> 
> I'm noticing lot's of these in the /var/log/messages file:
> 
> > Mar 24 15:16:07 domU-12-31-39-00-09-F2 syslog-ng[25138]: warning:
> > /etc/hosts.allow, line 17: host name/name mismatch:
> > ec2-67-202-53-122.compute-1.amazonaws.com !=
> > domU-12-31-35-00-04-A1.z-2.compute-1.internal
> > Mar 24 15:16:07 domU-12-31-39-00-09-F2 syslog-ng[25138]: Syslog
> > connection rejected by tcpd; from='AF_INET(67.202.53.122:48703)'
> > Mar 24 15:16:17 domU-12-31-39-00-09-F2 syslog-ng[25138]: Syslog
> > connection accepted; fd='22', client='AF_INET(67.202.53.122:48187)',
> > local='AF_INET(0.0.0.0:5000)' 
> Apparently, access is being denied, as it should be.  It's just a little
> disconcerting to see the "connection accepted" message after it has been
> rejected.
> > telnet this.domain.com 5000
> > Trying 171.122.232.186...
> > Connected to this.domain.com.
> > Escape character is '^]'.
> > Connection closed by foreign host.
> Is this the expected behavior?
> Is there some way to prevent all these messages from showing up in the
> log file?

Thanks for reporting this. This patch fixes this behaviour (committed to
current HEAD) Tomorrow's nightly snapshot should contain it, or you can
clone the repository.

commit 6fbea222dd8b8531db12c14d23120cfcc3150f5d
Author: Balazs Scheidler <bazsi at balabit.hu>
Date:   Wed Mar 25 11:27:28 2009 +0100

    [afsocket] clarified logging about rejected connections
    
    Liam reported that the error messages generated when tcp wrapper
    rejected the connections can easily be misunderstood. This behaviour was
    fixed. Also, when connections are rejected, the closure of the
    file descriptor was refactored to a single spot instead of closing it
    in all failure branches.
    
    Reported-By: Liam Kirsher


-- 
Bazsi




More information about the syslog-ng mailing list